PolicyKit: Branch 'master'
David Zeuthen
david at kemper.freedesktop.org
Sun Apr 15 16:41:04 PDT 2007
doc/man/polkit-check-caller.1.in | 3
doc/man/polkit-check-session.1.in | 3
doc/man/polkit-module-run-program.8.in | 5 -
libpolkit/libpolkit-action.c | 73 ------------------------
libpolkit/libpolkit-action.h | 18 -----
modules/run-program/polkit-module-run-program.c | 25 --------
tools/polkit-check-caller.c | 30 ---------
tools/polkit-check-session.c | 30 ---------
8 files changed, 187 deletions(-)
New commits:
diff-tree 81401e166e69287f33f568ca06a959662b01d068 (from 845b572bf8e4c6391256cc643446e4eeb24ad5b0)
Author: David Zeuthen <davidz at redhat.com>
Date: Sun Apr 15 19:41:00 2007 -0400
remove misguided action parameters
This feature was introduced with
commit 02a4c5101ca4751963f76a0e016d3308389dc2a5
http://gitweb.freedesktop.org/?p=PolicyKit.git;a=commit;h=02a4c5101ca4751963f76a0e016d3308389dc2a5
It makes things a lot harder for privilege granting if a feature like
action parameters are present. Thinking about it, they're not really
necessary; the parameters should just be encoded in the resource name;
e.g. with the example given in the commit
> This is useful for letting mechanisms convey information which may be
> useful in making a decision whether an action is OK. For example,
> NetworkManager could use this to provide the phone-number parameter
> with a hypothetical "nm-dialup" action. Then a site or vendor can
> provide insert
>
> mandatory polkit-run-program.so \
> program="/usr/lib/check-dialup-number.sh" privilege="nm-dialup"
>
> into /etc/PolicyKit/PolicyKit.conf and have said program check
>
> $POLKIT_ACTION_PARAM_PHONE_NUMBER
>
> in that program.
is broken; the right thing here is for a hypothetical NetworkManager
to pass the dial up connection details as the resource
resource.type = "NetworkManager"
resource.id = "/org/freedesktop/NM/DialUpConnection/number=555-HOT-CHICKS"
in a well-defined format etc. etc.
diff --git a/doc/man/polkit-check-caller.1.in b/doc/man/polkit-check-caller.1.in
index a204387..2b30ace 100644
--- a/doc/man/polkit-check-caller.1.in
+++ b/doc/man/polkit-check-caller.1.in
@@ -25,9 +25,6 @@ The following options are supported:
.I "--action"
The action to check.
.TP
-.I "--action-param <key>=<value>"
-Append parameters to action.
-.TP
.I "--caller"
The caller to check for. Must be the callers unique name on the D-Bus
system message bus.
diff --git a/doc/man/polkit-check-session.1.in b/doc/man/polkit-check-session.1.in
index bba8f01..019b917 100644
--- a/doc/man/polkit-check-session.1.in
+++ b/doc/man/polkit-check-session.1.in
@@ -25,9 +25,6 @@ The following options are supported:
.I "--action"
The action to check.
.TP
-.I "--action-param <key>=<value>"
-Append parameters to action.
-.TP
.I "--session"
The session to check for. Must be a ConsoleKit object path. If
ommitted the current session is used.
diff --git a/doc/man/polkit-module-run-program.8.in b/doc/man/polkit-module-run-program.8.in
index 643f4dd..1824452 100644
--- a/doc/man/polkit-module-run-program.8.in
+++ b/doc/man/polkit-module-run-program.8.in
@@ -101,11 +101,6 @@ the system message bus.
.B POLKIT_ACTION_ID
An identifier for the action
.TP
-.B POLKIT_ACTION_<KEY_NAME>=<value-name>
-All action parameters are put in the environment; the key is
-uppercased and hyphen and period characters are replaced with
-underscores.
-.TP
.B POLKIT_RESOURCE_ID
Resource identifier
.TP
diff --git a/libpolkit/libpolkit-action.c b/libpolkit/libpolkit-action.c
index 34ef594..f0a0a8c 100644
--- a/libpolkit/libpolkit-action.c
+++ b/libpolkit/libpolkit-action.c
@@ -170,79 +170,6 @@ libpolkit_action_debug (PolKitAction *ac
}
/**
- * libpolkit_action_set_param:
- * @action: the action
- * @key: key
- * @value: value
- *
- * Set a parameter (a key/value pair) associated with the action.
- **/
-void
-libpolkit_action_set_param (PolKitAction *action, const char *key, const char *value)
-{
- g_return_if_fail (action != NULL);
- g_return_if_fail (key != NULL);
-
- g_hash_table_insert (action->params, g_strdup (key), g_strdup (value));
-}
-
-/**
- * libpolkit_action_get_param:
- * @action: the action
- * @key: key
- *
- * Get a parameter (a key/value pair) associated with the action.
- *
- * Returns: the value or #NULL if the parameter wasn't set.
- **/
-const char *
-libpolkit_action_get_param (PolKitAction *action, const char *key)
-{
- const char *value;
-
- g_return_val_if_fail (action != NULL, NULL);
- g_return_val_if_fail (key != NULL, NULL);
-
- value = g_hash_table_lookup (action->params, key);
- return value;
-}
-
-typedef struct {
- PolKitAction *action;
- PolKitActionParamForeachFunc cb;
- void *user_data;
-} HashClosure;
-
-static void
-_hash_cb (gpointer key, gpointer value, gpointer user_data)
-{
- HashClosure *data = user_data;
- data->cb (data->action, key, value, data->user_data);
-}
-
-/**
- * libpolkit_action_param_foreach:
- * @action: the action
- * @cb: function to call
- * @user_data: user data
- *
- * Calls the given function for each parameter on the object.
- **/
-void
-libpolkit_action_param_foreach (PolKitAction *action, PolKitActionParamForeachFunc cb, void *user_data)
-{
- HashClosure data;
-
- g_return_if_fail (action != NULL);
- g_return_if_fail (cb != NULL);
-
- data.action = action;
- data.cb = cb;
- data.user_data = user_data;
- g_hash_table_foreach (action->params, _hash_cb, &data);
-}
-
-/**
* libpolkit_action_validate:
* @action: the object
*
diff --git a/libpolkit/libpolkit-action.h b/libpolkit/libpolkit-action.h
index df4888f..e266c2d 100644
--- a/libpolkit/libpolkit-action.h
+++ b/libpolkit/libpolkit-action.h
@@ -35,30 +35,12 @@
struct PolKitAction;
typedef struct PolKitAction PolKitAction;
-/**
- * PolKitActionParamForeachFunc:
- * @action: the action
- * @key: key of parameter
- * @value: value of parameter
- * @user_data: user data
- *
- * Type for function used in libpolkit_action_param_foreach().
- **/
-typedef void (*PolKitActionParamForeachFunc) (PolKitAction *action,
- const char *key,
- const char *value,
- void *user_data);
-
PolKitAction *libpolkit_action_new (void);
PolKitAction *libpolkit_action_ref (PolKitAction *action);
void libpolkit_action_unref (PolKitAction *action);
polkit_bool_t libpolkit_action_set_action_id (PolKitAction *action, const char *action_id);
polkit_bool_t libpolkit_action_get_action_id (PolKitAction *action, char **out_action_id);
-void libpolkit_action_set_param (PolKitAction *action, const char *key, const char *value);
-const char *libpolkit_action_get_param (PolKitAction *action, const char *key);
-void libpolkit_action_param_foreach (PolKitAction *action, PolKitActionParamForeachFunc cb, void *user_data);
-
void libpolkit_action_debug (PolKitAction *action);
polkit_bool_t libpolkit_action_validate (PolKitAction *action);
diff --git a/modules/run-program/polkit-module-run-program.c b/modules/run-program/polkit-module-run-program.c
index ecbc126..f0189f7 100644
--- a/modules/run-program/polkit-module-run-program.c
+++ b/modules/run-program/polkit-module-run-program.c
@@ -97,29 +97,6 @@ _module_shutdown (PolKitModuleInterface
}
}
-static void
-_add_action_param_to_env (PolKitAction *action, const char *key, const char *value, gpointer user_data)
-{
- int n;
- char *upper;
- GPtrArray *envp = user_data;
-
- if (key == NULL || value == NULL)
- return;
-
- upper = g_ascii_strup (key, -1);
- for (n = 0; upper[n] != '\0'; n++) {
- switch (upper[n]) {
- case '.':
- case '-':
- upper[n] = '_';
- break;
- }
- }
- g_ptr_array_add (envp, g_strdup_printf ("POLKIT_ACTION_PARAM_%s=%s", upper, value));
- g_free (upper);
-}
-
static polkit_bool_t
_add_action_to_env (PolKitAction *action, GPtrArray *envp)
{
@@ -127,8 +104,6 @@ _add_action_to_env (PolKitAction *action
if (!libpolkit_action_get_action_id (action, &p_id))
goto error;
g_ptr_array_add (envp, g_strdup_printf ("POLKIT_ACTION_ID=%s", p_id));
-
- libpolkit_action_param_foreach (action, _add_action_param_to_env, envp);
return TRUE;
error:
return FALSE;
diff --git a/tools/polkit-check-caller.c b/tools/polkit-check-caller.c
index 32a2a94..304a282 100644
--- a/tools/polkit-check-caller.c
+++ b/tools/polkit-check-caller.c
@@ -46,14 +46,12 @@ usage (int argc, char *argv[])
"\n"
"usage : polkit-check-caller\n"
" --caller <dbus-name> --action <action>\n"
- " [--action-param <key>=<value>]\n"
" --resource-type <type> --resource-id <id>\n"
" [--version] [--help]\n");
fprintf (stderr,
"\n"
" --caller Unique name of caller on the system bus\n"
" --action Requested action\n"
- " --action-param Action parameters (may occur multiple times)\n"
" --resource-type Type of resource\n"
" --resource-id Identifier of resource\n"
" --version Show version and exit\n"
@@ -81,17 +79,12 @@ main (int argc, char *argv[])
PolKitAction *action;
gboolean allowed;
PolKitError *p_error;
- GPtrArray *params;
- int n;
- char *param_key;
- char *param_value;
if (argc <= 1) {
usage (argc, argv);
return 1;
}
- params = g_ptr_array_new ();
while (1) {
int c;
int option_index = 0;
@@ -100,7 +93,6 @@ main (int argc, char *argv[])
{"resource-type", 1, NULL, 0},
{"resource-id", 1, NULL, 0},
{"action", 1, NULL, 0},
- {"action-param", 1, NULL, 0},
{"caller", 1, NULL, 0},
{"version", 0, NULL, 0},
{"help", 0, NULL, 0},
@@ -127,18 +119,6 @@ main (int argc, char *argv[])
resource_id = strdup (optarg);
} else if (strcmp (opt, "action") == 0) {
action_id = strdup (optarg);
- } else if (strcmp (opt, "action-param") == 0) {
- param_key = strdup (optarg);
- param_value = NULL;
- for (n = 0; param_key[n] != '=' && param_key[n] != '\0'; n++)
- ;
- if (param_key[n] == '\0')
- usage (argc, argv);
- param_key[n] = '\0';
- param_value = param_key + n + 1;
- g_ptr_array_add (params, g_strdup (param_key));
- g_ptr_array_add (params, g_strdup (param_value));
- g_free (param_key);
} else if (strcmp (opt, "caller") == 0) {
dbus_name = strdup (optarg);
}
@@ -178,16 +158,6 @@ main (int argc, char *argv[])
action = libpolkit_action_new ();
libpolkit_action_set_action_id (action, action_id);
- for (n = 0; n < (int) params->len; n += 2) {
- char *key;
- char *value;
- key = params->pdata[n];
- value = params->pdata[n+1];
- libpolkit_action_set_param (action, key, value);
- g_free (key);
- g_free (value);
- }
- g_ptr_array_free (params, TRUE);
resource = libpolkit_resource_new ();
libpolkit_resource_set_resource_type (resource, resource_type);
diff --git a/tools/polkit-check-session.c b/tools/polkit-check-session.c
index 0b8472c..609e8db 100644
--- a/tools/polkit-check-session.c
+++ b/tools/polkit-check-session.c
@@ -46,14 +46,12 @@ usage (int argc, char *argv[])
"\n"
"usage : polkit-check-session\n"
" [--session <session>] --action <action>\n"
- " [--action-param <key>=<value>]"
" --resource-type <type> --resource-id <id>\n"
" [--version] [--help]\n");
fprintf (stderr,
"\n"
" --session ConsoleKit object path of session\n"
" --action Requested action\n"
- " --action-param Action parameters (may occur multiple times)\n"
" --resource-type Type of resource\n"
" --resource-id Identifier of resource\n"
" --version Show version and exit\n"
@@ -82,10 +80,6 @@ main (int argc, char *argv[])
PolKitAction *action;
gboolean allowed;
PolKitError *p_error;
- GPtrArray *params;
- int n;
- char *param_key;
- char *param_value;
if (argc <= 1) {
usage (argc, argv);
@@ -94,7 +88,6 @@ main (int argc, char *argv[])
cookie = getenv ("XDG_SESSION_COOKIE");
- params = g_ptr_array_new ();
while (1) {
int c;
int option_index = 0;
@@ -103,7 +96,6 @@ main (int argc, char *argv[])
{"resource-type", 1, NULL, 0},
{"resource-id", 1, NULL, 0},
{"action", 1, NULL, 0},
- {"action-param", 1, NULL, 0},
{"session", 1, NULL, 0},
{"version", 0, NULL, 0},
{"help", 0, NULL, 0},
@@ -130,18 +122,6 @@ main (int argc, char *argv[])
resource_id = strdup (optarg);
} else if (strcmp (opt, "action") == 0) {
action_id = strdup (optarg);
- } else if (strcmp (opt, "action-param") == 0) {
- param_key = strdup (optarg);
- param_value = NULL;
- for (n = 0; param_key[n] != '=' && param_key[n] != '\0'; n++)
- ;
- if (param_key[n] == '\0')
- usage (argc, argv);
- param_key[n] = '\0';
- param_value = param_key + n + 1;
- g_ptr_array_add (params, g_strdup (param_key));
- g_ptr_array_add (params, g_strdup (param_value));
- g_free (param_key);
} else if (strcmp (opt, "session") == 0) {
session_id = strdup (optarg);
}
@@ -195,16 +175,6 @@ main (int argc, char *argv[])
action = libpolkit_action_new ();
libpolkit_action_set_action_id (action, action_id);
- for (n = 0; n < (int) params->len; n += 2) {
- char *key;
- char *value;
- key = params->pdata[n];
- value = params->pdata[n+1];
- libpolkit_action_set_param (action, key, value);
- g_free (key);
- g_free (value);
- }
- g_ptr_array_free (params, TRUE);
resource = libpolkit_resource_new ();
libpolkit_resource_set_resource_type (resource, resource_type);
More information about the hal-commit
mailing list