PolicyKit: Branch 'master'
David Zeuthen
david at kemper.freedesktop.org
Sun Apr 8 16:07:02 PDT 2007
Makefile.am | 2
configure.in | 2
doc/api/libpolkit/libpolkit-docs.xml | 10 -
doc/man/Makefile.am | 2
doc/man/polkit-check-caller.1.in | 4
doc/man/polkit-check-session.1.in | 4
doc/man/polkit-module-allow-all.8.in | 10 -
doc/man/polkit-module-builtins.8.in | 10 -
doc/man/polkit-module-default.8.in | 6
doc/man/polkit-module-deny-all.8.in | 10 -
doc/man/polkit-module-run-program.8.in | 18 +-
doc/man/polkit-policy-file-validate.1.in | 16 +-
libpolkit/Makefile.am | 42 +++---
libpolkit/libpolkit-action.c | 159 +++++++++++++++++++++++
libpolkit/libpolkit-action.h | 24 +--
libpolkit/libpolkit-context.c | 142 ++++++++++-----------
libpolkit/libpolkit-context.h | 10 -
libpolkit/libpolkit-error.h | 4
libpolkit/libpolkit-module.c | 48 +++----
libpolkit/libpolkit-module.h | 14 +-
libpolkit/libpolkit-policy-cache.c | 157 +++++++++++------------
libpolkit/libpolkit-policy-cache.h | 28 ++--
libpolkit/libpolkit-policy-default.c | 134 +++++++++-----------
libpolkit/libpolkit-policy-default.h | 30 ++--
libpolkit/libpolkit-policy-file-entry.c | 118 ++++++++---------
libpolkit/libpolkit-policy-file-entry.h | 26 +--
libpolkit/libpolkit-policy-file.c | 102 +++++++--------
libpolkit/libpolkit-policy-file.h | 22 +--
libpolkit/libpolkit-privilege.c | 160 ------------------------
libpolkit/libpolkit-result.c | 2
libpolkit/libpolkit-result.h | 4
modules/allow-all/polkit-module-allow-all.c | 4
modules/default/polkit-module-default.c | 32 ++--
modules/deny-all/polkit-module-deny-all.c | 4
modules/run-program/polkit-module-run-program.c | 16 +-
policy/Makefile.am | 4
policy/polkit-example-action.policy | 4
tools/Makefile.am | 6
tools/polkit-check-caller.c | 22 +--
tools/polkit-check-session.c | 22 +--
tools/polkit-policy-file-validate.c | 16 +-
41 files changed, 723 insertions(+), 727 deletions(-)
New commits:
diff-tree ce556c72b4109d4bd882dff089ddb377f2cb2129 (from 8035e5d1f3aaf27b059cc49f16790c1a0d002674)
Author: David Zeuthen <davidz at redhat.com>
Date: Sun Apr 8 19:06:59 2007 -0400
mass renaming of classes
Privilege -> Action
PrivilegeFile -> PolicyFile
PrivilegeFileEntry -> PolicyFileEntry
PrivilegeCache -> PolicyCache
Hopefully it makes a bit more sense now.
diff --git a/Makefile.am b/Makefile.am
index bcc13d2..3270435 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,6 +1,6 @@
## Process this file with automake to produce Makefile.in
-SUBDIRS = libpolkit modules doc tools privileges
+SUBDIRS = libpolkit modules doc tools policy
pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = libpolkit.pc
diff --git a/configure.in b/configure.in
index 97d0aa0..6f839e8 100644
--- a/configure.in
+++ b/configure.in
@@ -173,7 +173,7 @@ doc/api/libpolkit/version.xml
doc/spec/Makefile
doc/spec/polkit-spec.xml.in
doc/man/Makefile
-privileges/Makefile
+policy/Makefile
modules/Makefile
modules/default/Makefile
modules/allow-all/Makefile
diff --git a/doc/api/libpolkit/libpolkit-docs.xml b/doc/api/libpolkit/libpolkit-docs.xml
index 7909e91..c802ef0 100644
--- a/doc/api/libpolkit/libpolkit-docs.xml
+++ b/doc/api/libpolkit/libpolkit-docs.xml
@@ -67,11 +67,11 @@
<xi:include href="xml/libpolkit-error.xml"/>
<xi:include href="xml/libpolkit-result.xml"/>
<xi:include href="xml/libpolkit-context.xml"/>
- <xi:include href="xml/libpolkit-privilege.xml"/>
- <xi:include href="xml/libpolkit-privilege-file.xml"/>
- <xi:include href="xml/libpolkit-privilege-file-entry.xml"/>
- <xi:include href="xml/libpolkit-privilege-cache.xml"/>
- <xi:include href="xml/libpolkit-privilege-default.xml"/>
+ <xi:include href="xml/libpolkit-action.xml"/>
+ <xi:include href="xml/libpolkit-policy-file.xml"/>
+ <xi:include href="xml/libpolkit-policy-file-entry.xml"/>
+ <xi:include href="xml/libpolkit-policy-default.xml"/>
+ <xi:include href="xml/libpolkit-policy-cache.xml"/>
<xi:include href="xml/libpolkit-resource.xml"/>
<xi:include href="xml/libpolkit-seat.xml"/>
<xi:include href="xml/libpolkit-session.xml"/>
diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am
index 7e9464c..f56c6b3 100644
--- a/doc/man/Makefile.am
+++ b/doc/man/Makefile.am
@@ -1,7 +1,7 @@
if MAN_PAGES_ENABLED
-MAN_IN_FILES = polkit-check-caller.1.in polkit-check-session.1.in polkit-privilege-file-validate.1.in PolicyKit.8.in polkit-module-default.8.in polkit-module-allow-all.8.in polkit-module-deny-all.8.in polkit-module-run-program.8.in polkit-module-builtins.8.in
+MAN_IN_FILES = polkit-check-caller.1.in polkit-check-session.1.in polkit-policy-file-validate.1.in PolicyKit.8.in polkit-module-default.8.in polkit-module-allow-all.8.in polkit-module-deny-all.8.in polkit-module-run-program.8.in polkit-module-builtins.8.in
man_MANS = $(MAN_IN_FILES:.in=)
diff --git a/doc/man/polkit-check-caller.1.in b/doc/man/polkit-check-caller.1.in
index fe67d4d..f7f5a2e 100644
--- a/doc/man/polkit-check-caller.1.in
+++ b/doc/man/polkit-check-caller.1.in
@@ -28,8 +28,8 @@ Type of resource.
.I "--resource"
Identifier of resource.
.TP
-.I "--privilege"
-The privilege to check.
+.I "--action"
+The action to check.
.TP
.I "--caller"
The caller to check for. Must be the callers unique name on the D-Bus
diff --git a/doc/man/polkit-check-session.1.in b/doc/man/polkit-check-session.1.in
index cab454c..dbf549b 100644
--- a/doc/man/polkit-check-session.1.in
+++ b/doc/man/polkit-check-session.1.in
@@ -28,8 +28,8 @@ Type of resource.
.I "--resource"
Identifier of resource.
.TP
-.I "--privilege"
-The privilege to check.
+.I "--action"
+The action to check.
.TP
.I "--session"
The session to check for. Must be a ConsoleKit object path. If
diff --git a/doc/man/polkit-module-allow-all.8.in b/doc/man/polkit-module-allow-all.8.in
index 17de422..8b03b8e 100644
--- a/doc/man/polkit-module-allow-all.8.in
+++ b/doc/man/polkit-module-allow-all.8.in
@@ -4,15 +4,15 @@
.\"
.TH POLKIT-MODULE-ALLOW-ALL 8
.SH NAME
-polkit-module-allow-all \- grant access to all privileges
+polkit-module-allow-all \- permit any action
.SH SYNOPSIS
.PP
.B polkit-module-allow-all.so
.SH DESCRIPTION
.PP
-This PolicyKit module will allow access to any privilege regardless of
-the entity requesting it, what the requested privilege is and what
-resource is involved.
+This PolicyKit module will permit any action regardless of the entity
+requesting it, what the requested action is and what resource is
+involved.
For more information about the big picture refer to the \fIPolicyKit
spec\fP which can be found in
@@ -43,7 +43,7 @@ on how to subscribe.
\&\fIpolkit-module-default\fR\|(8),
\&\fIpolkit-module-deny-all\fR\|(8),
\&\fIpolkit-module-run-program\fR\|(8),
-\&\fI at sysconfdir@/PolicyKit/privileges\fR\|,
+\&\fI at sysconfdir@/PolicyKit/policy\fR\|,
\&\fI at sysconfdir@/PolicyKit/PolicyKit.conf\fR\|
.SH AUTHOR
diff --git a/doc/man/polkit-module-builtins.8.in b/doc/man/polkit-module-builtins.8.in
index 333076b..c34a44b 100644
--- a/doc/man/polkit-module-builtins.8.in
+++ b/doc/man/polkit-module-builtins.8.in
@@ -7,7 +7,7 @@
polkit-module-builtins \- options that apply to any PolicyKit module
.SH SYNOPSIS
.PP
-.B any-module.so [privilege=<regexp>] [user=<username> ...]
+.B any-module.so [action=<regexp>] [user=<username> ...]
.SH DESCRIPTION
.PP
This manual page describes options that can be used for any PolicyKit
@@ -21,10 +21,10 @@ depending on the distribution.
.SH OPTIONS
.TP 3n
-.B privilege=<regexp>
-Only consider requests where the privilege name matches the given
+.B action=<regexp>
+Only consider requests where the action name matches the given
regular expression. Example:
-.B privilege=hal-storage-mount*
+.B action=hal-storage-mount*
.TP 3n
.B user=<username>
@@ -47,7 +47,7 @@ on how to subscribe.
\&\fIPolicyKit\fR\|(8),
\&\fIpolkit-module-default\fR\|(8),
\&\fIpolkit-module-deny-all\fR\|(8),
-\&\fI at sysconfdir@/PolicyKit/privileges\fR\|,
+\&\fI at sysconfdir@/PolicyKit/policy\fR\|,
\&\fI at sysconfdir@/PolicyKit/PolicyKit.conf\fR\|
.SH AUTHOR
diff --git a/doc/man/polkit-module-default.8.in b/doc/man/polkit-module-default.8.in
index 379d332..c0aaba3 100644
--- a/doc/man/polkit-module-default.8.in
+++ b/doc/man/polkit-module-default.8.in
@@ -4,14 +4,14 @@
.\"
.TH POLKIT-MODULE-DEFAULT 8
.SH NAME
-polkit-module-default \- use default policy for privileges
+polkit-module-default \- use default policy for actions
.SH SYNOPSIS
.PP
.B standard polkit-module-default.so
.SH DESCRIPTION
.PP
This PolicyKit module uses the default policy as specified (and
-required) for by the privilege definition file for a given privilege.
+required) for by the policy definition file for a given action.
For more information about the big picture refer to the \fIPolicyKit
spec\fP which can be found in
@@ -30,7 +30,7 @@ on how to subscribe.
\&\fIPolicyKit\fR\|(8),
\&\fIpolkit-module-allow-all\fR\|(8),
\&\fIpolkit-module-deny-all\fR\|(8),
-\&\fI at sysconfdir@/PolicyKit/privileges\fR\|,
+\&\fI at sysconfdir@/PolicyKit/policy\fR\|,
\&\fI at sysconfdir@/PolicyKit/PolicyKit.conf\fR\|
.SH AUTHOR
diff --git a/doc/man/polkit-module-deny-all.8.in b/doc/man/polkit-module-deny-all.8.in
index f2648c5..3015f25 100644
--- a/doc/man/polkit-module-deny-all.8.in
+++ b/doc/man/polkit-module-deny-all.8.in
@@ -4,15 +4,15 @@
.\"
.TH POLKIT-MODULE-DENY-ALL 8
.SH NAME
-polkit-module-deny-all \- grant access to all privileges
+polkit-module-deny-all \- deny any action
.SH SYNOPSIS
.PP
.B polkit-module-deny-all.so
.SH DESCRIPTION
.PP
-This PolicyKit module will deny access to any privilege regardless of
-the entity requesting it, what the requested privilege is and what
-resource is involved.
+This PolicyKit module will deny any action regardless of the entity
+requesting it, what the requested action is and what resource is
+involved.
For more information about the big picture refer to the \fIPolicyKit
spec\fP which can be found in
@@ -42,7 +42,7 @@ on how to subscribe.
\&\fIpolkit-module-default\fR\|(8),
\&\fIpolkit-module-allow-all\fR\|(8),
\&\fIpolkit-module-run-program\fR\|(8),
-\&\fI at sysconfdir@/PolicyKit/privileges\fR\|,
+\&\fI at sysconfdir@/PolicyKit/policy\fR\|,
\&\fI at sysconfdir@/PolicyKit/PolicyKit.conf\fR\|
.SH AUTHOR
diff --git a/doc/man/polkit-module-run-program.8.in b/doc/man/polkit-module-run-program.8.in
index 96f0868..06b2fd6 100644
--- a/doc/man/polkit-module-run-program.8.in
+++ b/doc/man/polkit-module-run-program.8.in
@@ -11,7 +11,7 @@ polkit-module-run-program \- determine p
\fBpolkit-module-run-program.so\fR program=\fI<program>\fR
.SH DESCRIPTION
.PP
-This PolicyKit module will run a program every time a privilege is
+This PolicyKit module will run a program every time an action is
requested. For more information about the big picture refer to the
\fIPolicyKit spec\fP which can be found in
.I "@docdir@/spec/polkit-spec.html"
@@ -22,9 +22,9 @@ depending on the distribution.
.TP 3n
.B program=<program>
Absolute path to program to run; this is a mandatory option. Examples:
-.B privilege=/usr/bin/my-program
+.B program=/usr/bin/my-program
or
-.B privilege="/path/to/program --foo --bar"
+.B program="/path/to/program --foo --bar"
.SH DESCRIPTION
This module will invoke the given program and will export a minimal
@@ -51,7 +51,7 @@ enumeration):
.I
.TP
.B unknown
-The passed privilege is unknown.
+The passed action is unknown.
.TP
.B not_authorized
The mechanism / caller (e.g. the program using
@@ -98,8 +98,8 @@ bus daemon, the environment will contain
To identify the request to be concerning a decision about a caller on
the system message bus.
.TP
-.B POLKIT_PRIVILEGE_ID
-Privilege identifier
+.B POLKIT_ACTION_ID
+An identifier for the action
.TP
.B POLKIT_RESOURCE_ID
Resource identifier
@@ -142,8 +142,8 @@ contain:
.B POLKIT_REQUEST_SESSION=1
To identify the request to be session-wide.
.TP
-.B POLKIT_PRIVILEGE_ID
-Privilege identifier
+.B POLKIT_ACTION_ID
+An identifier for the action
.TP
.B POLKIT_RESOURCE_ID
Resource identifier
@@ -190,7 +190,7 @@ on how to subscribe.
\&\fIpolkit-module-default\fR\|(8),
\&\fIpolkit-module-allow-all\fR\|(8),
\&\fIpolkit-module-deny-all\fR\|(8),
-\&\fI at sysconfdir@/PolicyKit/privileges\fR\|,
+\&\fI at sysconfdir@/PolicyKit/policy\fR\|,
\&\fI at sysconfdir@/PolicyKit/PolicyKit.conf\fR\|
.SH AUTHOR
diff --git a/doc/man/polkit-policy-file-validate.1.in b/doc/man/polkit-policy-file-validate.1.in
new file mode 100644
index 0000000..87f9bb0
--- /dev/null
+++ b/doc/man/polkit-policy-file-validate.1.in
@@ -0,0 +1,53 @@
+.\"
+.\" polkit-policy-file-validate manual page.
+.\" Copyright (C) 2007 David Zeuthen <david at fubar.dk>
+.\"
+.TH POLKIT-POLICY-FILE-VALIDATE 1
+.SH NAME
+polkit-policy-file-validate \- check access
+.SH SYNOPSIS
+.PP
+.B polkit-policy-file-validate
+<policy-files>
+
+.SH DESCRIPTION
+
+\fIpolkit-policy-file-validate\fP is used to validate PolicyKit
+policy definition files. These are normally stored in the
+.I "@sysconfdir@/PolicyKit/policy"
+directory. For more information about the big picture
+refer to the \fIPolicyKit spec\fP which can be found in
+.I "@docdir@/spec/polkit-spec.html"
+depending on the distribution.
+
+.SH OPTIONS
+The following options are supported:
+.TP
+.I "--help"
+Print out usage.
+.TP
+.I "--version"
+Print the version.
+
+.SH RETURN VALUE
+.PP
+If the given files are all valid, this program exits with exit code
+0. Otherwise the program exits with a non-zero exit code.
+
+.SH BUGS
+.PP
+Please send bug reports to either the distribution or the HAL
+mailing list, see
+.I "http://lists.freedesktop.org/mailman/listinfo/hal"
+on how to subscribe.
+
+.SH SEE ALSO
+.PP
+\&\fIPolicyKit\fR\|(8),
+\&\fIpolkit-check-caller\fR\|(1),
+\&\fIpolkit-check-session\fR\|(1)
+
+.SH AUTHOR
+Written by David Zeuthen <david at fubar.dk> with a lot of help from many
+others.
+
diff --git a/doc/man/polkit-privilege-file-validate.1.in b/doc/man/polkit-privilege-file-validate.1.in
deleted file mode 100644
index 8a02f66..0000000
--- a/doc/man/polkit-privilege-file-validate.1.in
+++ /dev/null
@@ -1,53 +0,0 @@
-.\"
-.\" polkit-privilege-file-validate manual page.
-.\" Copyright (C) 2007 David Zeuthen <david at fubar.dk>
-.\"
-.TH POLKIT-PRIVILEGE-FILE-VALIDATE 1
-.SH NAME
-polkit-privilege-file-validate \- check access
-.SH SYNOPSIS
-.PP
-.B polkit-privilege-file-validate
-<privilege-files>
-
-.SH DESCRIPTION
-
-\fIpolkit-privilege-file-validate\fP is used to validate PolicyKit
-privilege definition files. These are normally stored in the
-.I "@sysconfdir@/PolicyKit/privileges"
-directory. For more information about the big picture
-refer to the \fIPolicyKit spec\fP which can be found in
-.I "@docdir@/spec/polkit-spec.html"
-depending on the distribution.
-
-.SH OPTIONS
-The following options are supported:
-.TP
-.I "--help"
-Print out usage.
-.TP
-.I "--version"
-Print the version.
-
-.SH RETURN VALUE
-.PP
-If the given files are all valid, this program exits with exit code
-0. Otherwise the program exits with a non-zero exit code.
-
-.SH BUGS
-.PP
-Please send bug reports to either the distribution or the HAL
-mailing list, see
-.I "http://lists.freedesktop.org/mailman/listinfo/hal"
-on how to subscribe.
-
-.SH SEE ALSO
-.PP
-\&\fIPolicyKit\fR\|(8),
-\&\fIpolkit-check-caller\fR\|(1),
-\&\fIpolkit-check-session\fR\|(1)
-
-.SH AUTHOR
-Written by David Zeuthen <david at fubar.dk> with a lot of help from many
-others.
-
diff --git a/libpolkit/Makefile.am b/libpolkit/Makefile.am
index 5961d9b..f0bb035 100644
--- a/libpolkit/Makefile.am
+++ b/libpolkit/Makefile.am
@@ -21,33 +21,33 @@ libpolkitinclude_HEADERS =
libpolkit-error.h \
libpolkit-result.h \
libpolkit-context.h \
- libpolkit-privilege.h \
+ libpolkit-action.h \
libpolkit-resource.h \
libpolkit-seat.h \
libpolkit-session.h \
libpolkit-caller.h \
- libpolkit-privilege-file-entry.h \
- libpolkit-privilege-file.h \
- libpolkit-privilege-cache.h \
- libpolkit-privilege-default.h \
+ libpolkit-policy-file-entry.h \
+ libpolkit-policy-file.h \
+ libpolkit-policy-cache.h \
+ libpolkit-policy-default.h \
libpolkit-module.h
-libpolkit_la_SOURCES = \
- libpolkit.h \
- libpolkit-error.h libpolkit-error.c \
- libpolkit-result.h libpolkit-result.c \
- libpolkit-context.h libpolkit-context.c \
- libpolkit-privilege.h libpolkit-privilege.c \
- libpolkit-resource.h libpolkit-resource.c \
- libpolkit-seat.h libpolkit-seat.c \
- libpolkit-session.h libpolkit-session.c \
- libpolkit-caller.h libpolkit-caller.c \
- libpolkit-privilege-file-entry.h libpolkit-privilege-file-entry.c \
- libpolkit-privilege-file.h libpolkit-privilege-file.c \
- libpolkit-privilege-cache.h libpolkit-privilege-cache.c \
- libpolkit-privilege-default.h libpolkit-privilege-default.c \
- libpolkit-debug.h libpolkit-debug.c \
- libpolkit-module.h libpolkit-module.c
+libpolkit_la_SOURCES = \
+ libpolkit.h \
+ libpolkit-error.h libpolkit-error.c \
+ libpolkit-result.h libpolkit-result.c \
+ libpolkit-context.h libpolkit-context.c \
+ libpolkit-action.h libpolkit-action.c \
+ libpolkit-resource.h libpolkit-resource.c \
+ libpolkit-seat.h libpolkit-seat.c \
+ libpolkit-session.h libpolkit-session.c \
+ libpolkit-caller.h libpolkit-caller.c \
+ libpolkit-policy-file-entry.h libpolkit-policy-file-entry.c \
+ libpolkit-policy-file.h libpolkit-policy-file.c \
+ libpolkit-policy-cache.h libpolkit-policy-cache.c \
+ libpolkit-policy-default.h libpolkit-policy-default.c \
+ libpolkit-debug.h libpolkit-debug.c \
+ libpolkit-module.h libpolkit-module.c
libpolkit_la_LIBADD = @GLIB_LIBS@ @DBUS_LIBS@ -ldl
diff --git a/libpolkit/libpolkit-action.c b/libpolkit/libpolkit-action.c
new file mode 100644
index 0000000..6a82bdc
--- /dev/null
+++ b/libpolkit/libpolkit-action.c
@@ -0,0 +1,159 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * libpolkit-action.c : action
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <glib.h>
+#include "libpolkit-debug.h"
+#include "libpolkit-action.h"
+
+/**
+ * SECTION:libpolkit-action
+ * @short_description: Actions.
+ *
+ * This class is used to represent an action. TODO: describe what a action really is.
+ **/
+
+/**
+ * PolKitAction:
+ *
+ * Objects of this class are used to record information about an action.
+ **/
+struct PolKitAction
+{
+ int refcount;
+ char *id;
+};
+
+/**
+ * libpolkit_action_new:
+ *
+ * Create a new #PolKitAction object.
+ *
+ * Returns: the new object
+ **/
+PolKitAction *
+libpolkit_action_new (void)
+{
+ PolKitAction *action;
+ action = g_new0 (PolKitAction, 1);
+ action->refcount = 1;
+ return action;
+}
+
+/**
+ * libpolkit_action_ref:
+ * @action: the action object
+ *
+ * Increase reference count.
+ *
+ * Returns: the object
+ **/
+PolKitAction *
+libpolkit_action_ref (PolKitAction *action)
+{
+ g_return_val_if_fail (action != NULL, action);
+ action->refcount++;
+ return action;
+}
+
+/**
+ * libpolkit_action_unref:
+ * @action: the action object
+ *
+ * Decreases the reference count of the object. If it becomes zero,
+ * the object is freed. Before freeing, reference counts on embedded
+ * objects are decresed by one.
+ **/
+void
+libpolkit_action_unref (PolKitAction *action)
+{
+ g_return_if_fail (action != NULL);
+ action->refcount--;
+ if (action->refcount > 0)
+ return;
+ g_free (action->id);
+ g_free (action);
+}
+
+/**
+ * libpolkit_action_set_action_id:
+ * @action: the action object
+ * @action_id: action identifier
+ *
+ * Set the action identifier
+ **/
+void
+libpolkit_action_set_action_id (PolKitAction *action, const char *action_id)
+{
+ g_return_if_fail (action != NULL);
+ if (action->id != NULL)
+ g_free (action->id);
+ action->id = g_strdup (action_id);
+}
+
+/**
+ * libpolkit_action_get_action_id:
+ * @action: the action object
+ * @out_action_id: Returns the action identifier. The caller shall not free this string.
+ *
+ * Get the action identifier.
+ *
+ * Returns: TRUE iff the value was returned.
+ **/
+gboolean
+libpolkit_action_get_action_id (PolKitAction *action, char **out_action_id)
+{
+ g_return_val_if_fail (action != NULL, FALSE);
+ g_return_val_if_fail (out_action_id != NULL, FALSE);
+ if (action->id == NULL)
+ return FALSE;
+ *out_action_id = action->id;
+ return TRUE;
+}
+
+/**
+ * libpolkit_action_debug:
+ * @action: the object
+ *
+ * Print debug details
+ **/
+void
+libpolkit_action_debug (PolKitAction *action)
+{
+ g_return_if_fail (action != NULL);
+ _pk_debug ("PolKitAction: refcount=%d id=%s", action->refcount, action->id);
+}
diff --git a/libpolkit/libpolkit-action.h b/libpolkit/libpolkit-action.h
new file mode 100644
index 0000000..8c2ae14
--- /dev/null
+++ b/libpolkit/libpolkit-action.h
@@ -0,0 +1,47 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * libpolkit-action.h : actions
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#ifndef LIBPOLKIT_ACTION_H
+#define LIBPOLKIT_ACTION_H
+
+#include <stdio.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <glib.h>
+
+struct PolKitAction;
+typedef struct PolKitAction PolKitAction;
+
+PolKitAction *libpolkit_action_new (void);
+PolKitAction *libpolkit_action_ref (PolKitAction *action);
+void libpolkit_action_unref (PolKitAction *action);
+void libpolkit_action_set_action_id (PolKitAction *action, const char *action_id);
+gboolean libpolkit_action_get_action_id (PolKitAction *action, char **out_action_id);
+
+void libpolkit_action_debug (PolKitAction *action);
+
+#endif /* LIBPOLKIT_ACTION_H */
+
+
diff --git a/libpolkit/libpolkit-context.c b/libpolkit/libpolkit-context.c
index 0f71293..3ea7fd3 100644
--- a/libpolkit/libpolkit-context.c
+++ b/libpolkit/libpolkit-context.c
@@ -39,7 +39,7 @@
#include <glib.h>
#include "libpolkit-debug.h"
#include "libpolkit-context.h"
-#include "libpolkit-privilege-cache.h"
+#include "libpolkit-policy-cache.h"
#include "libpolkit-module.h"
/**
@@ -71,9 +71,9 @@ struct PolKitContext
PolKitContextFileMonitorAddWatch file_monitor_add_watch_func;
PolKitContextFileMonitorRemoveWatch file_monitor_remove_watch_func;
- char *priv_dir;
+ char *policy_dir;
- PolKitPrivilegeCache *priv_cache;
+ PolKitPolicyCache *priv_cache;
GSList *modules;
};
@@ -83,7 +83,7 @@ struct PolKitContext
*
* Create a new context
*
- * Returns: the #PolKitPrivilegeCache object
+ * Returns: the object
**/
PolKitContext *
libpolkit_context_new (void)
@@ -236,15 +236,15 @@ _config_file_events (PolKitContext
}
static void
-_privilege_dir_events (PolKitContext *pk_context,
+_policy_dir_events (PolKitContext *pk_context,
PolKitContextFileMonitorEvent event_mask,
const char *path,
gpointer user_data)
{
- /* mark cache of privilege files as stale.. (will be populated on-demand, see _get_cache()) */
+ /* mark cache of policy files as stale.. (will be populated on-demand, see _get_cache()) */
if (pk_context->priv_cache != NULL) {
- _pk_debug ("Something happened in %s - invalidating cache", pk_context->priv_dir);
- libpolkit_privilege_cache_unref (pk_context->priv_cache);
+ _pk_debug ("Something happened in %s - invalidating cache", pk_context->policy_dir);
+ libpolkit_policy_cache_unref (pk_context->priv_cache);
pk_context->priv_cache = NULL;
}
@@ -260,8 +260,8 @@ _privilege_dir_events (PolKitContext
* @error: return location for error
*
* Initializes a new context; loads PolicyKit files from
- * /etc/PolicyKit/privileges unless the environment variable
- * $POLKIT_PRIVILEGE_DIR points to a location.
+ * /etc/PolicyKit/policy unless the environment variable
+ * $POLKIT_POLICY_DIR points to a location.
*
* Returns: #FALSE if @error was set, otherwise #TRUE
**/
@@ -270,13 +270,13 @@ libpolkit_context_init (PolKitContext *p
{
const char *dirname;
- dirname = getenv ("POLKIT_PRIVILEGE_DIR");
+ dirname = getenv ("POLKIT_POLICY_DIR");
if (dirname != NULL) {
- pk_context->priv_dir = g_strdup (dirname);
+ pk_context->policy_dir = g_strdup (dirname);
} else {
- pk_context->priv_dir = g_strdup (PACKAGE_SYSCONF_DIR "/PolicyKit/privileges");
+ pk_context->policy_dir = g_strdup (PACKAGE_SYSCONF_DIR "/PolicyKit/policy");
}
- _pk_debug ("Using privilege files from directory %s", pk_context->priv_dir);
+ _pk_debug ("Using policy files from directory %s", pk_context->policy_dir);
/* Load modules */
if (!load_modules (pk_context, error))
@@ -287,13 +287,13 @@ libpolkit_context_init (PolKitContext *p
if (pk_context->file_monitor_add_watch_func == NULL) {
_pk_debug ("No file monitor; cannot monitor '%s' for .priv file changes", dirname);
} else {
- /* Watch when privilege definitions file change */
+ /* Watch when policy definitions file change */
pk_context->file_monitor_add_watch_func (pk_context,
- pk_context->priv_dir,
+ pk_context->policy_dir,
POLKIT_CONTEXT_FILE_MONITOR_EVENT_CREATE|
POLKIT_CONTEXT_FILE_MONITOR_EVENT_DELETE|
POLKIT_CONTEXT_FILE_MONITOR_EVENT_CHANGE,
- _privilege_dir_events,
+ _policy_dir_events,
NULL);
/* Config file changes */
@@ -401,31 +401,31 @@ libpolkit_context_set_file_monitor (PolK
/**
- * libpolkit_context_get_privilege_cache:
+ * libpolkit_context_get_policy_cache:
* @pk_context: the context
*
- * Get the #PolKitPrivilegeCache object that holds all the defined privileges as well as their defaults.
+ * Get the #PolKitPolicyCache object that holds all the defined policies as well as their defaults.
*
- * Returns: the #PolKitPrivilegeCache object. Caller shall not unref it.
+ * Returns: the #PolKitPolicyCache object. Caller shall not unref it.
**/
-PolKitPrivilegeCache *
-libpolkit_context_get_privilege_cache (PolKitContext *pk_context)
+PolKitPolicyCache *
+libpolkit_context_get_policy_cache (PolKitContext *pk_context)
{
g_return_val_if_fail (pk_context != NULL, NULL);
if (pk_context->priv_cache == NULL) {
GError *error;
- _pk_debug ("Populating cache from directory %s", pk_context->priv_dir);
+ _pk_debug ("Populating cache from directory %s", pk_context->policy_dir);
error = NULL;
- pk_context->priv_cache = libpolkit_privilege_cache_new (pk_context->priv_dir, &error);
+ pk_context->priv_cache = libpolkit_policy_cache_new (pk_context->policy_dir, &error);
if (pk_context->priv_cache == NULL) {
- g_warning ("Error loading privilege files from %s: %s",
- pk_context->priv_dir, error->message);
+ g_warning ("Error loading policy files from %s: %s",
+ pk_context->policy_dir, error->message);
g_error_free (error);
} else {
- /*libpolkit_privilege_cache_debug (pk_context->priv_cache)*/;
+ /*libpolkit_policy_cache_debug (pk_context->priv_cache)*/;
}
}
@@ -489,7 +489,7 @@ libpolkit_context_is_resource_associated
/**
* libpolkit_context_can_session_access_resource:
* @pk_context: the PolicyKit context
- * @privilege: the type of access to check for
+ * @action: the type of access to check for
* @resource: the resource in question
* @session: the session in question
*
@@ -501,42 +501,42 @@ libpolkit_context_is_resource_associated
*/
PolKitResult
libpolkit_context_can_session_access_resource (PolKitContext *pk_context,
- PolKitPrivilege *privilege,
+ PolKitAction *action,
PolKitResource *resource,
PolKitSession *session)
{
- PolKitPrivilegeCache *cache;
- PolKitPrivilegeFileEntry *pfe;
+ PolKitPolicyCache *cache;
+ PolKitPolicyFileEntry *pfe;
PolKitResult current_result;
PolKitModuleControl current_control;
GSList *i;
current_result = LIBPOLKIT_RESULT_NO;
- cache = libpolkit_context_get_privilege_cache (pk_context);
+ cache = libpolkit_context_get_policy_cache (pk_context);
if (cache == NULL)
goto out;
_pk_debug ("entering libpolkit_can_session_access_resource()");
- libpolkit_privilege_debug (privilege);
+ libpolkit_action_debug (action);
libpolkit_resource_debug (resource);
libpolkit_session_debug (session);
- pfe = libpolkit_privilege_cache_get_entry (cache, privilege);
+ pfe = libpolkit_policy_cache_get_entry (cache, action);
if (pfe == NULL) {
- char *privilege_name;
- if (!libpolkit_privilege_get_privilege_id (privilege, &privilege_name)) {
- g_warning ("given privilege has no name");
+ char *action_name;
+ if (!libpolkit_action_get_action_id (action, &action_name)) {
+ g_warning ("given action has no name");
} else {
- g_warning ("no privilege with name '%s'", privilege_name);
+ g_warning ("no action with name '%s'", action_name);
}
- current_result = LIBPOLKIT_RESULT_UNKNOWN_PRIVILEGE;
+ current_result = LIBPOLKIT_RESULT_UNKNOWN_ACTION;
goto out;
}
- libpolkit_privilege_file_entry_debug (pfe);
+ libpolkit_policy_file_entry_debug (pfe);
- current_result = LIBPOLKIT_RESULT_UNKNOWN_PRIVILEGE;
+ current_result = LIBPOLKIT_RESULT_UNKNOWN_ACTION;
current_control = LIBPOLKIT_MODULE_CONTROL_ADVISE; /* start with advise */
/* visit modules */
@@ -556,27 +556,27 @@ libpolkit_context_can_session_access_res
if (libpolkit_module_interface_check_builtin_confinement_for_session (
module_interface,
pk_context,
- privilege,
+ action,
resource,
session)) {
/* module is confined by built-in options */
- module_result = LIBPOLKIT_RESULT_UNKNOWN_PRIVILEGE;
+ module_result = LIBPOLKIT_RESULT_UNKNOWN_ACTION;
_pk_debug ("Module '%s' confined by built-in's",
libpolkit_module_get_name (module_interface));
} else {
module_result = func (module_interface,
pk_context,
- privilege,
+ action,
resource,
session);
}
- /* if a module returns _UNKNOWN_PRIVILEGE, it means that it doesn't
+ /* if a module returns _UNKNOWN_ACTION, it means that it doesn't
* have an opinion about the query; e.g. polkit-module-allow-all(8)
- * will return this if it's confined to only consider certain privileges
+ * will return this if it's confined to only consider certain actions
* or certain users.
*/
- if (module_result != LIBPOLKIT_RESULT_UNKNOWN_PRIVILEGE) {
+ if (module_result != LIBPOLKIT_RESULT_UNKNOWN_ACTION) {
if (current_control == LIBPOLKIT_MODULE_CONTROL_ADVISE &&
module_control == LIBPOLKIT_MODULE_CONTROL_ADVISE) {
@@ -599,8 +599,8 @@ libpolkit_context_can_session_access_res
}
}
- /* Never return UNKNOWN_PRIVILEGE to user */
- if (current_result == LIBPOLKIT_RESULT_UNKNOWN_PRIVILEGE)
+ /* Never return UNKNOWN_ACTION to user */
+ if (current_result == LIBPOLKIT_RESULT_UNKNOWN_ACTION)
current_result = LIBPOLKIT_RESULT_NO;
out:
@@ -611,7 +611,7 @@ out:
/**
* libpolkit_context_can_caller_access_resource:
* @pk_context: the PolicyKit context
- * @privilege: the type of access to check for
+ * @action: the type of access to check for
* @resource: the resource in question
* @caller: the resource in question
*
@@ -622,42 +622,42 @@ out:
*/
PolKitResult
libpolkit_context_can_caller_access_resource (PolKitContext *pk_context,
- PolKitPrivilege *privilege,
+ PolKitAction *action,
PolKitResource *resource,
PolKitCaller *caller)
{
- PolKitPrivilegeCache *cache;
- PolKitPrivilegeFileEntry *pfe;
+ PolKitPolicyCache *cache;
+ PolKitPolicyFileEntry *pfe;
PolKitResult current_result;
PolKitModuleControl current_control;
GSList *i;
current_result = LIBPOLKIT_RESULT_NO;
- cache = libpolkit_context_get_privilege_cache (pk_context);
+ cache = libpolkit_context_get_policy_cache (pk_context);
if (cache == NULL)
goto out;
_pk_debug ("entering libpolkit_can_caller_access_resource()");
- libpolkit_privilege_debug (privilege);
+ libpolkit_action_debug (action);
libpolkit_resource_debug (resource);
libpolkit_caller_debug (caller);
- pfe = libpolkit_privilege_cache_get_entry (cache, privilege);
+ pfe = libpolkit_policy_cache_get_entry (cache, action);
if (pfe == NULL) {
- char *privilege_name;
- if (!libpolkit_privilege_get_privilege_id (privilege, &privilege_name)) {
- g_warning ("given privilege has no name");
+ char *action_name;
+ if (!libpolkit_action_get_action_id (action, &action_name)) {
+ g_warning ("given action has no name");
} else {
- g_warning ("no privilege with name '%s'", privilege_name);
+ g_warning ("no action with name '%s'", action_name);
}
- current_result = LIBPOLKIT_RESULT_UNKNOWN_PRIVILEGE;
+ current_result = LIBPOLKIT_RESULT_UNKNOWN_ACTION;
goto out;
}
- libpolkit_privilege_file_entry_debug (pfe);
+ libpolkit_policy_file_entry_debug (pfe);
- current_result = LIBPOLKIT_RESULT_UNKNOWN_PRIVILEGE;
+ current_result = LIBPOLKIT_RESULT_UNKNOWN_ACTION;
current_control = LIBPOLKIT_MODULE_CONTROL_ADVISE; /* start with advise */
/* visit modules */
@@ -677,27 +677,27 @@ libpolkit_context_can_caller_access_reso
if (libpolkit_module_interface_check_builtin_confinement_for_caller (
module_interface,
pk_context,
- privilege,
+ action,
resource,
caller)) {
/* module is confined by built-in options */
- module_result = LIBPOLKIT_RESULT_UNKNOWN_PRIVILEGE;
+ module_result = LIBPOLKIT_RESULT_UNKNOWN_ACTION;
_pk_debug ("Module '%s' confined by built-in's",
libpolkit_module_get_name (module_interface));
} else {
module_result = func (module_interface,
pk_context,
- privilege,
+ action,
resource,
caller);
}
- /* if a module returns _UNKNOWN_PRIVILEGE, it means that it doesn't
+ /* if a module returns _UNKNOWN_ACTION, it means that it doesn't
* have an opinion about the query; e.g. polkit-module-allow-all(8)
- * will return this if it's confined to only consider certain privileges
+ * will return this if it's confined to only consider certain actions
* or certain users.
*/
- if (module_result != LIBPOLKIT_RESULT_UNKNOWN_PRIVILEGE) {
+ if (module_result != LIBPOLKIT_RESULT_UNKNOWN_ACTION) {
if (current_control == LIBPOLKIT_MODULE_CONTROL_ADVISE &&
module_control == LIBPOLKIT_MODULE_CONTROL_ADVISE) {
@@ -720,8 +720,8 @@ libpolkit_context_can_caller_access_reso
}
}
- /* Never return UNKNOWN_PRIVILEGE to user */
- if (current_result == LIBPOLKIT_RESULT_UNKNOWN_PRIVILEGE)
+ /* Never return UNKNOWN_ACTION to user */
+ if (current_result == LIBPOLKIT_RESULT_UNKNOWN_ACTION)
current_result = LIBPOLKIT_RESULT_NO;
out:
_pk_debug ("... result was %s", libpolkit_result_to_string_representation (current_result));
diff --git a/libpolkit/libpolkit-context.h b/libpolkit/libpolkit-context.h
index 31fd1da..088ec35 100644
--- a/libpolkit/libpolkit-context.h
+++ b/libpolkit/libpolkit-context.h
@@ -34,12 +34,12 @@
#include <libpolkit/libpolkit-error.h>
#include <libpolkit/libpolkit-result.h>
#include <libpolkit/libpolkit-context.h>
-#include <libpolkit/libpolkit-privilege.h>
+#include <libpolkit/libpolkit-action.h>
#include <libpolkit/libpolkit-resource.h>
#include <libpolkit/libpolkit-seat.h>
#include <libpolkit/libpolkit-session.h>
#include <libpolkit/libpolkit-caller.h>
-#include <libpolkit/libpolkit-privilege-cache.h>
+#include <libpolkit/libpolkit-policy-cache.h>
struct PolKitContext;
typedef struct PolKitContext PolKitContext;
@@ -145,7 +145,7 @@ gboolean libpolkit_context_init
PolKitContext *libpolkit_context_ref (PolKitContext *pk_context);
void libpolkit_context_unref (PolKitContext *pk_context);
-PolKitPrivilegeCache *libpolkit_context_get_privilege_cache (PolKitContext *pk_context);
+PolKitPolicyCache *libpolkit_context_get_policy_cache (PolKitContext *pk_context);
/**
* PolKitSeatVisitorCB:
@@ -171,13 +171,13 @@ libpolkit_context_is_resource_associated
PolKitResult
libpolkit_context_can_session_access_resource (PolKitContext *pk_context,
- PolKitPrivilege *privilege,
+ PolKitAction *action,
PolKitResource *resource,
PolKitSession *session);
PolKitResult
libpolkit_context_can_caller_access_resource (PolKitContext *pk_context,
- PolKitPrivilege *privilege,
+ PolKitAction *action,
PolKitResource *resource,
PolKitCaller *caller);
diff --git a/libpolkit/libpolkit-error.h b/libpolkit/libpolkit-error.h
index b587ee0..d89eade 100644
--- a/libpolkit/libpolkit-error.h
+++ b/libpolkit/libpolkit-error.h
@@ -30,13 +30,13 @@
/**
* PolKitError:
- * @POLKIT_ERROR_PRIVILEGE_FILE_INVALID: There was an error parsing the given privilege file
+ * @POLKIT_ERROR_POLICY_FILE_INVALID: There was an error parsing the given policy file
*
* Error codes returned by PolicyKit
*/
typedef enum
{
- POLKIT_ERROR_PRIVILEGE_FILE_INVALID
+ POLKIT_ERROR_POLICY_FILE_INVALID
} PolKitError;
/**
diff --git a/libpolkit/libpolkit-module.c b/libpolkit/libpolkit-module.c
index 414d2c8..9885caa 100644
--- a/libpolkit/libpolkit-module.c
+++ b/libpolkit/libpolkit-module.c
@@ -62,8 +62,8 @@ struct PolKitModuleInterface
PolKitModuleCanSessionAccessResource func_can_session_access_resource;
PolKitModuleCanCallerAccessResource func_can_caller_access_resource;
- gboolean builtin_have_privilege_regex;
- regex_t builtin_privilege_regex_compiled;
+ gboolean builtin_have_action_regex;
+ regex_t builtin_action_regex_compiled;
GSList *builtin_users;
};
@@ -116,22 +116,22 @@ _parse_builtin (PolKitModuleInterface *m
ret = FALSE;
for (n = 1; n < *argc; ) {
- if (g_str_has_prefix (argv[n], "privilege=")) {
+ if (g_str_has_prefix (argv[n], "action=")) {
const char *regex;
- if (mi->builtin_have_privilege_regex) {
- _pk_debug ("Already have option 'privilege='");
+ if (mi->builtin_have_action_regex) {
+ _pk_debug ("Already have option 'action='");
goto error;
}
regex = argv[n] + 10;
- if (regcomp (&(mi->builtin_privilege_regex_compiled), regex, REG_EXTENDED) != 0) {
+ if (regcomp (&(mi->builtin_action_regex_compiled), regex, REG_EXTENDED) != 0) {
_pk_debug ("Regex '%s' didn't compile", regex);
goto error;
}
- mi->builtin_have_privilege_regex = TRUE;
+ mi->builtin_have_action_regex = TRUE;
- _pk_debug ("Compiled regex '%s' for option 'privilege=' OK", regex);
+ _pk_debug ("Compiled regex '%s' for option 'action=' OK", regex);
_parse_builtin_remove_option (argc, argv, n);
} else if (g_str_has_prefix (argv[n], "user=")) {
@@ -308,8 +308,8 @@ libpolkit_module_interface_unref (PolKit
return;
/* builtins */
- if (module_interface->builtin_have_privilege_regex)
- regfree (&module_interface->builtin_privilege_regex_compiled);
+ if (module_interface->builtin_have_action_regex)
+ regfree (&module_interface->builtin_action_regex_compiled);
g_slist_free (module_interface->builtin_users);
/* shutdown the module and unload it */
@@ -608,17 +608,17 @@ libpolkit_module_get_user_data (PolKit
}
static gboolean
-_check_privilege (PolKitModuleInterface *module_interface, PolKitPrivilege *privilege)
+_check_action (PolKitModuleInterface *module_interface, PolKitAction *action)
{
gboolean ret;
ret = FALSE;
- if (module_interface->builtin_have_privilege_regex) {
- char *privilege_name;
- if (libpolkit_privilege_get_privilege_id (privilege, &privilege_name)) {
- if (regexec (&module_interface->builtin_privilege_regex_compiled,
- privilege_name, 0, NULL, 0) == 0) {
+ if (module_interface->builtin_have_action_regex) {
+ char *action_name;
+ if (libpolkit_action_get_action_id (action, &action_name)) {
+ if (regexec (&module_interface->builtin_action_regex_compiled,
+ action_name, 0, NULL, 0) == 0) {
ret = TRUE;
}
}
@@ -677,11 +677,11 @@ _check_users_for_caller (PolKitModuleInt
* libpolkit_module_interface_check_builtin_confinement_for_session:
* @module_interface: the given module
* @pk_context: the PolicyKit context
- * @privilege: the type of access to check for
+ * @action: the type of access to check for
* @resource: the resource in question
* @session: the session in question
*
- * Check whether some of the built-in module options (e.g. privilege="hal-storage-*",
+ * Check whether some of the built-in module options (e.g. action="hal-storage-*",
* user=davidz) confines the given module, e.g. whether it should be skipped.
*
* Returns: TRUE if, and only if, the module is confined from handling the request
@@ -689,7 +689,7 @@ _check_users_for_caller (PolKitModuleInt
gboolean
libpolkit_module_interface_check_builtin_confinement_for_session (PolKitModuleInterface *module_interface,
PolKitContext *pk_context,
- PolKitPrivilege *privilege,
+ PolKitAction *action,
PolKitResource *resource,
PolKitSession *session)
{
@@ -698,7 +698,7 @@ libpolkit_module_interface_check_builtin
g_return_val_if_fail (module_interface != NULL, ret);
- if (!_check_privilege (module_interface, privilege))
+ if (!_check_action (module_interface, action))
goto out;
if (!_check_users_for_session (module_interface, session))
goto out;
@@ -713,11 +713,11 @@ out:
* libpolkit_module_interface_check_builtin_confinement_for_caller:
* @module_interface: the given module
* @pk_context: the PolicyKit context
- * @privilege: the type of access to check for
+ * @action: the type of access to check for
* @resource: the resource in question
* @caller: the resource in question
*
- * Check whether some of the built-in module options (e.g. privilege="hal-storage-*",
+ * Check whether some of the built-in module options (e.g. action="hal-storage-*",
* user=davidz) confines the given module, e.g. whether it should be skipped.
*
* Returns: TRUE if, and only if, the module is confined from handling the request
@@ -725,7 +725,7 @@ out:
gboolean
libpolkit_module_interface_check_builtin_confinement_for_caller (PolKitModuleInterface *module_interface,
PolKitContext *pk_context,
- PolKitPrivilege *privilege,
+ PolKitAction *action,
PolKitResource *resource,
PolKitCaller *caller)
{
@@ -734,7 +734,7 @@ libpolkit_module_interface_check_builtin
g_return_val_if_fail (module_interface != NULL, ret);
- if (!_check_privilege (module_interface, privilege))
+ if (!_check_action (module_interface, action))
goto out;
if (!_check_users_for_caller (module_interface, caller))
goto out;
diff --git a/libpolkit/libpolkit-module.h b/libpolkit/libpolkit-module.h
index bb99383..7f79e4f 100644
--- a/libpolkit/libpolkit-module.h
+++ b/libpolkit/libpolkit-module.h
@@ -94,7 +94,7 @@ typedef PolKitResult (*PolKitModuleIsRes
* PolKitModuleCanSessionAccessResource:
* @module_interface: the module interface
* @pk_context: the PolicyKit context
- * @privilege: the type of access to check for
+ * @action: the type of access to check for
* @resource: the resource in question
* @session: the session in question
*
@@ -104,7 +104,7 @@ typedef PolKitResult (*PolKitModuleIsRes
**/
typedef PolKitResult (*PolKitModuleCanSessionAccessResource) (PolKitModuleInterface *module_interface,
PolKitContext *pk_context,
- PolKitPrivilege *privilege,
+ PolKitAction *action,
PolKitResource *resource,
PolKitSession *session);
@@ -112,7 +112,7 @@ typedef PolKitResult (*PolKitModuleCanSe
* PolKitModuleCanCallerAccessResource:
* @module_interface: the module interface
* @pk_context: the PolicyKit context
- * @privilege: the type of access to check for
+ * @action: the type of access to check for
* @resource: the resource in question
* @caller: the resource in question
*
@@ -122,7 +122,7 @@ typedef PolKitResult (*PolKitModuleCanSe
**/
typedef PolKitResult (*PolKitModuleCanCallerAccessResource) (PolKitModuleInterface *module_interface,
PolKitContext *pk_context,
- PolKitPrivilege *privilege,
+ PolKitAction *action,
PolKitResource *resource,
PolKitCaller *caller);
@@ -160,7 +160,7 @@ PolKitModuleCanCallerAccessResource libp
* stack to override results from this module. Modules down the stack that are also marked with
* the #LIBPOLKIT_MODULE_CONTROL_ADVISE control will only take effect it they change the result to be "less strict".
* @LIBPOLKIT_MODULE_CONTROL_MANDATORY: Always use results (unless it returns
- * #LIBPOLKIT_RESULT_UNKNOWN_PRIVILEGE for a given request) from this module, even if it changes whether the
+ * #LIBPOLKIT_RESULT_UNKNOWN_ACTION for a given request) from this module, even if it changes whether the
* result to be "more strict". . If a later module also uses this control, results from that module will override it.
* @LIBPOLKIT_MODULE_CONTROL_N_CONTROLS: Number of control stanzas
*
@@ -193,14 +193,14 @@ PolKitModuleControl libpolkit_module_int
gboolean
libpolkit_module_interface_check_builtin_confinement_for_session (PolKitModuleInterface *module_interface,
PolKitContext *pk_context,
- PolKitPrivilege *privilege,
+ PolKitAction *action,
PolKitResource *resource,
PolKitSession *session);
gboolean
libpolkit_module_interface_check_builtin_confinement_for_caller (PolKitModuleInterface *module_interface,
PolKitContext *pk_context,
- PolKitPrivilege *privilege,
+ PolKitAction *action,
PolKitResource *resource,
PolKitCaller *caller);
diff --git a/libpolkit/libpolkit-policy-cache.c b/libpolkit/libpolkit-policy-cache.c
new file mode 100644
index 0000000..d9eb31b
--- /dev/null
+++ b/libpolkit/libpolkit-policy-cache.c
@@ -0,0 +1,246 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * libpolkit-policy-cache.c : policy cache
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <glib.h>
+#include "libpolkit-debug.h"
+#include "libpolkit-policy-file.h"
+#include "libpolkit-policy-cache.h"
+
+/**
+ * SECTION:libpolkit-policy-cache
+ * @short_description: Class for holding all policy objects.
+ *
+ * This class is used to hold all policy objects (stemming from policy
+ * files) and provide look-up functions.
+ **/
+
+/**
+ * PolKitPolicyCache:
+ *
+ * Instances of this class are used to hold all policy objects
+ * (stemming from policy files) and provide look-up functions.
+ **/
+struct PolKitPolicyCache
+{
+ int refcount;
+
+ GSList *priv_entries;
+};
+
+
+static void
+add_entries_from_file (PolKitPolicyCache *policy_cache,
+ PolKitPolicyFile *policy_file)
+{
+ GSList *i;
+
+ g_return_if_fail (policy_cache != NULL);
+ g_return_if_fail (policy_file != NULL);
+
+ for (i = libpolkit_policy_file_get_entries (policy_file); i != NULL; i = g_slist_next (i)) {
+ PolKitPolicyFileEntry *policy_file_entry = i->data;
+ libpolkit_policy_file_entry_ref (policy_file_entry);
+ policy_cache->priv_entries = g_slist_append (policy_cache->priv_entries,
+ policy_file_entry);
+ }
+}
+
+/**
+ * libpolkit_policy_cache_new:
+ * @dirname: directory containing policy files
+ * @error: location to return error
+ *
+ * Create a new #PolKitPolicyCache object and load information from policy files.
+ *
+ * Returns: #NULL if @error was set, otherwise the #PolKitPolicyCache object
+ **/
+PolKitPolicyCache *
+libpolkit_policy_cache_new (const char *dirname, GError **error)
+{
+ const char *file;
+ GDir *dir;
+ PolKitPolicyCache *pc;
+
+ pc = g_new0 (PolKitPolicyCache, 1);
+ pc->refcount = 1;
+
+ dir = g_dir_open (dirname, 0, error);
+ if (dir == NULL) {
+ goto out;
+ }
+ while ((file = g_dir_read_name (dir)) != NULL) {
+ char *path;
+ PolKitPolicyFile *pf;
+
+ if (!g_str_has_suffix (file, ".priv"))
+ continue;
+
+ if (g_str_has_prefix (file, "."))
+ continue;
+
+ path = g_strdup_printf ("%s/%s", dirname, file);
+
+ _pk_debug ("Loading %s", path);
+ pf = libpolkit_policy_file_new (path, error);
+ g_free (path);
+
+ if (pf == NULL) {
+ goto out;
+ }
+
+ add_entries_from_file (pc, pf);
+ libpolkit_policy_file_unref (pf);
+ }
+ g_dir_close (dir);
+
+ return pc;
+out:
+ if (pc != NULL)
+ libpolkit_policy_cache_ref (pc);
+ return NULL;
+}
+
+/**
+ * libpolkit_policy_cache_ref:
+ * @policy_cache: the policy cache object
+ *
+ * Increase reference count.
+ *
+ * Returns: the object
+ **/
+PolKitPolicyCache *
+libpolkit_policy_cache_ref (PolKitPolicyCache *policy_cache)
+{
+ g_return_val_if_fail (policy_cache != NULL, policy_cache);
+ policy_cache->refcount++;
+ return policy_cache;
+}
+
+/**
+ * libpolkit_policy_cache_unref:
+ * @policy_cache: the policy cache object
+ *
+ * Decreases the reference count of the object. If it becomes zero,
+ * the object is freed. Before freeing, reference counts on embedded
+ * objects are decresed by one.
+ **/
+void
+libpolkit_policy_cache_unref (PolKitPolicyCache *policy_cache)
+{
+ GSList *i;
+
+ g_return_if_fail (policy_cache != NULL);
+ policy_cache->refcount--;
+ if (policy_cache->refcount > 0)
+ return;
+
+ for (i = policy_cache->priv_entries; i != NULL; i = g_slist_next (i)) {
+ PolKitPolicyFileEntry *pfe = i->data;
+ libpolkit_policy_file_entry_unref (pfe);
+ }
+ if (policy_cache->priv_entries != NULL)
+ g_slist_free (policy_cache->priv_entries);
+
+ g_free (policy_cache);
+}
+
+/**
+ * libpolkit_policy_cache_debug:
+ * @policy_cache: the cache
+ *
+ * Print debug information about object
+ **/
+void
+libpolkit_policy_cache_debug (PolKitPolicyCache *policy_cache)
+{
+ GSList *i;
+ g_return_if_fail (policy_cache != NULL);
+
+ _pk_debug ("PolKitPolicyCache: refcount=%d num_entries=%d ...",
+ policy_cache->refcount,
+ policy_cache->priv_entries == NULL ? 0 : g_slist_length (policy_cache->priv_entries));
+
+ for (i = policy_cache->priv_entries; i != NULL; i = g_slist_next (i)) {
+ PolKitPolicyFileEntry *pfe = i->data;
+ libpolkit_policy_file_entry_debug (pfe);
+ }
+}
+
+/**
+ * libpolkit_policy_cache_get_entry:
+ * @policy_cache: the cache
+ * @action: the action
+ *
+ * Given a action, find the object describing the definition of the
+ * policy; e.g. data stemming from files in
+ * /etc/PolicyKit/policy.
+ *
+ * Returns: A #PolKitPolicyFileEntry entry on sucess; otherwise
+ * #NULL if the action wasn't identified. Caller shall not unref
+ * this object.
+ **/
+PolKitPolicyFileEntry*
+libpolkit_policy_cache_get_entry (PolKitPolicyCache *policy_cache,
+ PolKitAction *action)
+{
+ char *priv_id;
+ GSList *i;
+ PolKitPolicyFileEntry *pfe;
+
+ pfe = NULL;
+
+ /* I'm sure it would be easy to make this O(1)... */
+
+ g_return_val_if_fail (policy_cache != NULL, NULL);
+ g_return_val_if_fail (action != NULL, NULL);
+
+ if (!libpolkit_action_get_action_id (action, &priv_id))
+ goto out;
+
+ for (i = policy_cache->priv_entries; i != NULL; i = g_slist_next (i)) {
+ pfe = i->data;
+ if (strcmp (libpolkit_policy_file_entry_get_id (pfe), priv_id) == 0) {
+ goto out;
+ }
+ }
+
+ pfe = NULL;
+
+out:
+ return pfe;
+}
diff --git a/libpolkit/libpolkit-policy-cache.h b/libpolkit/libpolkit-policy-cache.h
new file mode 100644
index 0000000..72b626c
--- /dev/null
+++ b/libpolkit/libpolkit-policy-cache.h
@@ -0,0 +1,50 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * libpolkit-policy-cache.h : policy cache
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#ifndef LIBPOLKIT_POLICY_CACHE_H
+#define LIBPOLKIT_POLICY_CACHE_H
+
+#include <stdio.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <glib.h>
+
+#include <libpolkit/libpolkit-action.h>
+#include <libpolkit/libpolkit-policy-file-entry.h>
+
+struct PolKitPolicyCache;
+typedef struct PolKitPolicyCache PolKitPolicyCache;
+
+PolKitPolicyCache *libpolkit_policy_cache_new (const char *dirname, GError **error);
+PolKitPolicyCache *libpolkit_policy_cache_ref (PolKitPolicyCache *policy_cache);
+void libpolkit_policy_cache_unref (PolKitPolicyCache *policy_cache);
+void libpolkit_policy_cache_debug (PolKitPolicyCache *policy_cache);
+
+PolKitPolicyFileEntry* libpolkit_policy_cache_get_entry (PolKitPolicyCache *policy_cache,
+ PolKitAction *action);
+
+#endif /* LIBPOLKIT_POLICY_CACHE_H */
+
+
diff --git a/libpolkit/libpolkit-policy-default.c b/libpolkit/libpolkit-policy-default.c
new file mode 100644
index 0000000..3edde5f
--- /dev/null
+++ b/libpolkit/libpolkit-policy-default.c
@@ -0,0 +1,323 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * libpolkit-policy-default.c : policy definition for the defaults
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <glib.h>
+#include "libpolkit-debug.h"
+#include "libpolkit-error.h"
+#include "libpolkit-policy-default.h"
+
+/**
+ * SECTION:libpolkit-policy-default
+ * @short_description: Defaults policy.
+ *
+ * This class records the default policy of an action.
+ **/
+
+/**
+ * PolKitPolicyDefault:
+ *
+ * Objects of this class are used to record information about a
+ * default policy for an action.
+ **/
+struct PolKitPolicyDefault
+{
+ int refcount;
+ PolKitResult default_remote_inactive;
+ PolKitResult default_remote_active;
+ PolKitResult default_local_inactive;
+ PolKitResult default_local_active;
+};
+
+static gboolean
+parse_default (const char *key, char *s, const char *group, PolKitResult* target, GError **error)
+{
+ gboolean ret;
+
+ ret = libpolkit_result_from_string_representation (s, target);
+ if (!ret) {
+ int n;
+ char *s2;
+ GString *str;
+
+ str = g_string_new (NULL);
+ for (n = 0; n < LIBPOLKIT_RESULT_N_RESULTS; n++) {
+ if (n == LIBPOLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW)
+ continue;
+
+ if (str->len > 0) {
+ g_string_append (str, ", ");
+ }
+ g_string_append (str, libpolkit_result_to_string_representation (n));
+ }
+ s2 = g_string_free (str, FALSE);
+
+ g_set_error (error,
+ POLKIT_ERROR,
+ POLKIT_ERROR_POLICY_FILE_INVALID,
+ "Value '%s' is not allowed for key '%s' in group '%s' - supported values are: %s",
+ s,
+ key,
+ group,
+ s2);
+ g_free (s2);
+ }
+
+ g_free (s);
+ return ret;
+}
+
+/**
+ * libpolkit_policy_default_new:
+ * @key_file: a #GKeyFile object
+ * @action: action to look up defaults for in key_file
+ * @error: return location for error
+ *
+ * Create a new #PolKitPolicyDefault object.
+ *
+ * Returns: the new object or #NULL if error is set
+ **/
+PolKitPolicyDefault *
+libpolkit_policy_default_new (GKeyFile *key_file, const char *action, GError **error)
+{
+ const char *key;
+ const char *group;
+ char *s;
+ char buf[256];
+ PolKitPolicyDefault *pd;
+
+ pd = g_new0 (PolKitPolicyDefault, 1);
+ pd->refcount = 1;
+
+ g_snprintf (buf, sizeof (buf), "Action %s", action);
+ group = buf;
+
+ key = "AllowRemoteInactive";
+ if ((s = g_key_file_get_string (key_file, group, key, error)) == NULL)
+ goto error;
+ if (!parse_default (key, s, group, &pd->default_remote_inactive, error))
+ goto error;
+ key = "AllowRemoteActive";
+ if ((s = g_key_file_get_string (key_file, group, key, error)) == NULL)
+ goto error;
+ if (!parse_default (key, s, group, &pd->default_remote_active, error))
+ goto error;
+ key = "AllowLocalInactive";
+ if ((s = g_key_file_get_string (key_file, group, key, error)) == NULL)
+ goto error;
+ if (!parse_default (key, s, group, &pd->default_local_inactive, error))
+ goto error;
+ key = "AllowLocalActive";
+ if ((s = g_key_file_get_string (key_file, group, key, error)) == NULL)
+ goto error;
+ if (!parse_default (key, s, group, &pd->default_local_active, error))
+ goto error;
+
+ return pd;
+error:
+ if (pd != NULL)
+ libpolkit_policy_default_ref (pd);
+ return NULL;
+}
+
+/**
+ * libpolkit_policy_default_ref:
+ * @policy_default: the policy object
+ *
+ * Increase reference count.
+ *
+ * Returns: the object
+ **/
+PolKitPolicyDefault *
+libpolkit_policy_default_ref (PolKitPolicyDefault *policy_default)
+{
+ g_return_val_if_fail (policy_default != NULL, policy_default);
+ policy_default->refcount++;
+ return policy_default;
+}
+
+/**
+ * libpolkit_policy_default_unref:
+ * @policy_default: the object
+ *
+ * Decreases the reference count of the object. If it becomes zero,
+ * the object is freed. Before freeing, reference counts on embedded
+ * objects are decresed by one.
+ **/
+void
+libpolkit_policy_default_unref (PolKitPolicyDefault *policy_default)
+{
+ g_return_if_fail (policy_default != NULL);
+ policy_default->refcount--;
+ if (policy_default->refcount > 0)
+ return;
+ g_free (policy_default);
+}
+
+/**
+ * libpolkit_policy_default_debug:
+ * @policy_default: the object
+ *
+ * Print debug details
+ **/
+void
+libpolkit_policy_default_debug (PolKitPolicyDefault *policy_default)
+{
+ g_return_if_fail (policy_default != NULL);
+ _pk_debug ("PolKitPolicyDefault: refcount=%d\n"
+ " default_remote_inactive=%s\n"
+ " default_remote_active=%s\n"
+ " default_local_inactive=%s\n"
+ " default_local_active=%s",
+ policy_default->refcount,
+ libpolkit_result_to_string_representation (policy_default->default_remote_inactive),
+ libpolkit_result_to_string_representation (policy_default->default_remote_active),
+ libpolkit_result_to_string_representation (policy_default->default_local_inactive),
+ libpolkit_result_to_string_representation (policy_default->default_local_active));
+}
+
+
+/**
+ * libpolkit_policy_default_can_session_access_resource:
+ * @policy_default: the object
+ * @action: the type of access to check for
+ * @resource: the resource in question
+ * @session: the session in question
+ *
+ * Using the default policy for an action, determine if a given
+ * session can access a given resource in a given way.
+ *
+ * Returns: A #PolKitResult - can only be one of
+ * #LIBPOLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW,
+ * #LIBPOLKIT_RESULT_YES, #LIBPOLKIT_RESULT_NO.
+ **/
+PolKitResult
+libpolkit_policy_default_can_session_access_resource (PolKitPolicyDefault *policy_default,
+ PolKitAction *action,
+ PolKitResource *resource,
+ PolKitSession *session)
+{
+ gboolean is_local;
+ gboolean is_active;
+ PolKitResult ret;
+
+ ret = LIBPOLKIT_RESULT_NO;
+
+ g_return_val_if_fail (policy_default != NULL, ret);
+ g_return_val_if_fail (action != NULL, ret);
+ g_return_val_if_fail (resource != NULL, ret);
+ g_return_val_if_fail (session != NULL, ret);
+
+ if (!libpolkit_session_get_ck_is_local (session, &is_local))
+ goto out;
+ if (!libpolkit_session_get_ck_is_active (session, &is_active))
+ goto out;
+
+ if (is_local) {
+ if (is_active) {
+ ret = policy_default->default_local_active;
+ } else {
+ ret = policy_default->default_local_inactive;
+ }
+ } else {
+ if (is_active) {
+ ret = policy_default->default_remote_active;
+ } else {
+ ret = policy_default->default_remote_inactive;
+ }
+ }
+out:
+ return ret;
+}
+
+/**
+ * libpolkit_policy_default_can_caller_access_resource:
+ * @policy_default: the object
+ * @action: the type of access to check for
+ * @resource: the resource in question
+ * @caller: the resource in question
+ *
+ * Using the default policy for an action, determine if a given
+ * caller can access a given resource in a given way.
+ *
+ * Returns: A #PolKitResult specifying if, and how, the caller can
+ * access the resource in the given way
+ **/
+PolKitResult
+libpolkit_policy_default_can_caller_access_resource (PolKitPolicyDefault *policy_default,
+ PolKitAction *action,
+ PolKitResource *resource,
+ PolKitCaller *caller)
+{
+ gboolean is_local;
+ gboolean is_active;
+ PolKitSession *session;
+ PolKitResult ret;
+
+ ret = LIBPOLKIT_RESULT_NO;
+
+ g_return_val_if_fail (policy_default != NULL, ret);
+ g_return_val_if_fail (action != NULL, ret);
+ g_return_val_if_fail (resource != NULL, ret);
+ g_return_val_if_fail (caller != NULL, ret);
+
+ if (!libpolkit_caller_get_ck_session (caller, &session))
+ goto out;
+ if (session == NULL)
+ goto out;
+
+ if (!libpolkit_session_get_ck_is_local (session, &is_local))
+ goto out;
+ if (!libpolkit_session_get_ck_is_active (session, &is_active))
+ goto out;
+
+ if (is_local) {
+ if (is_active) {
+ ret = policy_default->default_local_active;
+ } else {
+ ret = policy_default->default_local_inactive;
+ }
+ } else {
+ if (is_active) {
+ ret = policy_default->default_remote_active;
+ } else {
+ ret = policy_default->default_remote_inactive;
+ }
+ }
+out:
+ return ret;
+}
diff --git a/libpolkit/libpolkit-policy-default.h b/libpolkit/libpolkit-policy-default.h
new file mode 100644
index 0000000..6db6c62
--- /dev/null
+++ b/libpolkit/libpolkit-policy-default.h
@@ -0,0 +1,61 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * libpolkit-policy-default.h : policy definition for the defaults
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#ifndef LIBPOLKIT_POLICY_DEFAULT_H
+#define LIBPOLKIT_POLICY_DEFAULT_H
+
+#include <stdio.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <glib.h>
+
+#include <libpolkit/libpolkit-result.h>
+#include <libpolkit/libpolkit-action.h>
+#include <libpolkit/libpolkit-resource.h>
+#include <libpolkit/libpolkit-session.h>
+#include <libpolkit/libpolkit-caller.h>
+
+struct PolKitPolicyDefault;
+typedef struct PolKitPolicyDefault PolKitPolicyDefault;
+
+PolKitPolicyDefault *libpolkit_policy_default_new (GKeyFile *key_file, const char *action, GError **error);
+PolKitPolicyDefault *libpolkit_policy_default_ref (PolKitPolicyDefault *policy_default);
+void libpolkit_policy_default_unref (PolKitPolicyDefault *policy_default);
+void libpolkit_policy_default_debug (PolKitPolicyDefault *policy_default);
+
+PolKitResult libpolkit_policy_default_can_session_access_resource (PolKitPolicyDefault *policy_default,
+ PolKitAction *action,
+ PolKitResource *resource,
+ PolKitSession *session);
+PolKitResult libpolkit_policy_default_can_caller_access_resource (PolKitPolicyDefault *policy_default,
+ PolKitAction *action,
+ PolKitResource *resource,
+ PolKitCaller *caller);
+
+/* TODO: export knobs for "default policy" */
+
+#endif /* LIBPOLKIT_POLICY_DEFAULT_H */
+
+
diff --git a/libpolkit/libpolkit-policy-file-entry.c b/libpolkit/libpolkit-policy-file-entry.c
new file mode 100644
index 0000000..5a042cb
--- /dev/null
+++ b/libpolkit/libpolkit-policy-file-entry.c
@@ -0,0 +1,178 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * libpolkit-policy-file-entry.c : entries in policy files
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <glib.h>
+#include "libpolkit-debug.h"
+#include "libpolkit-error.h"
+#include "libpolkit-result.h"
+#include "libpolkit-policy-file-entry.h"
+
+/**
+ * SECTION:libpolkit-policy-file-entry
+ * @short_description: Policy files entries.
+ *
+ * This class is used to represent a entries in policy files.
+ **/
+
+/**
+ * PolKitPolicyFileEntry:
+ *
+ * Objects of this class are used to record information about a
+ * policy.
+ **/
+struct PolKitPolicyFileEntry
+{
+ int refcount;
+ char *action;
+ PolKitPolicyDefault *defaults;
+};
+
+/**
+ * libpolkit_policy_file_entry_new:
+ * @key_file: a #GKeyFile object
+ * @action: action to look for in key_file
+ * @error: return location for error
+ *
+ * Create a new #PolKitPolicyFileEntry object. If the given
+ * @key_file object does not contain the requisite sections, a human
+ * readable explanation of why will be set in @error.
+ *
+ * Returns: the new object or #NULL if error is set
+ **/
+PolKitPolicyFileEntry *
+libpolkit_policy_file_entry_new (GKeyFile *key_file, const char *action, GError **error)
+{
+ PolKitPolicyFileEntry *pfe;
+
+ pfe = g_new0 (PolKitPolicyFileEntry, 1);
+ pfe->refcount = 1;
+ pfe->action = g_strdup (action);
+
+ pfe->defaults = libpolkit_policy_default_new (key_file, action, error);
+ if (pfe->defaults == NULL)
+ goto error;
+
+ return pfe;
+error:
+ if (pfe != NULL)
+ libpolkit_policy_file_entry_unref (pfe);
+ return NULL;
+}
+
+/**
+ * libpolkit_policy_file_entry_ref:
+ * @policy_file_entry: the policy file object
+ *
+ * Increase reference count.
+ *
+ * Returns: the object
+ **/
+PolKitPolicyFileEntry *
+libpolkit_policy_file_entry_ref (PolKitPolicyFileEntry *policy_file_entry)
+{
+ g_return_val_if_fail (policy_file_entry != NULL, policy_file_entry);
+ policy_file_entry->refcount++;
+ return policy_file_entry;
+}
+
+/**
+ * libpolkit_policy_file_entry_unref:
+ * @policy_file_entry: the policy file object
+ *
+ * Decreases the reference count of the object. If it becomes zero,
+ * the object is freed. Before freeing, reference counts on embedded
+ * objects are decresed by one.
+ **/
+void
+libpolkit_policy_file_entry_unref (PolKitPolicyFileEntry *policy_file_entry)
+{
+ g_return_if_fail (policy_file_entry != NULL);
+ policy_file_entry->refcount--;
+ if (policy_file_entry->refcount > 0)
+ return;
+ g_free (policy_file_entry->action);
+ if (policy_file_entry->defaults != NULL)
+ libpolkit_policy_default_unref (policy_file_entry->defaults);
+ g_free (policy_file_entry);
+}
+
+/**
+ * libpolkit_policy_file_entry_debug:
+ * @policy_file_entry: the entry
+ *
+ * Print debug information about object
+ **/
+void
+libpolkit_policy_file_entry_debug (PolKitPolicyFileEntry *policy_file_entry)
+{
+ g_return_if_fail (policy_file_entry != NULL);
+ _pk_debug ("PolKitPolicyFileEntry: refcount=%d action=%s",
+ policy_file_entry->refcount,
+ policy_file_entry->action);
+ libpolkit_policy_default_debug (policy_file_entry->defaults);
+}
+
+/**
+ * libpolkit_policy_file_entry_get_id:
+ * @policy_file_entry: the file entry
+ *
+ * Get the action identifier.
+ *
+ * Returns: A string - caller shall not free this string.
+ **/
+const char *
+libpolkit_policy_file_entry_get_id (PolKitPolicyFileEntry *policy_file_entry)
+{
+ g_return_val_if_fail (policy_file_entry != NULL, NULL);
+ return policy_file_entry->action;
+}
+
+/**
+ * libpolkit_policy_file_entry_get_default:
+ * @policy_file_entry: the file entry
+ *
+ * Get the the default policy for this policy.
+ *
+ * Returns: A #PolKitPolicyDefault object - caller shall not unref this object.
+ **/
+PolKitPolicyDefault *
+libpolkit_policy_file_entry_get_default (PolKitPolicyFileEntry *policy_file_entry)
+{
+ g_return_val_if_fail (policy_file_entry != NULL, NULL);
+ return policy_file_entry->defaults;
+}
diff --git a/libpolkit/libpolkit-policy-file-entry.h b/libpolkit/libpolkit-policy-file-entry.h
new file mode 100644
index 0000000..f183c06
--- /dev/null
+++ b/libpolkit/libpolkit-policy-file-entry.h
@@ -0,0 +1,51 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * libpolkit-policy-file-entry.h : entries in policy files
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#ifndef LIBPOLKIT_POLICY_FILE_ENTRY_H
+#define LIBPOLKIT_POLICY_FILE_ENTRY_H
+
+#include <stdio.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <glib.h>
+
+#include <libpolkit/libpolkit-result.h>
+#include <libpolkit/libpolkit-policy-default.h>
+
+struct PolKitPolicyFileEntry;
+typedef struct PolKitPolicyFileEntry PolKitPolicyFileEntry;
+
+PolKitPolicyFileEntry *libpolkit_policy_file_entry_new (GKeyFile *key_file, const char *action, GError **error);
+PolKitPolicyFileEntry *libpolkit_policy_file_entry_ref (PolKitPolicyFileEntry *policy_file_entry);
+void libpolkit_policy_file_entry_unref (PolKitPolicyFileEntry *policy_file_entry);
+void libpolkit_policy_file_entry_debug (PolKitPolicyFileEntry *policy_file_entry);
+
+const char *libpolkit_policy_file_entry_get_id (PolKitPolicyFileEntry *policy_file_entry);
+PolKitPolicyDefault *libpolkit_policy_file_entry_get_default (PolKitPolicyFileEntry *policy_file_entry);
+
+
+#endif /* LIBPOLKIT_POLICY_FILE_ENTRY_H */
+
+
diff --git a/libpolkit/libpolkit-policy-file.c b/libpolkit/libpolkit-policy-file.c
new file mode 100644
index 0000000..b739166
--- /dev/null
+++ b/libpolkit/libpolkit-policy-file.c
@@ -0,0 +1,200 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * libpolkit-policy-file.c : policy files
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <glib.h>
+#include "libpolkit-error.h"
+#include "libpolkit-result.h"
+#include "libpolkit-policy-file.h"
+
+/**
+ * SECTION:libpolkit-policy-file
+ * @short_description: Policys files.
+ *
+ * This class is used to represent a policy files.
+ **/
+
+/**
+ * PolKitPolicyFile:
+ *
+ * Objects of this class are used to record information about a
+ * policy file.
+ **/
+struct PolKitPolicyFile
+{
+ int refcount;
+ GSList *entries;
+};
+
+/**
+ * libpolkit_policy_file_new:
+ * @path: path to policy file
+ * @error: return location for error
+ *
+ * Create a new #PolKitPolicyFile object. If the file does not
+ * validate, a human readable explanation of why will be set in
+ * @error.
+ *
+ * Returns: the new object or #NULL if error is set
+ **/
+PolKitPolicyFile *
+libpolkit_policy_file_new (const char *path, GError **error)
+{
+ GKeyFile *key_file;
+ PolKitPolicyFile *pf;
+ char **groups;
+ gsize groups_len;
+ int n;
+
+ pf = NULL;
+ key_file = NULL;
+ groups = NULL;
+
+ if (!g_str_has_suffix (path, ".policy")) {
+ g_set_error (error,
+ POLKIT_ERROR,
+ POLKIT_ERROR_POLICY_FILE_INVALID,
+ "Policy files must have extension .policy");
+ goto error;
+ }
+
+ key_file = g_key_file_new ();
+ if (!g_key_file_load_from_file (key_file, path, G_KEY_FILE_NONE, error))
+ goto error;
+
+ pf = g_new0 (PolKitPolicyFile, 1);
+ pf->refcount = 1;
+
+ groups = g_key_file_get_groups(key_file, &groups_len);
+ if (groups == NULL)
+ goto error;
+
+ for (n = 0; groups[n] != NULL; n++) {
+ const char *action;
+ PolKitPolicyFileEntry *pfe;
+
+ if (!g_str_has_prefix (groups[n], "Action ")) {
+ g_set_error (error,
+ POLKIT_ERROR,
+ POLKIT_ERROR_POLICY_FILE_INVALID,
+ "Unknown group of name '%s'", groups[n]);
+ goto error;
+ }
+
+ action = groups[n] + 7; /* "Action " */
+ if (strlen (action) == 0) {
+ g_set_error (error,
+ POLKIT_ERROR,
+ POLKIT_ERROR_POLICY_FILE_INVALID,
+ "Zero-length action name");
+ goto error;
+ }
+
+ pfe = libpolkit_policy_file_entry_new (key_file, action, error);
+ if (pfe == NULL)
+ goto error;
+ pf->entries = g_slist_prepend (pf->entries, pfe);
+ }
+
+ g_strfreev (groups);
+ g_key_file_free (key_file);
+ return pf;
+error:
+ if (groups != NULL)
+ g_strfreev (groups);
+ if (key_file != NULL)
+ g_key_file_free (key_file);
+ if (pf != NULL)
+ libpolkit_policy_file_unref (pf);
+ return NULL;
+}
+
+/**
+ * libpolkit_policy_file_ref:
+ * @policy_file: the policy file object
+ *
+ * Increase reference count.
+ *
+ * Returns: the object
+ **/
+PolKitPolicyFile *
+libpolkit_policy_file_ref (PolKitPolicyFile *policy_file)
+{
+ g_return_val_if_fail (policy_file != NULL, policy_file);
+ policy_file->refcount++;
+ return policy_file;
+}
+
+/**
+ * libpolkit_policy_file_unref:
+ * @policy_file: the policy file object
+ *
+ * Decreases the reference count of the object. If it becomes zero,
+ * the object is freed. Before freeing, reference counts on embedded
+ * objects are decresed by one.
+ **/
+void
+libpolkit_policy_file_unref (PolKitPolicyFile *policy_file)
+{
+ GSList *i;
+ g_return_if_fail (policy_file != NULL);
+ policy_file->refcount--;
+ if (policy_file->refcount > 0)
+ return;
+ for (i = policy_file->entries; i != NULL; i = g_slist_next (i)) {
+ libpolkit_policy_file_entry_unref (i->data);
+ }
+ if (policy_file->entries != NULL)
+ g_slist_free (policy_file->entries);
+ g_free (policy_file);
+}
+
+/**
+ * libpolkit_policy_file_get_entries:
+ * @policy_file: the policy file object
+ *
+ * Get the entries stemming from the given file.
+ *
+ * Returns: A #GSList of the entries.
+ **/
+GSList *
+libpolkit_policy_file_get_entries (PolKitPolicyFile *policy_file)
+{
+ g_return_val_if_fail (policy_file != NULL, NULL);
+ return policy_file->entries;
+}
+
diff --git a/libpolkit/libpolkit-policy-file.h b/libpolkit/libpolkit-policy-file.h
new file mode 100644
index 0000000..b77db76
--- /dev/null
+++ b/libpolkit/libpolkit-policy-file.h
@@ -0,0 +1,46 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * libpolkit-policy-file.h : policy files
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#ifndef LIBPOLKIT_POLICY_FILE_H
+#define LIBPOLKIT_POLICY_FILE_H
+
+#include <stdio.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <glib.h>
+
+#include <libpolkit/libpolkit-policy-file-entry.h>
+
+struct PolKitPolicyFile;
+typedef struct PolKitPolicyFile PolKitPolicyFile;
+
+PolKitPolicyFile *libpolkit_policy_file_new (const char *path, GError **error);
+PolKitPolicyFile *libpolkit_policy_file_ref (PolKitPolicyFile *policy_file);
+GSList *libpolkit_policy_file_get_entries (PolKitPolicyFile *policy_file);
+void libpolkit_policy_file_unref (PolKitPolicyFile *policy_file);
+
+#endif /* LIBPOLKIT_POLICY_FILE_H */
+
+
diff --git a/libpolkit/libpolkit-privilege-cache.c b/libpolkit/libpolkit-privilege-cache.c
deleted file mode 100644
index d9ae81d..0000000
--- a/libpolkit/libpolkit-privilege-cache.c
+++ /dev/null
@@ -1,247 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-privilege-cache.c : privilege cache
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <glib.h>
-#include "libpolkit-debug.h"
-#include "libpolkit-privilege-file.h"
-#include "libpolkit-privilege-cache.h"
-
-/**
- * SECTION:libpolkit-privilege-cache
- * @short_description: System privilege queries.
- *
- * This class is used to query all system-defined privileges,
- * e.g. privilege files installed in /etc/PolicyKit/privileges.
- **/
-
-/**
- * PolKitPrivilegeCache:
- *
- * Instances of this class is used to query all system-defined
- * privileges, e.g. privilege files installed in
- * /etc/PolicyKit/privileges.
- **/
-struct PolKitPrivilegeCache
-{
- int refcount;
-
- GSList *priv_entries;
-};
-
-
-static void
-add_entries_from_file (PolKitPrivilegeCache *privilege_cache,
- PolKitPrivilegeFile *privilege_file)
-{
- GSList *i;
-
- g_return_if_fail (privilege_cache != NULL);
- g_return_if_fail (privilege_file != NULL);
-
- for (i = libpolkit_privilege_file_get_entries (privilege_file); i != NULL; i = g_slist_next (i)) {
- PolKitPrivilegeFileEntry *privilege_file_entry = i->data;
- libpolkit_privilege_file_entry_ref (privilege_file_entry);
- privilege_cache->priv_entries = g_slist_append (privilege_cache->priv_entries,
- privilege_file_entry);
- }
-}
-
-/**
- * libpolkit_privilege_cache_new:
- * @dirname: directory containing privilege files
- * @error: location to return error
- *
- * Create a new #PolKitPrivilegeCache object and load information from privilege files.
- *
- * Returns: #NULL if @error was set, otherwise the #PolKitPrivilegeCache object
- **/
-PolKitPrivilegeCache *
-libpolkit_privilege_cache_new (const char *dirname, GError **error)
-{
- const char *file;
- GDir *dir;
- PolKitPrivilegeCache *pc;
-
- pc = g_new0 (PolKitPrivilegeCache, 1);
- pc->refcount = 1;
-
- dir = g_dir_open (dirname, 0, error);
- if (dir == NULL) {
- goto out;
- }
- while ((file = g_dir_read_name (dir)) != NULL) {
- char *path;
- PolKitPrivilegeFile *pf;
-
- if (!g_str_has_suffix (file, ".priv"))
- continue;
-
- if (g_str_has_prefix (file, "."))
- continue;
-
- path = g_strdup_printf ("%s/%s", dirname, file);
-
- _pk_debug ("Loading %s", path);
- pf = libpolkit_privilege_file_new (path, error);
- g_free (path);
-
- if (pf == NULL) {
- goto out;
- }
-
- add_entries_from_file (pc, pf);
- libpolkit_privilege_file_unref (pf);
- }
- g_dir_close (dir);
-
- return pc;
-out:
- if (pc != NULL)
- libpolkit_privilege_cache_ref (pc);
- return NULL;
-}
-
-/**
- * libpolkit_privilege_cache_ref:
- * @privilege_cache: the privilege cache object
- *
- * Increase reference count.
- *
- * Returns: the object
- **/
-PolKitPrivilegeCache *
-libpolkit_privilege_cache_ref (PolKitPrivilegeCache *privilege_cache)
-{
- g_return_val_if_fail (privilege_cache != NULL, privilege_cache);
- privilege_cache->refcount++;
- return privilege_cache;
-}
-
-/**
- * libpolkit_privilege_cache_unref:
- * @privilege_cache: the privilege cache object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-libpolkit_privilege_cache_unref (PolKitPrivilegeCache *privilege_cache)
-{
- GSList *i;
-
- g_return_if_fail (privilege_cache != NULL);
- privilege_cache->refcount--;
- if (privilege_cache->refcount > 0)
- return;
-
- for (i = privilege_cache->priv_entries; i != NULL; i = g_slist_next (i)) {
- PolKitPrivilegeFileEntry *pfe = i->data;
- libpolkit_privilege_file_entry_unref (pfe);
- }
- if (privilege_cache->priv_entries != NULL)
- g_slist_free (privilege_cache->priv_entries);
-
- g_free (privilege_cache);
-}
-
-/**
- * libpolkit_privilege_cache_debug:
- * @privilege_cache: the cache
- *
- * Print debug information about object
- **/
-void
-libpolkit_privilege_cache_debug (PolKitPrivilegeCache *privilege_cache)
-{
- GSList *i;
- g_return_if_fail (privilege_cache != NULL);
-
- _pk_debug ("PolKitPrivilegeCache: refcount=%d num_entries=%d ...",
- privilege_cache->refcount,
- privilege_cache->priv_entries == NULL ? 0 : g_slist_length (privilege_cache->priv_entries));
-
- for (i = privilege_cache->priv_entries; i != NULL; i = g_slist_next (i)) {
- PolKitPrivilegeFileEntry *pfe = i->data;
- libpolkit_privilege_file_entry_debug (pfe);
- }
-}
-
-/**
- * libpolkit_privilege_cache_get_entry:
- * @privilege_cache: the cache
- * @privilege: the privilege
- *
- * Given a privilege, find the object describing the definition of the
- * privilege; e.g. data stemming from files in
- * /etc/PolicyKit/privileges.
- *
- * Returns: A #PolKitPrivilegeFileEntry entry on sucess; otherwise
- * #NULL if the privilege wasn't identified. Caller shall not unref
- * this object.
- **/
-PolKitPrivilegeFileEntry*
-libpolkit_privilege_cache_get_entry (PolKitPrivilegeCache *privilege_cache,
- PolKitPrivilege *privilege)
-{
- char *priv_id;
- GSList *i;
- PolKitPrivilegeFileEntry *pfe;
-
- pfe = NULL;
-
- /* I'm sure it would be easy to make this O(1)... */
-
- g_return_val_if_fail (privilege_cache != NULL, NULL);
- g_return_val_if_fail (privilege != NULL, NULL);
-
- if (!libpolkit_privilege_get_privilege_id (privilege, &priv_id))
- goto out;
-
- for (i = privilege_cache->priv_entries; i != NULL; i = g_slist_next (i)) {
- pfe = i->data;
- if (strcmp (libpolkit_privilege_file_entry_get_id (pfe), priv_id) == 0) {
- goto out;
- }
- }
-
- pfe = NULL;
-
-out:
- return pfe;
-}
diff --git a/libpolkit/libpolkit-privilege-cache.h b/libpolkit/libpolkit-privilege-cache.h
deleted file mode 100644
index 0b3932b..0000000
--- a/libpolkit/libpolkit-privilege-cache.h
+++ /dev/null
@@ -1,50 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-privilege-cache.h : privilege cache
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#ifndef LIBPOLKIT_PRIVILEGE_CACHE_H
-#define LIBPOLKIT_PRIVILEGE_CACHE_H
-
-#include <stdio.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <glib.h>
-
-#include <libpolkit/libpolkit-privilege.h>
-#include <libpolkit/libpolkit-privilege-file-entry.h>
-
-struct PolKitPrivilegeCache;
-typedef struct PolKitPrivilegeCache PolKitPrivilegeCache;
-
-PolKitPrivilegeCache *libpolkit_privilege_cache_new (const char *dirname, GError **error);
-PolKitPrivilegeCache *libpolkit_privilege_cache_ref (PolKitPrivilegeCache *privilege_cache);
-void libpolkit_privilege_cache_unref (PolKitPrivilegeCache *privilege_cache);
-void libpolkit_privilege_cache_debug (PolKitPrivilegeCache *privilege_cache);
-
-PolKitPrivilegeFileEntry* libpolkit_privilege_cache_get_entry (PolKitPrivilegeCache *privilege_cache,
- PolKitPrivilege *privilege);
-
-#endif /* LIBPOLKIT_PRIVILEGE_CACHE_H */
-
-
diff --git a/libpolkit/libpolkit-privilege-default.c b/libpolkit/libpolkit-privilege-default.c
deleted file mode 100644
index 018786c..0000000
--- a/libpolkit/libpolkit-privilege-default.c
+++ /dev/null
@@ -1,325 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-privilege-default.c : privilege definition for the defaults
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <glib.h>
-#include "libpolkit-debug.h"
-#include "libpolkit-error.h"
-#include "libpolkit-privilege-default.h"
-
-/**
- * SECTION:libpolkit-privilege-default
- * @short_description: Defaults for privileges.
- *
- * This class records the default policy of a privilege as defined by
- * the, privilege files installed in /etc/PolicyKit/privileges.
- *
- **/
-
-/**
- * PolKitPrivilegeDefault:
- *
- * Objects of this class are used to record information about a
- * default policy for privilege.
- **/
-struct PolKitPrivilegeDefault
-{
- int refcount;
- PolKitResult default_remote_inactive;
- PolKitResult default_remote_active;
- PolKitResult default_local_inactive;
- PolKitResult default_local_active;
-};
-
-static gboolean
-parse_default (const char *key, char *s, const char *group, PolKitResult* target, GError **error)
-{
- gboolean ret;
-
- ret = libpolkit_result_from_string_representation (s, target);
- if (!ret) {
- int n;
- char *s2;
- GString *str;
-
- str = g_string_new (NULL);
- for (n = 0; n < LIBPOLKIT_RESULT_N_RESULTS; n++) {
- if (n == LIBPOLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW)
- continue;
-
- if (str->len > 0) {
- g_string_append (str, ", ");
- }
- g_string_append (str, libpolkit_result_to_string_representation (n));
- }
- s2 = g_string_free (str, FALSE);
-
- g_set_error (error,
- POLKIT_ERROR,
- POLKIT_ERROR_PRIVILEGE_FILE_INVALID,
- "Value '%s' is not allowed for key '%s' in group '%s' - supported values are: %s",
- s,
- key,
- group,
- s2);
- g_free (s2);
- }
-
- g_free (s);
- return ret;
-}
-
-/**
- * libpolkit_privilege_default_new:
- * @key_file: a #GKeyFile object
- * @privilege: privilege to look up defaults for in key_file
- * @error: return location for error
- *
- * Create a new #PolKitPrivilegeDefault object.
- *
- * Returns: the new object or #NULL if error is set
- **/
-PolKitPrivilegeDefault *
-libpolkit_privilege_default_new (GKeyFile *key_file, const char *privilege, GError **error)
-{
- const char *key;
- const char *group;
- char *s;
- char buf[256];
- PolKitPrivilegeDefault *pd;
-
- pd = g_new0 (PolKitPrivilegeDefault, 1);
- pd->refcount = 1;
-
- g_snprintf (buf, sizeof (buf), "Privilege %s", privilege);
- group = buf;
-
- key = "AllowRemoteInactive";
- if ((s = g_key_file_get_string (key_file, group, key, error)) == NULL)
- goto error;
- if (!parse_default (key, s, group, &pd->default_remote_inactive, error))
- goto error;
- key = "AllowRemoteActive";
- if ((s = g_key_file_get_string (key_file, group, key, error)) == NULL)
- goto error;
- if (!parse_default (key, s, group, &pd->default_remote_active, error))
- goto error;
- key = "AllowLocalInactive";
- if ((s = g_key_file_get_string (key_file, group, key, error)) == NULL)
- goto error;
- if (!parse_default (key, s, group, &pd->default_local_inactive, error))
- goto error;
- key = "AllowLocalActive";
- if ((s = g_key_file_get_string (key_file, group, key, error)) == NULL)
- goto error;
- if (!parse_default (key, s, group, &pd->default_local_active, error))
- goto error;
-
- return pd;
-error:
- if (pd != NULL)
- libpolkit_privilege_default_ref (pd);
- return NULL;
-}
-
-/**
- * libpolkit_privilege_default_ref:
- * @privilege_default: the privilege object
- *
- * Increase reference count.
- *
- * Returns: the object
- **/
-PolKitPrivilegeDefault *
-libpolkit_privilege_default_ref (PolKitPrivilegeDefault *privilege_default)
-{
- g_return_val_if_fail (privilege_default != NULL, privilege_default);
- privilege_default->refcount++;
- return privilege_default;
-}
-
-/**
- * libpolkit_privilege_default_unref:
- * @privilege_default: the object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-libpolkit_privilege_default_unref (PolKitPrivilegeDefault *privilege_default)
-{
- g_return_if_fail (privilege_default != NULL);
- privilege_default->refcount--;
- if (privilege_default->refcount > 0)
- return;
- g_free (privilege_default);
-}
-
-/**
- * libpolkit_privilege_default_debug:
- * @privilege_default: the object
- *
- * Print debug details
- **/
-void
-libpolkit_privilege_default_debug (PolKitPrivilegeDefault *privilege_default)
-{
- g_return_if_fail (privilege_default != NULL);
- _pk_debug ("PolKitPrivilegeDefault: refcount=%d\n"
- " default_remote_inactive=%s\n"
- " default_remote_active=%s\n"
- " default_local_inactive=%s\n"
- " default_local_active=%s",
- privilege_default->refcount,
- libpolkit_result_to_string_representation (privilege_default->default_remote_inactive),
- libpolkit_result_to_string_representation (privilege_default->default_remote_active),
- libpolkit_result_to_string_representation (privilege_default->default_local_inactive),
- libpolkit_result_to_string_representation (privilege_default->default_local_active));
-}
-
-
-/**
- * libpolkit_privilege_default_can_session_access_resource:
- * @privilege_default: the object
- * @privilege: the type of access to check for
- * @resource: the resource in question
- * @session: the session in question
- *
- * Using the default policy for a privilege, determine if a given
- * session can access a given resource in a given way.
- *
- * Returns: A #PolKitResult - can only be one of
- * #LIBPOLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW,
- * #LIBPOLKIT_RESULT_YES, #LIBPOLKIT_RESULT_NO.
- **/
-PolKitResult
-libpolkit_privilege_default_can_session_access_resource (PolKitPrivilegeDefault *privilege_default,
- PolKitPrivilege *privilege,
- PolKitResource *resource,
- PolKitSession *session)
-{
- gboolean is_local;
- gboolean is_active;
- PolKitResult ret;
-
- ret = LIBPOLKIT_RESULT_NO;
-
- g_return_val_if_fail (privilege_default != NULL, ret);
- g_return_val_if_fail (privilege != NULL, ret);
- g_return_val_if_fail (resource != NULL, ret);
- g_return_val_if_fail (session != NULL, ret);
-
- if (!libpolkit_session_get_ck_is_local (session, &is_local))
- goto out;
- if (!libpolkit_session_get_ck_is_active (session, &is_active))
- goto out;
-
- if (is_local) {
- if (is_active) {
- ret = privilege_default->default_local_active;
- } else {
- ret = privilege_default->default_local_inactive;
- }
- } else {
- if (is_active) {
- ret = privilege_default->default_remote_active;
- } else {
- ret = privilege_default->default_remote_inactive;
- }
- }
-out:
- return ret;
-}
-
-/**
- * libpolkit_privilege_default_can_caller_access_resource:
- * @privilege_default: the object
- * @privilege: the type of access to check for
- * @resource: the resource in question
- * @caller: the resource in question
- *
- * Using the default policy for a privilege, determine if a given
- * caller can access a given resource in a given way.
- *
- * Returns: A #PolKitResult specifying if, and how, the caller can
- * access the resource in the given way
- **/
-PolKitResult
-libpolkit_privilege_default_can_caller_access_resource (PolKitPrivilegeDefault *privilege_default,
- PolKitPrivilege *privilege,
- PolKitResource *resource,
- PolKitCaller *caller)
-{
- gboolean is_local;
- gboolean is_active;
- PolKitSession *session;
- PolKitResult ret;
-
- ret = LIBPOLKIT_RESULT_NO;
-
- g_return_val_if_fail (privilege_default != NULL, ret);
- g_return_val_if_fail (privilege != NULL, ret);
- g_return_val_if_fail (resource != NULL, ret);
- g_return_val_if_fail (caller != NULL, ret);
-
- if (!libpolkit_caller_get_ck_session (caller, &session))
- goto out;
- if (session == NULL)
- goto out;
-
- if (!libpolkit_session_get_ck_is_local (session, &is_local))
- goto out;
- if (!libpolkit_session_get_ck_is_active (session, &is_active))
- goto out;
-
- if (is_local) {
- if (is_active) {
- ret = privilege_default->default_local_active;
- } else {
- ret = privilege_default->default_local_inactive;
- }
- } else {
- if (is_active) {
- ret = privilege_default->default_remote_active;
- } else {
- ret = privilege_default->default_remote_inactive;
- }
- }
-out:
- return ret;
-}
diff --git a/libpolkit/libpolkit-privilege-default.h b/libpolkit/libpolkit-privilege-default.h
deleted file mode 100644
index ac84a8a..0000000
--- a/libpolkit/libpolkit-privilege-default.h
+++ /dev/null
@@ -1,61 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-privilege-default.h : privilege definition for the defaults
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#ifndef LIBPOLKIT_PRIVILEGE_DEFAULT_H
-#define LIBPOLKIT_PRIVILEGE_DEFAULT_H
-
-#include <stdio.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <glib.h>
-
-#include <libpolkit/libpolkit-result.h>
-#include <libpolkit/libpolkit-privilege.h>
-#include <libpolkit/libpolkit-resource.h>
-#include <libpolkit/libpolkit-session.h>
-#include <libpolkit/libpolkit-caller.h>
-
-struct PolKitPrivilegeDefault;
-typedef struct PolKitPrivilegeDefault PolKitPrivilegeDefault;
-
-PolKitPrivilegeDefault *libpolkit_privilege_default_new (GKeyFile *key_file, const char *privilege, GError **error);
-PolKitPrivilegeDefault *libpolkit_privilege_default_ref (PolKitPrivilegeDefault *privilege_default);
-void libpolkit_privilege_default_unref (PolKitPrivilegeDefault *privilege_default);
-void libpolkit_privilege_default_debug (PolKitPrivilegeDefault *privilege_default);
-
-PolKitResult libpolkit_privilege_default_can_session_access_resource (PolKitPrivilegeDefault *privilege_default,
- PolKitPrivilege *privilege,
- PolKitResource *resource,
- PolKitSession *session);
-PolKitResult libpolkit_privilege_default_can_caller_access_resource (PolKitPrivilegeDefault *privilege_default,
- PolKitPrivilege *privilege,
- PolKitResource *resource,
- PolKitCaller *caller);
-
-/* TODO: export knobs for "default policy" */
-
-#endif /* LIBPOLKIT_PRIVILEGE_DEFAULT_H */
-
-
diff --git a/libpolkit/libpolkit-privilege-file-entry.c b/libpolkit/libpolkit-privilege-file-entry.c
deleted file mode 100644
index 22052a8..0000000
--- a/libpolkit/libpolkit-privilege-file-entry.c
+++ /dev/null
@@ -1,178 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-privilege-file-entry.c : entries in privilege files
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <glib.h>
-#include "libpolkit-debug.h"
-#include "libpolkit-error.h"
-#include "libpolkit-result.h"
-#include "libpolkit-privilege-file-entry.h"
-
-/**
- * SECTION:libpolkit-privilege-file-entry
- * @short_description: Privileges files.
- *
- * This class is used to represent a entries in privilege files.
- **/
-
-/**
- * PolKitPrivilegeFileEntry:
- *
- * Objects of this class are used to record information about a
- * privilege.
- **/
-struct PolKitPrivilegeFileEntry
-{
- int refcount;
- char *privilege;
- PolKitPrivilegeDefault *defaults;
-};
-
-/**
- * libpolkit_privilege_file_entry_new:
- * @key_file: a #GKeyFile object
- * @privilege: privilege to look for in key_file
- * @error: return location for error
- *
- * Create a new #PolKitPrivilegeFileEntry object. If the given
- * @key_file object does not contain the requisite sections, a human
- * readable explanation of why will be set in @error.
- *
- * Returns: the new object or #NULL if error is set
- **/
-PolKitPrivilegeFileEntry *
-libpolkit_privilege_file_entry_new (GKeyFile *key_file, const char *privilege, GError **error)
-{
- PolKitPrivilegeFileEntry *pfe;
-
- pfe = g_new0 (PolKitPrivilegeFileEntry, 1);
- pfe->refcount = 1;
- pfe->privilege = g_strdup (privilege);
-
- pfe->defaults = libpolkit_privilege_default_new (key_file, privilege, error);
- if (pfe->defaults == NULL)
- goto error;
-
- return pfe;
-error:
- if (pfe != NULL)
- libpolkit_privilege_file_entry_unref (pfe);
- return NULL;
-}
-
-/**
- * libpolkit_privilege_file_entry_ref:
- * @privilege_file_entry: the privilege file object
- *
- * Increase reference count.
- *
- * Returns: the object
- **/
-PolKitPrivilegeFileEntry *
-libpolkit_privilege_file_entry_ref (PolKitPrivilegeFileEntry *privilege_file_entry)
-{
- g_return_val_if_fail (privilege_file_entry != NULL, privilege_file_entry);
- privilege_file_entry->refcount++;
- return privilege_file_entry;
-}
-
-/**
- * libpolkit_privilege_file_entry_unref:
- * @privilege_file_entry: the privilege file object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-libpolkit_privilege_file_entry_unref (PolKitPrivilegeFileEntry *privilege_file_entry)
-{
- g_return_if_fail (privilege_file_entry != NULL);
- privilege_file_entry->refcount--;
- if (privilege_file_entry->refcount > 0)
- return;
- g_free (privilege_file_entry->privilege);
- if (privilege_file_entry->defaults != NULL)
- libpolkit_privilege_default_unref (privilege_file_entry->defaults);
- g_free (privilege_file_entry);
-}
-
-/**
- * libpolkit_privilege_file_entry_debug:
- * @privilege_file_entry: the entry
- *
- * Print debug information about object
- **/
-void
-libpolkit_privilege_file_entry_debug (PolKitPrivilegeFileEntry *privilege_file_entry)
-{
- g_return_if_fail (privilege_file_entry != NULL);
- _pk_debug ("PolKitPrivilegeFileEntry: refcount=%d privilege=%s",
- privilege_file_entry->refcount,
- privilege_file_entry->privilege);
- libpolkit_privilege_default_debug (privilege_file_entry->defaults);
-}
-
-/**
- * libpolkit_privilege_file_entry_get_id:
- * @privilege_file_entry: the file entry
- *
- * Get the privilege identifier.
- *
- * Returns: A string - caller shall not free this string.
- **/
-const char *
-libpolkit_privilege_file_entry_get_id (PolKitPrivilegeFileEntry *privilege_file_entry)
-{
- g_return_val_if_fail (privilege_file_entry != NULL, NULL);
- return privilege_file_entry->privilege;
-}
-
-/**
- * libpolkit_privilege_file_entry_get_default:
- * @privilege_file_entry: the file entry
- *
- * Get the the default policy for this privilege.
- *
- * Returns: A #PolKitPrivilegeDefault object - caller shall not unref this object.
- **/
-PolKitPrivilegeDefault *
-libpolkit_privilege_file_entry_get_default (PolKitPrivilegeFileEntry *privilege_file_entry)
-{
- g_return_val_if_fail (privilege_file_entry != NULL, NULL);
- return privilege_file_entry->defaults;
-}
diff --git a/libpolkit/libpolkit-privilege-file-entry.h b/libpolkit/libpolkit-privilege-file-entry.h
deleted file mode 100644
index 0d2b32c..0000000
--- a/libpolkit/libpolkit-privilege-file-entry.h
+++ /dev/null
@@ -1,51 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-privilege-file-entry.h : entries in privilege files
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#ifndef LIBPOLKIT_PRIVILEGE_FILE_ENTRY_H
-#define LIBPOLKIT_PRIVILEGE_FILE_ENTRY_H
-
-#include <stdio.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <glib.h>
-
-#include <libpolkit/libpolkit-result.h>
-#include <libpolkit/libpolkit-privilege-default.h>
-
-struct PolKitPrivilegeFileEntry;
-typedef struct PolKitPrivilegeFileEntry PolKitPrivilegeFileEntry;
-
-PolKitPrivilegeFileEntry *libpolkit_privilege_file_entry_new (GKeyFile *key_file, const char *privilege, GError **error);
-PolKitPrivilegeFileEntry *libpolkit_privilege_file_entry_ref (PolKitPrivilegeFileEntry *privilege_file_entry);
-void libpolkit_privilege_file_entry_unref (PolKitPrivilegeFileEntry *privilege_file_entry);
-void libpolkit_privilege_file_entry_debug (PolKitPrivilegeFileEntry *privilege_file_entry);
-
-const char *libpolkit_privilege_file_entry_get_id (PolKitPrivilegeFileEntry *privilege_file_entry);
-PolKitPrivilegeDefault *libpolkit_privilege_file_entry_get_default (PolKitPrivilegeFileEntry *privilege_file_entry);
-
-
-#endif /* LIBPOLKIT_PRIVILEGE_FILE_ENTRY_H */
-
-
diff --git a/libpolkit/libpolkit-privilege-file.c b/libpolkit/libpolkit-privilege-file.c
deleted file mode 100644
index ae119b8..0000000
--- a/libpolkit/libpolkit-privilege-file.c
+++ /dev/null
@@ -1,200 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-privilege-file.c : privilege files
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <glib.h>
-#include "libpolkit-error.h"
-#include "libpolkit-result.h"
-#include "libpolkit-privilege-file.h"
-
-/**
- * SECTION:libpolkit-privilege-file
- * @short_description: Privileges files.
- *
- * This class is used to represent a privilege files.
- **/
-
-/**
- * PolKitPrivilegeFile:
- *
- * Objects of this class are used to record information about a
- * privilege.
- **/
-struct PolKitPrivilegeFile
-{
- int refcount;
- GSList *entries;
-};
-
-/**
- * libpolkit_privilege_file_new:
- * @path: path to privilege file
- * @error: return location for error
- *
- * Create a new #PolKitPrivilegeFile object. If the file does not
- * validate, a human readable explanation of why will be set in
- * @error.
- *
- * Returns: the new object or #NULL if error is set
- **/
-PolKitPrivilegeFile *
-libpolkit_privilege_file_new (const char *path, GError **error)
-{
- GKeyFile *key_file;
- PolKitPrivilegeFile *pf;
- char **groups;
- gsize groups_len;
- int n;
-
- pf = NULL;
- key_file = NULL;
- groups = NULL;
-
- if (!g_str_has_suffix (path, ".priv")) {
- g_set_error (error,
- POLKIT_ERROR,
- POLKIT_ERROR_PRIVILEGE_FILE_INVALID,
- "Privilege files must have extension .priv");
- goto error;
- }
-
- key_file = g_key_file_new ();
- if (!g_key_file_load_from_file (key_file, path, G_KEY_FILE_NONE, error))
- goto error;
-
- pf = g_new0 (PolKitPrivilegeFile, 1);
- pf->refcount = 1;
-
- groups = g_key_file_get_groups(key_file, &groups_len);
- if (groups == NULL)
- goto error;
-
- for (n = 0; groups[n] != NULL; n++) {
- const char *privilege;
- PolKitPrivilegeFileEntry *pfe;
-
- if (!g_str_has_prefix (groups[n], "Privilege ")) {
- g_set_error (error,
- POLKIT_ERROR,
- POLKIT_ERROR_PRIVILEGE_FILE_INVALID,
- "Unknown group of name '%s'", groups[n]);
- goto error;
- }
-
- privilege = groups[n] + 10; /* strlen ("Privilege ") */
- if (strlen (privilege) == 0) {
- g_set_error (error,
- POLKIT_ERROR,
- POLKIT_ERROR_PRIVILEGE_FILE_INVALID,
- "Zero-length privilege name");
- goto error;
- }
-
- pfe = libpolkit_privilege_file_entry_new (key_file, privilege, error);
- if (pfe == NULL)
- goto error;
- pf->entries = g_slist_prepend (pf->entries, pfe);
- }
-
- g_strfreev (groups);
- g_key_file_free (key_file);
- return pf;
-error:
- if (groups != NULL)
- g_strfreev (groups);
- if (key_file != NULL)
- g_key_file_free (key_file);
- if (pf != NULL)
- libpolkit_privilege_file_unref (pf);
- return NULL;
-}
-
-/**
- * libpolkit_privilege_file_ref:
- * @privilege_file: the privilege file object
- *
- * Increase reference count.
- *
- * Returns: the object
- **/
-PolKitPrivilegeFile *
-libpolkit_privilege_file_ref (PolKitPrivilegeFile *privilege_file)
-{
- g_return_val_if_fail (privilege_file != NULL, privilege_file);
- privilege_file->refcount++;
- return privilege_file;
-}
-
-/**
- * libpolkit_privilege_file_unref:
- * @privilege_file: the privilege file object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-libpolkit_privilege_file_unref (PolKitPrivilegeFile *privilege_file)
-{
- GSList *i;
- g_return_if_fail (privilege_file != NULL);
- privilege_file->refcount--;
- if (privilege_file->refcount > 0)
- return;
- for (i = privilege_file->entries; i != NULL; i = g_slist_next (i)) {
- libpolkit_privilege_file_entry_unref (i->data);
- }
- if (privilege_file->entries != NULL)
- g_slist_free (privilege_file->entries);
- g_free (privilege_file);
-}
-
-/**
- * libpolkit_privilege_file_get_entries:
- * @privilege_file: the privilege file object
- *
- * Get the entries stemming from the given file.
- *
- * Returns: A #GSList of the entries.
- **/
-GSList *
-libpolkit_privilege_file_get_entries (PolKitPrivilegeFile *privilege_file)
-{
- g_return_val_if_fail (privilege_file != NULL, NULL);
- return privilege_file->entries;
-}
-
diff --git a/libpolkit/libpolkit-privilege-file.h b/libpolkit/libpolkit-privilege-file.h
deleted file mode 100644
index 8b4b3fa..0000000
--- a/libpolkit/libpolkit-privilege-file.h
+++ /dev/null
@@ -1,46 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-privilege-file.h : privilege files
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#ifndef LIBPOLKIT_PRIVILEGE_FILE_H
-#define LIBPOLKIT_PRIVILEGE_FILE_H
-
-#include <stdio.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <glib.h>
-
-#include <libpolkit/libpolkit-privilege-file-entry.h>
-
-struct PolKitPrivilegeFile;
-typedef struct PolKitPrivilegeFile PolKitPrivilegeFile;
-
-PolKitPrivilegeFile *libpolkit_privilege_file_new (const char *path, GError **error);
-PolKitPrivilegeFile *libpolkit_privilege_file_ref (PolKitPrivilegeFile *privilege_file);
-GSList *libpolkit_privilege_file_get_entries (PolKitPrivilegeFile *privilege_file);
-void libpolkit_privilege_file_unref (PolKitPrivilegeFile *privilege_file);
-
-#endif /* LIBPOLKIT_PRIVILEGE_FILE_H */
-
-
diff --git a/libpolkit/libpolkit-privilege.c b/libpolkit/libpolkit-privilege.c
deleted file mode 100644
index 56c257e..0000000
--- a/libpolkit/libpolkit-privilege.c
+++ /dev/null
@@ -1,160 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-privilege.c : privilege
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <glib.h>
-#include "libpolkit-debug.h"
-#include "libpolkit-privilege.h"
-
-/**
- * SECTION:libpolkit-privilege
- * @short_description: Privileges.
- *
- * This class is used to represent a privilege. TODO: describe what a privilege really is.
- **/
-
-/**
- * PolKitPrivilege:
- *
- * Objects of this class are used to record information about a
- * privilege.
- **/
-struct PolKitPrivilege
-{
- int refcount;
- char *id;
-};
-
-/**
- * libpolkit_privilege_new:
- *
- * Create a new #PolKitPrivilege object.
- *
- * Returns: the new object
- **/
-PolKitPrivilege *
-libpolkit_privilege_new (void)
-{
- PolKitPrivilege *privilege;
- privilege = g_new0 (PolKitPrivilege, 1);
- privilege->refcount = 1;
- return privilege;
-}
-
-/**
- * libpolkit_privilege_ref:
- * @privilege: the privilege object
- *
- * Increase reference count.
- *
- * Returns: the object
- **/
-PolKitPrivilege *
-libpolkit_privilege_ref (PolKitPrivilege *privilege)
-{
- g_return_val_if_fail (privilege != NULL, privilege);
- privilege->refcount++;
- return privilege;
-}
-
-/**
- * libpolkit_privilege_unref:
- * @privilege: the privilege object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-libpolkit_privilege_unref (PolKitPrivilege *privilege)
-{
- g_return_if_fail (privilege != NULL);
- privilege->refcount--;
- if (privilege->refcount > 0)
- return;
- g_free (privilege->id);
- g_free (privilege);
-}
-
-/**
- * libpolkit_privilege_set_privilege_id:
- * @privilege: the privilege object
- * @privilege_id: privilege identifier
- *
- * Set the privilege identifier
- **/
-void
-libpolkit_privilege_set_privilege_id (PolKitPrivilege *privilege, const char *privilege_id)
-{
- g_return_if_fail (privilege != NULL);
- if (privilege->id != NULL)
- g_free (privilege->id);
- privilege->id = g_strdup (privilege_id);
-}
-
-/**
- * libpolkit_privilege_get_privilege_id:
- * @privilege: the privilege object
- * @out_privilege_id: Returns the privilege identifier. The caller shall not free this string.
- *
- * Get the privilege identifier.
- *
- * Returns: TRUE iff the value was returned.
- **/
-gboolean
-libpolkit_privilege_get_privilege_id (PolKitPrivilege *privilege, char **out_privilege_id)
-{
- g_return_val_if_fail (privilege != NULL, FALSE);
- g_return_val_if_fail (out_privilege_id != NULL, FALSE);
- if (privilege->id == NULL)
- return FALSE;
- *out_privilege_id = privilege->id;
- return TRUE;
-}
-
-/**
- * libpolkit_privilege_debug:
- * @privilege: the object
- *
- * Print debug details
- **/
-void
-libpolkit_privilege_debug (PolKitPrivilege *privilege)
-{
- g_return_if_fail (privilege != NULL);
- _pk_debug ("PolKitPrivilege: refcount=%d id=%s", privilege->refcount, privilege->id);
-}
diff --git a/libpolkit/libpolkit-privilege.h b/libpolkit/libpolkit-privilege.h
deleted file mode 100644
index bfc4d14..0000000
--- a/libpolkit/libpolkit-privilege.h
+++ /dev/null
@@ -1,47 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-privilege.h : privileges
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#ifndef LIBPOLKIT_PRIVILEGE_H
-#define LIBPOLKIT_PRIVILEGE_H
-
-#include <stdio.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <glib.h>
-
-struct PolKitPrivilege;
-typedef struct PolKitPrivilege PolKitPrivilege;
-
-PolKitPrivilege *libpolkit_privilege_new (void);
-PolKitPrivilege *libpolkit_privilege_ref (PolKitPrivilege *privilege);
-void libpolkit_privilege_unref (PolKitPrivilege *privilege);
-void libpolkit_privilege_set_privilege_id (PolKitPrivilege *privilege, const char *privilege_id);
-gboolean libpolkit_privilege_get_privilege_id (PolKitPrivilege *privilege, char **out_privilege_id);
-
-void libpolkit_privilege_debug (PolKitPrivilege *privilege);
-
-#endif /* LIBPOLKIT_PRIVILEGE_H */
-
-
diff --git a/libpolkit/libpolkit-result.c b/libpolkit/libpolkit-result.c
index f19b710..2c81113 100644
--- a/libpolkit/libpolkit-result.c
+++ b/libpolkit/libpolkit-result.c
@@ -52,7 +52,7 @@ static const struct {
const char *str;
} mapping[] =
{
- {LIBPOLKIT_RESULT_UNKNOWN_PRIVILEGE, "unknown"},
+ {LIBPOLKIT_RESULT_UNKNOWN_ACTION, "unknown"},
{LIBPOLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW, "not_authorized"},
{LIBPOLKIT_RESULT_NO, "no"},
{LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH, "auth_root"},
diff --git a/libpolkit/libpolkit-result.h b/libpolkit/libpolkit-result.h
index 6573f59..d4c5e3c 100644
--- a/libpolkit/libpolkit-result.h
+++ b/libpolkit/libpolkit-result.h
@@ -30,7 +30,7 @@
/**
* PolKitResult:
- * @LIBPOLKIT_RESULT_UNKNOWN_PRIVILEGE: The passed privilege is unknown.
+ * @LIBPOLKIT_RESULT_UNKNOWN_ACTION: The passed action is unknown.
* @LIBPOLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW: The caller of libpolkit is not sufficiently privilege to know the answer.
* @LIBPOLKIT_RESULT_NO: Access denied.
* @LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH: Access denied, but authentication of the caller as
@@ -55,7 +55,7 @@
*/
typedef enum
{
- LIBPOLKIT_RESULT_UNKNOWN_PRIVILEGE,
+ LIBPOLKIT_RESULT_UNKNOWN_ACTION,
LIBPOLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW,
LIBPOLKIT_RESULT_NO,
LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH,
diff --git a/modules/allow-all/polkit-module-allow-all.c b/modules/allow-all/polkit-module-allow-all.c
index 507868c..e2b25f3 100644
--- a/modules/allow-all/polkit-module-allow-all.c
+++ b/modules/allow-all/polkit-module-allow-all.c
@@ -55,7 +55,7 @@ _module_shutdown (PolKitModuleInterface
static PolKitResult
_module_can_session_access_resource (PolKitModuleInterface *module_interface,
PolKitContext *pk_context,
- PolKitPrivilege *privilege,
+ PolKitAction *action,
PolKitResource *resource,
PolKitSession *session)
{
@@ -65,7 +65,7 @@ _module_can_session_access_resource (Pol
static PolKitResult
_module_can_caller_access_resource (PolKitModuleInterface *module_interface,
PolKitContext *pk_context,
- PolKitPrivilege *privilege,
+ PolKitAction *action,
PolKitResource *resource,
PolKitCaller *caller)
{
diff --git a/modules/default/polkit-module-default.c b/modules/default/polkit-module-default.c
index 83f1e31..418c1d2 100644
--- a/modules/default/polkit-module-default.c
+++ b/modules/default/polkit-module-default.c
@@ -57,20 +57,20 @@ _module_shutdown (PolKitModuleInterface
static PolKitResult
_module_can_session_access_resource (PolKitModuleInterface *module_interface,
PolKitContext *pk_context,
- PolKitPrivilege *privilege,
+ PolKitAction *action,
PolKitResource *resource,
PolKitSession *session)
{
PolKitResult result;
- PolKitPrivilegeCache *cache;
- PolKitPrivilegeFileEntry *pfe;
+ PolKitPolicyCache *cache;
+ PolKitPolicyFileEntry *pfe;
result = LIBPOLKIT_RESULT_NO;
- cache = libpolkit_context_get_privilege_cache (pk_context);
- pfe = libpolkit_privilege_cache_get_entry (cache, privilege);
- return libpolkit_privilege_default_can_session_access_resource (
- libpolkit_privilege_file_entry_get_default (pfe),
- privilege,
+ cache = libpolkit_context_get_policy_cache (pk_context);
+ pfe = libpolkit_policy_cache_get_entry (cache, action);
+ return libpolkit_policy_default_can_session_access_resource (
+ libpolkit_policy_file_entry_get_default (pfe),
+ action,
resource,
session);
}
@@ -78,20 +78,20 @@ _module_can_session_access_resource (Pol
static PolKitResult
_module_can_caller_access_resource (PolKitModuleInterface *module_interface,
PolKitContext *pk_context,
- PolKitPrivilege *privilege,
+ PolKitAction *action,
PolKitResource *resource,
PolKitCaller *caller)
{
PolKitResult result;
- PolKitPrivilegeCache *cache;
- PolKitPrivilegeFileEntry *pfe;
+ PolKitPolicyCache *cache;
+ PolKitPolicyFileEntry *pfe;
result = LIBPOLKIT_RESULT_NO;
- cache = libpolkit_context_get_privilege_cache (pk_context);
- pfe = libpolkit_privilege_cache_get_entry (cache, privilege);
- return libpolkit_privilege_default_can_caller_access_resource (
- libpolkit_privilege_file_entry_get_default (pfe),
- privilege,
+ cache = libpolkit_context_get_policy_cache (pk_context);
+ pfe = libpolkit_policy_cache_get_entry (cache, action);
+ return libpolkit_policy_default_can_caller_access_resource (
+ libpolkit_policy_file_entry_get_default (pfe),
+ action,
resource,
caller);
}
diff --git a/modules/deny-all/polkit-module-deny-all.c b/modules/deny-all/polkit-module-deny-all.c
index feece30..e6206fc 100644
--- a/modules/deny-all/polkit-module-deny-all.c
+++ b/modules/deny-all/polkit-module-deny-all.c
@@ -55,7 +55,7 @@ _module_shutdown (PolKitModuleInterface
static PolKitResult
_module_can_session_access_resource (PolKitModuleInterface *module_interface,
PolKitContext *pk_context,
- PolKitPrivilege *privilege,
+ PolKitAction *action,
PolKitResource *resource,
PolKitSession *session)
{
@@ -65,7 +65,7 @@ _module_can_session_access_resource (Pol
static PolKitResult
_module_can_caller_access_resource (PolKitModuleInterface *module_interface,
PolKitContext *pk_context,
- PolKitPrivilege *privilege,
+ PolKitAction *action,
PolKitResource *resource,
PolKitCaller *caller)
{
diff --git a/modules/run-program/polkit-module-run-program.c b/modules/run-program/polkit-module-run-program.c
index af641c6..ae05e35 100644
--- a/modules/run-program/polkit-module-run-program.c
+++ b/modules/run-program/polkit-module-run-program.c
@@ -106,12 +106,12 @@ _module_shutdown (PolKitModuleInterface
}
static gboolean
-_add_privilege_to_env (PolKitPrivilege *privilege, GPtrArray *envp)
+_add_action_to_env (PolKitAction *action, GPtrArray *envp)
{
char *p_id;
- if (!libpolkit_privilege_get_privilege_id (privilege, &p_id))
+ if (!libpolkit_action_get_action_id (action, &p_id))
goto error;
- g_ptr_array_add (envp, g_strdup_printf ("POLKIT_PRIVILEGE_ID=%s", p_id));
+ g_ptr_array_add (envp, g_strdup_printf ("POLKIT_ACTION_ID=%s", p_id));
return TRUE;
error:
return FALSE;
@@ -267,7 +267,7 @@ error:
static PolKitResult
_module_can_session_access_resource (PolKitModuleInterface *module_interface,
PolKitContext *pk_context,
- PolKitPrivilege *privilege,
+ PolKitAction *action,
PolKitResource *resource,
PolKitSession *session)
{
@@ -276,13 +276,13 @@ _module_can_session_access_resource (Pol
GPtrArray *envp;
envp = NULL;
- result = LIBPOLKIT_RESULT_UNKNOWN_PRIVILEGE;
+ result = LIBPOLKIT_RESULT_UNKNOWN_ACTION;
user_data = libpolkit_module_get_user_data (module_interface);
envp = g_ptr_array_new ();
- if (!_add_privilege_to_env (privilege, envp))
+ if (!_add_action_to_env (action, envp))
goto error;
if (!_add_resource_to_env (resource, envp))
goto error;
@@ -306,7 +306,7 @@ error:
static PolKitResult
_module_can_caller_access_resource (PolKitModuleInterface *module_interface,
PolKitContext *pk_context,
- PolKitPrivilege *privilege,
+ PolKitAction *action,
PolKitResource *resource,
PolKitCaller *caller)
{
@@ -319,7 +319,7 @@ _module_can_caller_access_resource (PolK
user_data = libpolkit_module_get_user_data (module_interface);
envp = g_ptr_array_new ();
- if (!_add_privilege_to_env (privilege, envp))
+ if (!_add_action_to_env (action, envp))
goto error;
if (!_add_resource_to_env (resource, envp))
goto error;
diff --git a/policy/Makefile.am b/policy/Makefile.am
new file mode 100644
index 0000000..6cb4a86
--- /dev/null
+++ b/policy/Makefile.am
@@ -0,0 +1,17 @@
+
+polkit_privilegedir = $(sysconfdir)/PolicyKit/policy
+
+dist_polkit_privilege_DATA =
+
+check:
+ for f in $(dist_polkit_privilege_DATA); do \
+ echo "Validating privilege file: $$f"; \
+ $(top_builddir)/tools/polkit-policy-file-validate --file $(srcdir)/$$f; \
+ if [ "$$?" != "0" ]; then \
+ echo "failed"; \
+ exit 1; \
+ fi; \
+ done
+
+clean-local :
+ rm -f *~
diff --git a/policy/polkit-example-action.policy b/policy/polkit-example-action.policy
new file mode 100644
index 0000000..5204398
--- /dev/null
+++ b/policy/polkit-example-action.policy
@@ -0,0 +1,15 @@
+# -*- Conf -*-
+#
+# Example privilege definitions...
+
+[Action polkit-example-privilege]
+AllowRemoteInactive=no
+AllowRemoteActive=auth_root_keep_session
+AllowLocalInactive=auth_self_keep_always
+AllowLocalActive=yes
+
+[Action polkit-example-privilege2]
+AllowRemoteInactive=no
+AllowRemoteActive=auth_root_keep_session
+AllowLocalInactive=auth_self_keep_always
+AllowLocalActive=yes
diff --git a/privileges/Makefile.am b/privileges/Makefile.am
deleted file mode 100644
index 356ed5f..0000000
--- a/privileges/Makefile.am
+++ /dev/null
@@ -1,17 +0,0 @@
-
-polkit_privilegedir = $(sysconfdir)/PolicyKit/privileges
-
-dist_polkit_privilege_DATA =
-
-check:
- for f in $(dist_polkit_privilege_DATA); do \
- echo "Validating privilege file: $$f"; \
- $(top_builddir)/tools/polkit-privilege-file-validate --file $(srcdir)/$$f; \
- if [ "$$?" != "0" ]; then \
- echo "failed"; \
- exit 1; \
- fi; \
- done
-
-clean-local :
- rm -f *~
diff --git a/privileges/polkit-example-privilege.priv b/privileges/polkit-example-privilege.priv
deleted file mode 100644
index fb4032c..0000000
--- a/privileges/polkit-example-privilege.priv
+++ /dev/null
@@ -1,15 +0,0 @@
-# -*- Conf -*-
-#
-# Example privilege definitions...
-
-[Privilege polkit-example-privilege]
-AllowRemoteInactive=no
-AllowRemoteActive=auth_root_keep_session
-AllowLocalInactive=auth_self_keep_always
-AllowLocalActive=yes
-
-[Privilege polkit-example-privilege2]
-AllowRemoteInactive=no
-AllowRemoteActive=auth_root_keep_session
-AllowLocalInactive=auth_self_keep_always
-AllowLocalActive=yes
diff --git a/tools/Makefile.am b/tools/Makefile.am
index 0f7b6c6..cef6336 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -11,7 +11,7 @@ INCLUDES = \
@GLIB_CFLAGS@ \
@DBUS_CFLAGS@
-bin_PROGRAMS = polkit-check-caller polkit-check-session polkit-privilege-file-validate
+bin_PROGRAMS = polkit-check-caller polkit-check-session polkit-policy-file-validate
polkit_check_caller_SOURCES = polkit-check-caller.c
polkit_check_caller_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/libpolkit/libpolkit.la
@@ -19,8 +19,8 @@ polkit_check_caller_LDADD = @GLIB_LIBS@
polkit_check_session_SOURCES = polkit-check-session.c
polkit_check_session_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/libpolkit/libpolkit.la
-polkit_privilege_file_validate_SOURCES = polkit-privilege-file-validate.c
-polkit_privilege_file_validate_LDADD = @GLIB_LIBS@ $(top_builddir)/libpolkit/libpolkit.la
+polkit_policy_file_validate_SOURCES = polkit-policy-file-validate.c
+polkit_policy_file_validate_LDADD = @GLIB_LIBS@ $(top_builddir)/libpolkit/libpolkit.la
clean-local :
rm -f *~
diff --git a/tools/polkit-check-caller.c b/tools/polkit-check-caller.c
index 1c3b2ca..066ef73 100644
--- a/tools/polkit-check-caller.c
+++ b/tools/polkit-check-caller.c
@@ -44,13 +44,13 @@ usage (int argc, char *argv[])
"\n"
"usage : polkit-check-caller\n"
" --resource-type <type> --resource-id <id>\n"
- " --privilege <privilege> --caller <dbus-name>\n"
+ " --action <action> --caller <dbus-name>\n"
" [--version] [--help]\n");
fprintf (stderr,
"\n"
" --resource-type Type of resource\n"
" --resource-id Identifier of resource\n"
- " --privilege Requested privilege\n"
+ " --action Requested action\n"
" --caller Unique name of caller on the system bus\n"
" --version Show version and exit\n"
" --help Show this information and exit\n"
@@ -66,7 +66,7 @@ main (int argc, char *argv[])
{
char *resource_type = NULL;
char *resource_id = NULL;
- char *privilege_id = NULL;
+ char *action_id = NULL;
char *dbus_name = NULL;
gboolean is_version = FALSE;
DBusConnection *bus;
@@ -74,7 +74,7 @@ main (int argc, char *argv[])
PolKitContext *pol_ctx;
PolKitCaller *caller;
PolKitResource *resource;
- PolKitPrivilege *privilege;
+ PolKitAction *action;
gboolean allowed;
GError *g_error;
@@ -90,7 +90,7 @@ main (int argc, char *argv[])
static struct option long_options[] = {
{"resource-type", 1, NULL, 0},
{"resource-id", 1, NULL, 0},
- {"privilege", 1, NULL, 0},
+ {"action", 1, NULL, 0},
{"caller", 1, NULL, 0},
{"version", 0, NULL, 0},
{"help", 0, NULL, 0},
@@ -115,8 +115,8 @@ main (int argc, char *argv[])
resource_type = strdup (optarg);
} else if (strcmp (opt, "resource-id") == 0) {
resource_id = strdup (optarg);
- } else if (strcmp (opt, "privilege") == 0) {
- privilege_id = strdup (optarg);
+ } else if (strcmp (opt, "action") == 0) {
+ action_id = strdup (optarg);
} else if (strcmp (opt, "caller") == 0) {
dbus_name = strdup (optarg);
}
@@ -134,7 +134,7 @@ main (int argc, char *argv[])
return 0;
}
- if (resource_type == NULL || resource_id == NULL || privilege_id == NULL || dbus_name == NULL) {
+ if (resource_type == NULL || resource_id == NULL || action_id == NULL || dbus_name == NULL) {
usage (argc, argv);
return 1;
}
@@ -154,8 +154,8 @@ main (int argc, char *argv[])
return 1;
}
- privilege = libpolkit_privilege_new ();
- libpolkit_privilege_set_privilege_id (privilege, privilege_id);
+ action = libpolkit_action_new ();
+ libpolkit_action_set_action_id (action, action_id);
resource = libpolkit_resource_new ();
libpolkit_resource_set_resource_type (resource, resource_type);
@@ -170,7 +170,7 @@ main (int argc, char *argv[])
}
}
- allowed = libpolkit_context_can_caller_access_resource (pol_ctx, privilege, resource, caller);
+ allowed = libpolkit_context_can_caller_access_resource (pol_ctx, action, resource, caller);
if (allowed)
return 0;
diff --git a/tools/polkit-check-session.c b/tools/polkit-check-session.c
index 7ed3a2f..2c6fe91 100644
--- a/tools/polkit-check-session.c
+++ b/tools/polkit-check-session.c
@@ -44,13 +44,13 @@ usage (int argc, char *argv[])
"\n"
"usage : polkit-check-session\n"
" --resource-type <type> --resource-id <id>\n"
- " --privilege <privilege> [--session <session>]\n"
+ " --action <action> [--session <session>]\n"
" [--version] [--help]\n");
fprintf (stderr,
"\n"
" --resource-type Type of resource\n"
" --resource-id Identifier of resource\n"
- " --privilege Requested privilege\n"
+ " --action Requested action\n"
" --session ConsoleKit object path of session\n"
" --version Show version and exit\n"
" --help Show this information and exit\n"
@@ -66,7 +66,7 @@ main (int argc, char *argv[])
{
char *resource_type = NULL;
char *resource_id = NULL;
- char *privilege_id = NULL;
+ char *action_id = NULL;
char *session_id = NULL;
char *cookie = NULL;
gboolean is_version = FALSE;
@@ -75,7 +75,7 @@ main (int argc, char *argv[])
PolKitContext *pol_ctx;
PolKitSession *session;
PolKitResource *resource;
- PolKitPrivilege *privilege;
+ PolKitAction *action;
gboolean allowed;
GError *g_error;
@@ -93,7 +93,7 @@ main (int argc, char *argv[])
static struct option long_options[] = {
{"resource-type", 1, NULL, 0},
{"resource-id", 1, NULL, 0},
- {"privilege", 1, NULL, 0},
+ {"action", 1, NULL, 0},
{"session", 1, NULL, 0},
{"version", 0, NULL, 0},
{"help", 0, NULL, 0},
@@ -118,8 +118,8 @@ main (int argc, char *argv[])
resource_type = strdup (optarg);
} else if (strcmp (opt, "resource-id") == 0) {
resource_id = strdup (optarg);
- } else if (strcmp (opt, "privilege") == 0) {
- privilege_id = strdup (optarg);
+ } else if (strcmp (opt, "action") == 0) {
+ action_id = strdup (optarg);
} else if (strcmp (opt, "session") == 0) {
session_id = strdup (optarg);
}
@@ -137,7 +137,7 @@ main (int argc, char *argv[])
return 0;
}
- if (resource_type == NULL || resource_id == NULL || privilege_id == NULL) {
+ if (resource_type == NULL || resource_id == NULL || action_id == NULL) {
usage (argc, argv);
return 1;
}
@@ -171,14 +171,14 @@ main (int argc, char *argv[])
return 1;
}
- privilege = libpolkit_privilege_new ();
- libpolkit_privilege_set_privilege_id (privilege, privilege_id);
+ action = libpolkit_action_new ();
+ libpolkit_action_set_action_id (action, action_id);
resource = libpolkit_resource_new ();
libpolkit_resource_set_resource_type (resource, resource_type);
libpolkit_resource_set_resource_id (resource, resource_id);
- allowed = libpolkit_context_can_session_access_resource (pol_ctx, privilege, resource, session);
+ allowed = libpolkit_context_can_session_access_resource (pol_ctx, action, resource, session);
if (allowed)
return 0;
diff --git a/tools/polkit-policy-file-validate.c b/tools/polkit-policy-file-validate.c
new file mode 100644
index 0000000..07c59d0
--- /dev/null
+++ b/tools/polkit-policy-file-validate.c
@@ -0,0 +1,98 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-policy-file-validate.c : validate policy file
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <getopt.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <libpolkit/libpolkit-policy-file.h>
+
+static void
+usage (int argc, char *argv[])
+{
+ fprintf (stderr,
+ "\n"
+ "usage : polkit-policy-file-validate <policy-files>\n"
+ " [--version] [--help]\n");
+ fprintf (stderr,
+ "\n"
+ " --version Show version and exit\n"
+ " --help Show this information and exit\n"
+ "\n"
+ "Validates one or more PolicyKit policy file. Returns 0 if it validates.\n"
+ "If not, the program exits with a non-zero exit code.\n");
+}
+
+static gboolean
+validate_file (const char *file)
+{
+ PolKitPolicyFile *priv_file;
+ GError *error = NULL;
+
+ priv_file = libpolkit_policy_file_new (file, &error);
+ if (priv_file == NULL) {
+ printf ("%s did not validate: %s\n", file, error->message);
+ g_error_free (error);
+ return FALSE;
+ }
+ libpolkit_policy_file_unref (priv_file);
+ return TRUE;
+}
+
+int
+main (int argc, char *argv[])
+{
+ int n;
+
+ if (argc <= 1) {
+ usage (argc, argv);
+ return 1;
+ }
+
+ for (n = 1; n < argc; n++) {
+ if (strcmp (argv[n], "--help") == 0) {
+ usage (argc, argv);
+ return 0;
+ }
+ if (strcmp (argv[n], "--version") == 0) {
+ printf ("polkit-policy-file-validate " PACKAGE_VERSION "\n");
+ return 0;
+ }
+
+ if (!validate_file (argv[n])) {
+ return 1;
+ }
+ }
+
+ return 0;
+}
diff --git a/tools/polkit-privilege-file-validate.c b/tools/polkit-privilege-file-validate.c
deleted file mode 100644
index cf3b1f5..0000000
--- a/tools/polkit-privilege-file-validate.c
+++ /dev/null
@@ -1,98 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-privilege-file-validate.c : validate privilege file
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <getopt.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <libpolkit/libpolkit-privilege-file.h>
-
-static void
-usage (int argc, char *argv[])
-{
- fprintf (stderr,
- "\n"
- "usage : polkit-privilege-file-validate <privilege-files>\n"
- " [--version] [--help]\n");
- fprintf (stderr,
- "\n"
- " --version Show version and exit\n"
- " --help Show this information and exit\n"
- "\n"
- "Validates one or more PolicyKit privilege file. Returns 0 if it validates.\n"
- "If not, the program exits with a non-zero exit code.\n");
-}
-
-static gboolean
-validate_file (const char *file)
-{
- PolKitPrivilegeFile *priv_file;
- GError *error = NULL;
-
- priv_file = libpolkit_privilege_file_new (file, &error);
- if (priv_file == NULL) {
- printf ("%s did not validate: %s\n", file, error->message);
- g_error_free (error);
- return FALSE;
- }
- libpolkit_privilege_file_unref (priv_file);
- return TRUE;
-}
-
-int
-main (int argc, char *argv[])
-{
- int n;
-
- if (argc <= 1) {
- usage (argc, argv);
- return 1;
- }
-
- for (n = 1; n < argc; n++) {
- if (strcmp (argv[n], "--help") == 0) {
- usage (argc, argv);
- return 0;
- }
- if (strcmp (argv[n], "--version") == 0) {
- printf ("polkit-privilege-file-validate " PACKAGE_VERSION "\n");
- return 0;
- }
-
- if (!validate_file (argv[n])) {
- return 1;
- }
- }
-
- return 0;
-}
More information about the hal-commit
mailing list