PolicyKit: Branch 'master'
David Zeuthen
david at kemper.freedesktop.org
Mon Apr 16 22:41:26 PDT 2007
Makefile.am | 12 -
configure.in | 29 +--
data/Makefile.am | 14 +
doc/api/Makefile.am | 2
doc/api/libpolkit-grant/version.xml.in | 1
doc/api/libpolkit/libpolkit-docs.xml | 124 --------------
doc/api/libpolkit/version.xml.in | 1
doc/api/polkit-dbus/Makefile.am | 16 -
doc/api/polkit-dbus/polkit-dbus-docs.xml | 2
doc/api/polkit-grant/Makefile.am | 16 -
doc/api/polkit-grant/polkit-grant-docs.xml | 2
doc/api/polkit/Makefile.am | 22 +-
doc/api/polkit/polkit-docs.xml | 19 +-
libpolkit/Makefile.am | 62 -------
modules/allow-all/Makefile.am | 2
modules/allow-all/polkit-module-allow-all.c | 20 +-
modules/default/Makefile.am | 2
modules/default/polkit-module-default.c | 36 ++--
modules/deny-all/Makefile.am | 2
modules/deny-all/polkit-module-deny-all.c | 20 +-
modules/grant/Makefile.am | 2
modules/grant/polkit-module-grant.c | 42 ++--
modules/run-program/Makefile.am | 2
modules/run-program/polkit-module-run-program.c | 60 +++---
polkit-dbus/Makefile.am | 8
polkit-dbus/polkit-dbus.c | 112 ++++++------
polkit-dbus/polkit-dbus.h | 16 -
polkit-grant/Makefile.am | 10 -
polkit-grant/polkit-grant-helper.c | 108 ++++++------
polkit-grant/polkit-grant.c | 56 +++---
polkit-grant/polkit-grant.h | 92 +++++-----
polkit/Makefile.am | 61 ++++++
polkit/polkit-action.c | 38 ++--
polkit/polkit-action.h | 26 +-
polkit/polkit-caller.c | 80 ++++-----
polkit/polkit-caller.h | 44 ++--
polkit/polkit-context.c | 212 ++++++++++++------------
polkit/polkit-context.h | 54 +++---
polkit/polkit-debug.c | 10 -
polkit/polkit-debug.h | 8
polkit/polkit-error.c | 8
polkit/polkit-error.h | 10 -
polkit/polkit-module.c | 130 +++++++-------
polkit/polkit-module.h | 86 ++++-----
polkit/polkit-policy-cache.c | 48 ++---
polkit/polkit-policy-cache.h | 26 +-
polkit/polkit-policy-default.c | 70 +++----
polkit/polkit-policy-default.h | 32 +--
polkit/polkit-policy-file-entry.c | 46 ++---
polkit/polkit-policy-file-entry.h | 24 +-
polkit/polkit-policy-file.c | 36 ++--
polkit/polkit-policy-file.h | 24 +-
polkit/polkit-resource.c | 46 ++---
polkit/polkit-resource.h | 30 +--
polkit/polkit-result.c | 38 ++--
polkit/polkit-result.h | 68 +++----
polkit/polkit-seat.c | 38 ++--
polkit/polkit-seat.h | 26 +-
polkit/polkit-session.c | 88 ++++-----
polkit/polkit-session.h | 48 ++---
polkit/polkit-types.h | 12 -
polkit/polkit-utils.c | 12 -
polkit/polkit-utils.h | 10 -
polkit/polkit.h | 36 ++--
tools/Makefile.am | 8
tools/polkit-check-caller.c | 24 +-
tools/polkit-check-session.c | 26 +-
tools/polkit-grant.c | 84 ++++-----
tools/polkit-policy-file-validate.c | 6
69 files changed, 1239 insertions(+), 1346 deletions(-)
New commits:
diff-tree 36c1b7725fcb2339fcf9a87f5e5c984ef5be17cb (from 9e492bfb815dd352c23578a62caf6cd9ea0b112b)
Author: David Zeuthen <davidz at redhat.com>
Date: Tue Apr 17 01:41:09 2007 -0400
rename libpolkit to polkit
It's more consistent and, uhm, easier to type.
diff --git a/Makefile.am b/Makefile.am
index cf1dbb7..2214028 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,14 +1,6 @@
## Process this file with automake to produce Makefile.in
-SUBDIRS = libpolkit libpolkit-dbus libpolkit-grant modules doc tools policy
-
-pamdir = $(sysconfdir)/pam.d
-pam_DATA = polkit
-
-pkgconfigdir = $(libdir)/pkgconfig
-pkgconfig_DATA = libpolkit.pc libpolkit-dbus.pc libpolkit-grant.pc
-
-DISTCLEANFILES = libpolkit.pc libpolkit-dbus.pc libpolkit-grant.pc
+SUBDIRS = data polkit polkit-dbus polkit-grant modules doc tools policy
# Creating ChangeLog from git log (taken from cairo/Makefile.am):
ChangeLog: $(srcdir)/ChangeLog
@@ -29,7 +21,7 @@ $(srcdir)/ChangeLog:
.PHONY: ChangeLog $(srcdir)/ChangeLog
-EXTRA_DIST = HACKING polkit.in libpolkit.pc.in libpolkit-dbus.pc.in libpolkit-grant.pc.in mkinstalldirs ChangeLog
+EXTRA_DIST = HACKING mkinstalldirs ChangeLog
clean-local :
rm -f *~
diff --git a/configure.in b/configure.in
index 126b9b1..ae55f16 100644
--- a/configure.in
+++ b/configure.in
@@ -6,7 +6,7 @@ AM_INIT_AUTOMAKE(PolicyKit, 0.3)
AM_CONFIG_HEADER(config.h)
AM_MAINTAINER_MODE
-# libtool versioning - this applies to libpolkit
+# libtool versioning - this applies to all libraries in this package
#
# See http://sources.redhat.com/autobook/autobook/autobook_91.html#SEC91 for details
#
@@ -325,23 +325,24 @@ AC_DEFINE_UNQUOTED(PAM_FILE_INCLUDE_PASS
AC_DEFINE_UNQUOTED(PAM_FILE_INCLUDE_SESSION, "$PAM_FILE_INCLUDE_SESSION", [pam file session])
AC_OUTPUT([
-libpolkit.pc
-libpolkit-dbus.pc
-libpolkit-grant.pc
Makefile
-polkit
-libpolkit/Makefile
-libpolkit-dbus/Makefile
-libpolkit-grant/Makefile
+data/Makefile
+data/polkit
+data/polkit.pc
+data/polkit-dbus.pc
+data/polkit-grant.pc
+polkit/Makefile
+polkit-dbus/Makefile
+polkit-grant/Makefile
tools/Makefile
doc/Makefile
doc/api/Makefile
-doc/api/libpolkit/Makefile
-doc/api/libpolkit/version.xml
-doc/api/libpolkit-dbus/Makefile
-doc/api/libpolkit-dbus/version.xml
-doc/api/libpolkit-grant/Makefile
-doc/api/libpolkit-grant/version.xml
+doc/api/polkit/Makefile
+doc/api/polkit/version.xml
+doc/api/polkit-dbus/Makefile
+doc/api/polkit-dbus/version.xml
+doc/api/polkit-grant/Makefile
+doc/api/polkit-grant/version.xml
doc/spec/Makefile
doc/spec/polkit-spec.xml.in
doc/man/Makefile
diff --git a/data/Makefile.am b/data/Makefile.am
new file mode 100644
index 0000000..0de382e
--- /dev/null
+++ b/data/Makefile.am
@@ -0,0 +1,14 @@
+## Process this file with automake to produce Makefile.in
+
+pamdir = $(sysconfdir)/pam.d
+pam_DATA = polkit
+
+pkgconfigdir = $(libdir)/pkgconfig
+pkgconfig_DATA = polkit.pc polkit-dbus.pc polkit-grant.pc
+
+DISTCLEANFILES = polkit.pc polkit-dbus.pc polkit-grant.pc
+
+EXTRA_DIST = polkit.in polkit.pc.in polkit-dbus.pc.in polkit-grant.pc.in
+
+clean-local :
+ rm -f *~
diff --git a/data/polkit-dbus.pc.in b/data/polkit-dbus.pc.in
new file mode 100644
index 0000000..f002060
--- /dev/null
+++ b/data/polkit-dbus.pc.in
@@ -0,0 +1,11 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: libpolkit-dbus
+Description: helper library for obtaining seat, session and caller information via D-Bus and ConsoleKit
+Version: @VERSION@
+Requires: libpolkit dbus-1
+Libs: -L${libdir} -lpolkit-dbus
+Cflags: -I${includedir}/PolicyKit
diff --git a/data/polkit-grant.pc.in b/data/polkit-grant.pc.in
new file mode 100644
index 0000000..8e40177
--- /dev/null
+++ b/data/polkit-grant.pc.in
@@ -0,0 +1,11 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: libpolkit-grant
+Description: library for obtaining privileges via PolicyKit
+Version: @VERSION@
+Requires: glib-2.0 libpolkit
+Libs: -L${libdir} -lpolkit-grant
+Cflags: -I${includedir}/PolicyKit
diff --git a/data/polkit.in b/data/polkit.in
new file mode 100644
index 0000000..142dadd
--- /dev/null
+++ b/data/polkit.in
@@ -0,0 +1,6 @@
+#%PAM-1.0
+
+auth include @PAM_FILE_INCLUDE_AUTH@
+account include @PAM_FILE_INCLUDE_ACCOUNT@
+password include @PAM_FILE_INCLUDE_PASSWORD@
+session include @PAM_FILE_INCLUDE_SESSION@
diff --git a/data/polkit.pc.in b/data/polkit.pc.in
new file mode 100644
index 0000000..3f36d2d
--- /dev/null
+++ b/data/polkit.pc.in
@@ -0,0 +1,11 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: libpolkit
+Description: library for querying system-wide policy
+Version: @VERSION@
+Requires: glib-2.0
+Libs: -L${libdir} -lpolkit
+Cflags: -I${includedir}/PolicyKit
diff --git a/doc/api/Makefile.am b/doc/api/Makefile.am
index 46809b2..81fbf84 100644
--- a/doc/api/Makefile.am
+++ b/doc/api/Makefile.am
@@ -1,6 +1,6 @@
## Process this file with automake to create Makefile.in.
-SUBDIRS = libpolkit libpolkit-dbus libpolkit-grant
+SUBDIRS = polkit polkit-dbus polkit-grant
MAINTAINERCLEANFILES = \
*~ \
diff --git a/doc/api/libpolkit-dbus/Makefile.am b/doc/api/libpolkit-dbus/Makefile.am
deleted file mode 100644
index c539267..0000000
--- a/doc/api/libpolkit-dbus/Makefile.am
+++ /dev/null
@@ -1,67 +0,0 @@
-## Process this file with automake to create Makefile.in.
-
-NULL =
-
-AUTOMAKE_OPTIONS = 1.7
-
-# The name of the module.
-DOC_MODULE=libpolkit-dbus
-
-# The top-level SGML file.
-DOC_MAIN_SGML_FILE=libpolkit-dbus-docs.xml
-
-# Extra options to supply to gtkdoc-scan
-#SCAN_OPTIONS=--deprecated-guards="CAIRO_DISABLE_DEPRECATED"
-
-# The directory containing the source code. Relative to $(srcdir)
-DOC_SOURCE_DIR=../../../libpolkit-dbus
-
-# Used for dependencies
-HFILE_GLOB=$(top_srcdir)/libpolkit-dbus/*.h
-CFILE_GLOB=$(top_srcdir)/libpolkit-dbus/*.c
-
-# Headers to ignore
-IGNORE_HFILES= \
- $(NULL)
-
-# CFLAGS and LDFLAGS for compiling scan program. Only needed
-# if $(DOC_MODULE).types is non-empty.
-INCLUDES = \
- $(GLIB_CFLAGS) \
- -I$(top_srcdir) \
- -I$(top_builddir) \
- $(NULL)
-
-GTKDOC_LIBS = \
- $(GLIB_LIBS) \
- $(top_builddir)/libpolkit-dbus/libpolkit-dbus.la \
- $(NULL)
-
-# Extra options to supply to gtkdoc-mkdb
-MKDB_OPTIONS=--sgml-mode --output-format=xml
-
-# Extra options to supply to gtkdoc-mktmpl
-MKTMPL_OPTIONS=
-
-# Non-autogenerated SGML files to be included in $(DOC_MAIN_SGML_FILE)
-content_files = \
- version.xml \
- $(NULL)
-
-# Images to copy into HTML directory
-HTML_IMAGES =
-
-# Extra options to supply to gtkdoc-fixref
-FIXXREF_OPTIONS=
-
-MAINTAINERCLEANFILES = \
- *~ \
- Makefile.in \
- libpolkit-dbus.types \
- libpolkit-dbus-*.txt \
- $(NULL)
-
-include $(top_srcdir)/gtk-doc.make
-
-# Version information for marking the documentation
-EXTRA_DIST += version.xml.in
diff --git a/doc/api/libpolkit-dbus/libpolkit-dbus-docs.xml b/doc/api/libpolkit-dbus/libpolkit-dbus-docs.xml
deleted file mode 100644
index 9dcf978..0000000
--- a/doc/api/libpolkit-dbus/libpolkit-dbus-docs.xml
+++ /dev/null
@@ -1,109 +0,0 @@
-<?xml version="1.0"?>
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd" [
-<!ENTITY version SYSTEM "version.xml">
-]>
-<book id="index" xmlns:xi="http://www.w3.org/2003/XInclude">
- <bookinfo>
- <title>PolicyKit D-Bus Helper Library Reference Manual</title>
- <releaseinfo>Version &version;</releaseinfo>
- <authorgroup>
- <author>
- <firstname>David</firstname>
- <surname>Zeuthen</surname>
- <affiliation>
- <address>
- <email>david at fubar.dk</email>
- </address>
- </affiliation>
- </author>
- </authorgroup>
-
- <copyright>
- <year>2007</year>
- <holder>The PolicyKit Authors</holder>
- </copyright>
-
- <legalnotice>
- <para>
- Permission is granted to copy, distribute and/or modify this
- document under the terms of the <citetitle>GNU Free
- Documentation License</citetitle>, Version 1.1 or any later
- version published by the Free Software Foundation with no
- Invariant Sections, no Front-Cover Texts, and no Back-Cover
- Texts. You may obtain a copy of the <citetitle>GNU Free
- Documentation License</citetitle> from the Free Software
- Foundation by visiting <ulink type="http"
- url="http://www.fsf.org">their Web site</ulink> or by writing
- to:
-
- <address>
- The Free Software Foundation, Inc.,
- <street>59 Temple Place</street> - Suite 330,
- <city>Boston</city>, <state>MA</state> <postcode>02111-1307</postcode>,
- <country>USA</country>
- </address>
- </para>
-
- <para>
- Many of the names used by companies to distinguish their
- products and services are claimed as trademarks. Where those
- names appear in any GNOME documentation, and those trademarks
- are made aware to the members of the GNOME Documentation
- Project, the names have been printed in caps or initial caps.
- </para>
- </legalnotice>
- </bookinfo>
-
- <reference>
- <title>API Reference</title>
-
- <partintro>
- <para>
- This part presents the class and function reference for the
- PolicyKit D-Bus helper library.
- </para>
- </partintro>
- <xi:include href="xml/libpolkit-dbus.xml"/>
- </reference>
-
- <index>
- <title>Index</title>
- </index>
-
- <!-- License -->
-
- <appendix id="license">
- <title>License</title>
-
- <para>
- This library is free software; you can redistribute it and/or
- modify it under the terms of the <citetitle>GNU General
- Public License</citetitle> as published by the Free Software
- Foundation; either version 2 of the License, or (at your option)
- any later version.
- </para>
-
- <para>
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- <citetitle>GNU Library General Public License</citetitle> for
- more details.
- </para>
-
- <para>
- You may obtain a copy of the <citetitle>GNU General
- Public License</citetitle> from the Free Software Foundation by
- visiting <ulink type="http" url="http://www.fsf.org">their Web
- site</ulink> or by writing to:
-
- <address>
- Free Software Foundation, Inc.
- <street>59 Temple Place</street> - Suite 330
- <city>Boston</city>, <state>MA</state> <postcode>02111-1307</postcode>
- <country>USA</country>
- </address>
- </para>
- </appendix>
-</book>
diff --git a/doc/api/libpolkit-dbus/libpolkit-dbus.types b/doc/api/libpolkit-dbus/libpolkit-dbus.types
deleted file mode 100644
index e69de29..0000000
diff --git a/doc/api/libpolkit-dbus/version.xml.in b/doc/api/libpolkit-dbus/version.xml.in
deleted file mode 100644
index d78bda9..0000000
--- a/doc/api/libpolkit-dbus/version.xml.in
+++ /dev/null
@@ -1 +0,0 @@
- at VERSION@
diff --git a/doc/api/libpolkit-grant/Makefile.am b/doc/api/libpolkit-grant/Makefile.am
deleted file mode 100644
index f65956e..0000000
--- a/doc/api/libpolkit-grant/Makefile.am
+++ /dev/null
@@ -1,67 +0,0 @@
-## Process this file with automake to create Makefile.in.
-
-NULL =
-
-AUTOMAKE_OPTIONS = 1.7
-
-# The name of the module.
-DOC_MODULE=libpolkit-grant
-
-# The top-level SGML file.
-DOC_MAIN_SGML_FILE=libpolkit-grant-docs.xml
-
-# Extra options to supply to gtkdoc-scan
-#SCAN_OPTIONS=--deprecated-guards="CAIRO_DISABLE_DEPRECATED"
-
-# The directory containing the source code. Relative to $(srcdir)
-DOC_SOURCE_DIR=../../../libpolkit-grant
-
-# Used for dependencies
-HFILE_GLOB=$(top_srcdir)/libpolkit-grant/*.h
-CFILE_GLOB=$(top_srcdir)/libpolkit-grant/*.c
-
-# Headers to ignore
-IGNORE_HFILES= \
- $(NULL)
-
-# CFLAGS and LDFLAGS for compiling scan program. Only needed
-# if $(DOC_MODULE).types is non-empty.
-INCLUDES = \
- $(GLIB_CFLAGS) \
- -I$(top_srcdir) \
- -I$(top_builddir) \
- $(NULL)
-
-GTKDOC_LIBS = \
- $(GLIB_LIBS) \
- $(top_builddir)/libpolkit-grant/libpolkit-grant.la \
- $(NULL)
-
-# Extra options to supply to gtkdoc-mkdb
-MKDB_OPTIONS=--sgml-mode --output-format=xml
-
-# Extra options to supply to gtkdoc-mktmpl
-MKTMPL_OPTIONS=
-
-# Non-autogenerated SGML files to be included in $(DOC_MAIN_SGML_FILE)
-content_files = \
- version.xml \
- $(NULL)
-
-# Images to copy into HTML directory
-HTML_IMAGES =
-
-# Extra options to supply to gtkdoc-fixref
-FIXXREF_OPTIONS=
-
-MAINTAINERCLEANFILES = \
- *~ \
- Makefile.in \
- libpolkit-grant.types \
- libpolkit-grant-*.txt \
- $(NULL)
-
-include $(top_srcdir)/gtk-doc.make
-
-# Version information for marking the documentation
-EXTRA_DIST += version.xml.in
diff --git a/doc/api/libpolkit-grant/libpolkit-grant-docs.xml b/doc/api/libpolkit-grant/libpolkit-grant-docs.xml
deleted file mode 100644
index 0ca0f9f..0000000
--- a/doc/api/libpolkit-grant/libpolkit-grant-docs.xml
+++ /dev/null
@@ -1,109 +0,0 @@
-<?xml version="1.0"?>
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd" [
-<!ENTITY version SYSTEM "version.xml">
-]>
-<book id="index" xmlns:xi="http://www.w3.org/2003/XInclude">
- <bookinfo>
- <title>PolicyKit Granting Library Reference Manual</title>
- <releaseinfo>Version &version;</releaseinfo>
- <authorgroup>
- <author>
- <firstname>David</firstname>
- <surname>Zeuthen</surname>
- <affiliation>
- <address>
- <email>david at fubar.dk</email>
- </address>
- </affiliation>
- </author>
- </authorgroup>
-
- <copyright>
- <year>2007</year>
- <holder>The PolicyKit Authors</holder>
- </copyright>
-
- <legalnotice>
- <para>
- Permission is granted to copy, distribute and/or modify this
- document under the terms of the <citetitle>GNU Free
- Documentation License</citetitle>, Version 1.1 or any later
- version published by the Free Software Foundation with no
- Invariant Sections, no Front-Cover Texts, and no Back-Cover
- Texts. You may obtain a copy of the <citetitle>GNU Free
- Documentation License</citetitle> from the Free Software
- Foundation by visiting <ulink type="http"
- url="http://www.fsf.org">their Web site</ulink> or by writing
- to:
-
- <address>
- The Free Software Foundation, Inc.,
- <street>59 Temple Place</street> - Suite 330,
- <city>Boston</city>, <state>MA</state> <postcode>02111-1307</postcode>,
- <country>USA</country>
- </address>
- </para>
-
- <para>
- Many of the names used by companies to distinguish their
- products and services are claimed as trademarks. Where those
- names appear in any GNOME documentation, and those trademarks
- are made aware to the members of the GNOME Documentation
- Project, the names have been printed in caps or initial caps.
- </para>
- </legalnotice>
- </bookinfo>
-
- <reference>
- <title>API Reference</title>
-
- <partintro>
- <para>
- This part presents the class and function reference for the
- PolicyKit granting helper library.
- </para>
- </partintro>
- <xi:include href="xml/libpolkit-grant.xml"/>
- </reference>
-
- <index>
- <title>Index</title>
- </index>
-
- <!-- License -->
-
- <appendix id="license">
- <title>License</title>
-
- <para>
- This library is free software; you can redistribute it and/or
- modify it under the terms of the <citetitle>GNU General
- Public License</citetitle> as published by the Free Software
- Foundation; either version 2 of the License, or (at your option)
- any later version.
- </para>
-
- <para>
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- <citetitle>GNU Library General Public License</citetitle> for
- more details.
- </para>
-
- <para>
- You may obtain a copy of the <citetitle>GNU General
- Public License</citetitle> from the Free Software Foundation by
- visiting <ulink type="http" url="http://www.fsf.org">their Web
- site</ulink> or by writing to:
-
- <address>
- Free Software Foundation, Inc.
- <street>59 Temple Place</street> - Suite 330
- <city>Boston</city>, <state>MA</state> <postcode>02111-1307</postcode>
- <country>USA</country>
- </address>
- </para>
- </appendix>
-</book>
diff --git a/doc/api/libpolkit-grant/libpolkit-grant.types b/doc/api/libpolkit-grant/libpolkit-grant.types
deleted file mode 100644
index e69de29..0000000
diff --git a/doc/api/libpolkit-grant/version.xml.in b/doc/api/libpolkit-grant/version.xml.in
deleted file mode 100644
index d78bda9..0000000
--- a/doc/api/libpolkit-grant/version.xml.in
+++ /dev/null
@@ -1 +0,0 @@
- at VERSION@
diff --git a/doc/api/libpolkit/Makefile.am b/doc/api/libpolkit/Makefile.am
deleted file mode 100644
index 6c3d6f9..0000000
--- a/doc/api/libpolkit/Makefile.am
+++ /dev/null
@@ -1,67 +0,0 @@
-## Process this file with automake to create Makefile.in.
-
-NULL =
-
-AUTOMAKE_OPTIONS = 1.7
-
-# The name of the module.
-DOC_MODULE=libpolkit
-
-# The top-level SGML file.
-DOC_MAIN_SGML_FILE=libpolkit-docs.xml
-
-# Extra options to supply to gtkdoc-scan
-#SCAN_OPTIONS=--deprecated-guards="CAIRO_DISABLE_DEPRECATED"
-
-# The directory containing the source code. Relative to $(srcdir)
-DOC_SOURCE_DIR=../../../libpolkit
-
-# Used for dependencies
-HFILE_GLOB=$(top_srcdir)/libpolkit/*.h
-CFILE_GLOB=$(top_srcdir)/libpolkit/*.c
-
-# Headers to ignore
-IGNORE_HFILES= \
- $(NULL)
-
-# CFLAGS and LDFLAGS for compiling scan program. Only needed
-# if $(DOC_MODULE).types is non-empty.
-INCLUDES = \
- $(GLIB_CFLAGS) \
- -I$(top_srcdir) \
- -I$(top_builddir) \
- $(NULL)
-
-GTKDOC_LIBS = \
- $(GLIB_LIBS) \
- $(top_builddir)/libpolkit/libpolkit.la \
- $(NULL)
-
-# Extra options to supply to gtkdoc-mkdb
-MKDB_OPTIONS=--sgml-mode --output-format=xml
-
-# Extra options to supply to gtkdoc-mktmpl
-MKTMPL_OPTIONS=
-
-# Non-autogenerated SGML files to be included in $(DOC_MAIN_SGML_FILE)
-content_files = \
- version.xml \
- $(NULL)
-
-# Images to copy into HTML directory
-HTML_IMAGES =
-
-# Extra options to supply to gtkdoc-fixref
-FIXXREF_OPTIONS=
-
-MAINTAINERCLEANFILES = \
- *~ \
- Makefile.in \
- libpolkit.types \
- libpolkit-*.txt \
- $(NULL)
-
-include $(top_srcdir)/gtk-doc.make
-
-# Version information for marking the documentation
-EXTRA_DIST += version.xml.in
diff --git a/doc/api/libpolkit/libpolkit-docs.xml b/doc/api/libpolkit/libpolkit-docs.xml
deleted file mode 100644
index b0f538f..0000000
--- a/doc/api/libpolkit/libpolkit-docs.xml
+++ /dev/null
@@ -1,124 +0,0 @@
-<?xml version="1.0"?>
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd" [
-<!ENTITY version SYSTEM "version.xml">
-]>
-<book id="index" xmlns:xi="http://www.w3.org/2003/XInclude">
- <bookinfo>
- <title>PolicyKit Library Reference Manual</title>
- <releaseinfo>Version &version;</releaseinfo>
- <authorgroup>
- <author>
- <firstname>David</firstname>
- <surname>Zeuthen</surname>
- <affiliation>
- <address>
- <email>david at fubar.dk</email>
- </address>
- </affiliation>
- </author>
- </authorgroup>
-
- <copyright>
- <year>2007</year>
- <holder>The PolicyKit Authors</holder>
- </copyright>
-
- <legalnotice>
- <para>
- Permission is granted to copy, distribute and/or modify this
- document under the terms of the <citetitle>GNU Free
- Documentation License</citetitle>, Version 1.1 or any later
- version published by the Free Software Foundation with no
- Invariant Sections, no Front-Cover Texts, and no Back-Cover
- Texts. You may obtain a copy of the <citetitle>GNU Free
- Documentation License</citetitle> from the Free Software
- Foundation by visiting <ulink type="http"
- url="http://www.fsf.org">their Web site</ulink> or by writing
- to:
-
- <address>
- The Free Software Foundation, Inc.,
- <street>59 Temple Place</street> - Suite 330,
- <city>Boston</city>, <state>MA</state> <postcode>02111-1307</postcode>,
- <country>USA</country>
- </address>
- </para>
-
- <para>
- Many of the names used by companies to distinguish their
- products and services are claimed as trademarks. Where those
- names appear in any GNOME documentation, and those trademarks
- are made aware to the members of the GNOME Documentation
- Project, the names have been printed in caps or initial caps.
- </para>
- </legalnotice>
- </bookinfo>
-
- <reference>
- <title>API Reference</title>
-
- <partintro>
- <para>
- This part presents the class and function reference for the
- PolicyKit library.
- </para>
- </partintro>
- <xi:include href="xml/libpolkit-types.xml"/>
- <xi:include href="xml/libpolkit-error.xml"/>
- <xi:include href="xml/libpolkit-result.xml"/>
- <xi:include href="xml/libpolkit-context.xml"/>
- <xi:include href="xml/libpolkit-action.xml"/>
- <xi:include href="xml/libpolkit-policy-file.xml"/>
- <xi:include href="xml/libpolkit-policy-file-entry.xml"/>
- <xi:include href="xml/libpolkit-policy-default.xml"/>
- <xi:include href="xml/libpolkit-policy-cache.xml"/>
- <xi:include href="xml/libpolkit-resource.xml"/>
- <xi:include href="xml/libpolkit-seat.xml"/>
- <xi:include href="xml/libpolkit-session.xml"/>
- <xi:include href="xml/libpolkit-caller.xml"/>
- <xi:include href="xml/libpolkit-module.xml"/>
- <xi:include href="xml/libpolkit-debug.xml"/>
- <xi:include href="xml/libpolkit-utils.xml"/>
- </reference>
-
- <index>
- <title>Index</title>
- </index>
-
- <!-- License -->
-
- <appendix id="license">
- <title>License</title>
-
- <para>
- This library is free software; you can redistribute it and/or
- modify it under the terms of the <citetitle>GNU General
- Public License</citetitle> as published by the Free Software
- Foundation; either version 2 of the License, or (at your option)
- any later version.
- </para>
-
- <para>
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- <citetitle>GNU Library General Public License</citetitle> for
- more details.
- </para>
-
- <para>
- You may obtain a copy of the <citetitle>GNU General
- Public License</citetitle> from the Free Software Foundation by
- visiting <ulink type="http" url="http://www.fsf.org">their Web
- site</ulink> or by writing to:
-
- <address>
- Free Software Foundation, Inc.
- <street>59 Temple Place</street> - Suite 330
- <city>Boston</city>, <state>MA</state> <postcode>02111-1307</postcode>
- <country>USA</country>
- </address>
- </para>
- </appendix>
-</book>
diff --git a/doc/api/libpolkit/libpolkit.types b/doc/api/libpolkit/libpolkit.types
deleted file mode 100644
index e69de29..0000000
diff --git a/doc/api/libpolkit/version.xml.in b/doc/api/libpolkit/version.xml.in
deleted file mode 100644
index d78bda9..0000000
--- a/doc/api/libpolkit/version.xml.in
+++ /dev/null
@@ -1 +0,0 @@
- at VERSION@
diff --git a/doc/api/polkit-dbus/Makefile.am b/doc/api/polkit-dbus/Makefile.am
new file mode 100644
index 0000000..6427986
--- /dev/null
+++ b/doc/api/polkit-dbus/Makefile.am
@@ -0,0 +1,67 @@
+## Process this file with automake to create Makefile.in.
+
+NULL =
+
+AUTOMAKE_OPTIONS = 1.7
+
+# The name of the module.
+DOC_MODULE=polkit-dbus
+
+# The top-level SGML file.
+DOC_MAIN_SGML_FILE=polkit-dbus-docs.xml
+
+# Extra options to supply to gtkdoc-scan
+#SCAN_OPTIONS=--deprecated-guards="CAIRO_DISABLE_DEPRECATED"
+
+# The directory containing the source code. Relative to $(srcdir)
+DOC_SOURCE_DIR=../../../polkit-dbus
+
+# Used for dependencies
+HFILE_GLOB=$(top_srcdir)/polkit-dbus/*.h
+CFILE_GLOB=$(top_srcdir)/polkit-dbus/*.c
+
+# Headers to ignore
+IGNORE_HFILES= \
+ $(NULL)
+
+# CFLAGS and LDFLAGS for compiling scan program. Only needed
+# if $(DOC_MODULE).types is non-empty.
+INCLUDES = \
+ $(GLIB_CFLAGS) \
+ -I$(top_srcdir) \
+ -I$(top_builddir) \
+ $(NULL)
+
+GTKDOC_LIBS = \
+ $(GLIB_LIBS) \
+ $(top_builddir)/polkit-dbus/libpolkit-dbus.la \
+ $(NULL)
+
+# Extra options to supply to gtkdoc-mkdb
+MKDB_OPTIONS=--sgml-mode --output-format=xml
+
+# Extra options to supply to gtkdoc-mktmpl
+MKTMPL_OPTIONS=
+
+# Non-autogenerated SGML files to be included in $(DOC_MAIN_SGML_FILE)
+content_files = \
+ version.xml \
+ $(NULL)
+
+# Images to copy into HTML directory
+HTML_IMAGES =
+
+# Extra options to supply to gtkdoc-fixref
+FIXXREF_OPTIONS=
+
+MAINTAINERCLEANFILES = \
+ *~ \
+ Makefile.in \
+ polkit-dbus.types \
+ polkit-dbus-*.txt \
+ $(NULL)
+
+include $(top_srcdir)/gtk-doc.make
+
+# Version information for marking the documentation
+EXTRA_DIST += version.xml.in
diff --git a/doc/api/polkit-dbus/polkit-dbus-docs.xml b/doc/api/polkit-dbus/polkit-dbus-docs.xml
new file mode 100644
index 0000000..ed64c6d
--- /dev/null
+++ b/doc/api/polkit-dbus/polkit-dbus-docs.xml
@@ -0,0 +1,109 @@
+<?xml version="1.0"?>
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd" [
+<!ENTITY version SYSTEM "version.xml">
+]>
+<book id="index" xmlns:xi="http://www.w3.org/2003/XInclude">
+ <bookinfo>
+ <title>PolicyKit D-Bus Helper Library Reference Manual</title>
+ <releaseinfo>Version &version;</releaseinfo>
+ <authorgroup>
+ <author>
+ <firstname>David</firstname>
+ <surname>Zeuthen</surname>
+ <affiliation>
+ <address>
+ <email>david at fubar.dk</email>
+ </address>
+ </affiliation>
+ </author>
+ </authorgroup>
+
+ <copyright>
+ <year>2007</year>
+ <holder>The PolicyKit Authors</holder>
+ </copyright>
+
+ <legalnotice>
+ <para>
+ Permission is granted to copy, distribute and/or modify this
+ document under the terms of the <citetitle>GNU Free
+ Documentation License</citetitle>, Version 1.1 or any later
+ version published by the Free Software Foundation with no
+ Invariant Sections, no Front-Cover Texts, and no Back-Cover
+ Texts. You may obtain a copy of the <citetitle>GNU Free
+ Documentation License</citetitle> from the Free Software
+ Foundation by visiting <ulink type="http"
+ url="http://www.fsf.org">their Web site</ulink> or by writing
+ to:
+
+ <address>
+ The Free Software Foundation, Inc.,
+ <street>59 Temple Place</street> - Suite 330,
+ <city>Boston</city>, <state>MA</state> <postcode>02111-1307</postcode>,
+ <country>USA</country>
+ </address>
+ </para>
+
+ <para>
+ Many of the names used by companies to distinguish their
+ products and services are claimed as trademarks. Where those
+ names appear in any GNOME documentation, and those trademarks
+ are made aware to the members of the GNOME Documentation
+ Project, the names have been printed in caps or initial caps.
+ </para>
+ </legalnotice>
+ </bookinfo>
+
+ <reference>
+ <title>API Reference</title>
+
+ <partintro>
+ <para>
+ This part presents the class and function reference for the
+ PolicyKit D-Bus helper library.
+ </para>
+ </partintro>
+ <xi:include href="xml/polkit-dbus.xml"/>
+ </reference>
+
+ <index>
+ <title>Index</title>
+ </index>
+
+ <!-- License -->
+
+ <appendix id="license">
+ <title>License</title>
+
+ <para>
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the <citetitle>GNU General
+ Public License</citetitle> as published by the Free Software
+ Foundation; either version 2 of the License, or (at your option)
+ any later version.
+ </para>
+
+ <para>
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ <citetitle>GNU Library General Public License</citetitle> for
+ more details.
+ </para>
+
+ <para>
+ You may obtain a copy of the <citetitle>GNU General
+ Public License</citetitle> from the Free Software Foundation by
+ visiting <ulink type="http" url="http://www.fsf.org">their Web
+ site</ulink> or by writing to:
+
+ <address>
+ Free Software Foundation, Inc.
+ <street>59 Temple Place</street> - Suite 330
+ <city>Boston</city>, <state>MA</state> <postcode>02111-1307</postcode>
+ <country>USA</country>
+ </address>
+ </para>
+ </appendix>
+</book>
diff --git a/doc/api/polkit-dbus/polkit-dbus.types b/doc/api/polkit-dbus/polkit-dbus.types
new file mode 100644
index 0000000..e69de29
diff --git a/doc/api/polkit-dbus/version.xml.in b/doc/api/polkit-dbus/version.xml.in
new file mode 100644
index 0000000..d78bda9
--- /dev/null
+++ b/doc/api/polkit-dbus/version.xml.in
@@ -0,0 +1 @@
+ at VERSION@
diff --git a/doc/api/polkit-grant/Makefile.am b/doc/api/polkit-grant/Makefile.am
new file mode 100644
index 0000000..b0a3bab
--- /dev/null
+++ b/doc/api/polkit-grant/Makefile.am
@@ -0,0 +1,67 @@
+## Process this file with automake to create Makefile.in.
+
+NULL =
+
+AUTOMAKE_OPTIONS = 1.7
+
+# The name of the module.
+DOC_MODULE=polkit-grant
+
+# The top-level SGML file.
+DOC_MAIN_SGML_FILE=polkit-grant-docs.xml
+
+# Extra options to supply to gtkdoc-scan
+#SCAN_OPTIONS=--deprecated-guards="CAIRO_DISABLE_DEPRECATED"
+
+# The directory containing the source code. Relative to $(srcdir)
+DOC_SOURCE_DIR=../../../polkit-grant
+
+# Used for dependencies
+HFILE_GLOB=$(top_srcdir)/polkit-grant/*.h
+CFILE_GLOB=$(top_srcdir)/polkit-grant/*.c
+
+# Headers to ignore
+IGNORE_HFILES= \
+ $(NULL)
+
+# CFLAGS and LDFLAGS for compiling scan program. Only needed
+# if $(DOC_MODULE).types is non-empty.
+INCLUDES = \
+ $(GLIB_CFLAGS) \
+ -I$(top_srcdir) \
+ -I$(top_builddir) \
+ $(NULL)
+
+GTKDOC_LIBS = \
+ $(GLIB_LIBS) \
+ $(top_builddir)/polkit-grant/libpolkit-grant.la \
+ $(NULL)
+
+# Extra options to supply to gtkdoc-mkdb
+MKDB_OPTIONS=--sgml-mode --output-format=xml
+
+# Extra options to supply to gtkdoc-mktmpl
+MKTMPL_OPTIONS=
+
+# Non-autogenerated SGML files to be included in $(DOC_MAIN_SGML_FILE)
+content_files = \
+ version.xml \
+ $(NULL)
+
+# Images to copy into HTML directory
+HTML_IMAGES =
+
+# Extra options to supply to gtkdoc-fixref
+FIXXREF_OPTIONS=
+
+MAINTAINERCLEANFILES = \
+ *~ \
+ Makefile.in \
+ polkit-grant.types \
+ polkit-grant-*.txt \
+ $(NULL)
+
+include $(top_srcdir)/gtk-doc.make
+
+# Version information for marking the documentation
+EXTRA_DIST += version.xml.in
diff --git a/doc/api/polkit-grant/polkit-grant-docs.xml b/doc/api/polkit-grant/polkit-grant-docs.xml
new file mode 100644
index 0000000..41204c4
--- /dev/null
+++ b/doc/api/polkit-grant/polkit-grant-docs.xml
@@ -0,0 +1,109 @@
+<?xml version="1.0"?>
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd" [
+<!ENTITY version SYSTEM "version.xml">
+]>
+<book id="index" xmlns:xi="http://www.w3.org/2003/XInclude">
+ <bookinfo>
+ <title>PolicyKit Granting Library Reference Manual</title>
+ <releaseinfo>Version &version;</releaseinfo>
+ <authorgroup>
+ <author>
+ <firstname>David</firstname>
+ <surname>Zeuthen</surname>
+ <affiliation>
+ <address>
+ <email>david at fubar.dk</email>
+ </address>
+ </affiliation>
+ </author>
+ </authorgroup>
+
+ <copyright>
+ <year>2007</year>
+ <holder>The PolicyKit Authors</holder>
+ </copyright>
+
+ <legalnotice>
+ <para>
+ Permission is granted to copy, distribute and/or modify this
+ document under the terms of the <citetitle>GNU Free
+ Documentation License</citetitle>, Version 1.1 or any later
+ version published by the Free Software Foundation with no
+ Invariant Sections, no Front-Cover Texts, and no Back-Cover
+ Texts. You may obtain a copy of the <citetitle>GNU Free
+ Documentation License</citetitle> from the Free Software
+ Foundation by visiting <ulink type="http"
+ url="http://www.fsf.org">their Web site</ulink> or by writing
+ to:
+
+ <address>
+ The Free Software Foundation, Inc.,
+ <street>59 Temple Place</street> - Suite 330,
+ <city>Boston</city>, <state>MA</state> <postcode>02111-1307</postcode>,
+ <country>USA</country>
+ </address>
+ </para>
+
+ <para>
+ Many of the names used by companies to distinguish their
+ products and services are claimed as trademarks. Where those
+ names appear in any GNOME documentation, and those trademarks
+ are made aware to the members of the GNOME Documentation
+ Project, the names have been printed in caps or initial caps.
+ </para>
+ </legalnotice>
+ </bookinfo>
+
+ <reference>
+ <title>API Reference</title>
+
+ <partintro>
+ <para>
+ This part presents the class and function reference for the
+ PolicyKit granting helper library.
+ </para>
+ </partintro>
+ <xi:include href="xml/polkit-grant.xml"/>
+ </reference>
+
+ <index>
+ <title>Index</title>
+ </index>
+
+ <!-- License -->
+
+ <appendix id="license">
+ <title>License</title>
+
+ <para>
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the <citetitle>GNU General
+ Public License</citetitle> as published by the Free Software
+ Foundation; either version 2 of the License, or (at your option)
+ any later version.
+ </para>
+
+ <para>
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ <citetitle>GNU Library General Public License</citetitle> for
+ more details.
+ </para>
+
+ <para>
+ You may obtain a copy of the <citetitle>GNU General
+ Public License</citetitle> from the Free Software Foundation by
+ visiting <ulink type="http" url="http://www.fsf.org">their Web
+ site</ulink> or by writing to:
+
+ <address>
+ Free Software Foundation, Inc.
+ <street>59 Temple Place</street> - Suite 330
+ <city>Boston</city>, <state>MA</state> <postcode>02111-1307</postcode>
+ <country>USA</country>
+ </address>
+ </para>
+ </appendix>
+</book>
diff --git a/doc/api/polkit-grant/polkit-grant.types b/doc/api/polkit-grant/polkit-grant.types
new file mode 100644
index 0000000..e69de29
diff --git a/doc/api/polkit-grant/version.xml.in b/doc/api/polkit-grant/version.xml.in
new file mode 100644
index 0000000..d78bda9
--- /dev/null
+++ b/doc/api/polkit-grant/version.xml.in
@@ -0,0 +1 @@
+ at VERSION@
diff --git a/doc/api/polkit/Makefile.am b/doc/api/polkit/Makefile.am
new file mode 100644
index 0000000..0b8d70a
--- /dev/null
+++ b/doc/api/polkit/Makefile.am
@@ -0,0 +1,67 @@
+## Process this file with automake to create Makefile.in.
+
+NULL =
+
+AUTOMAKE_OPTIONS = 1.7
+
+# The name of the module.
+DOC_MODULE=polkit
+
+# The top-level SGML file.
+DOC_MAIN_SGML_FILE=polkit-docs.xml
+
+# Extra options to supply to gtkdoc-scan
+#SCAN_OPTIONS=--deprecated-guards="CAIRO_DISABLE_DEPRECATED"
+
+# The directory containing the source code. Relative to $(srcdir)
+DOC_SOURCE_DIR=../../../polkit
+
+# Used for dependencies
+HFILE_GLOB=$(top_srcdir)/polkit/*.h
+CFILE_GLOB=$(top_srcdir)/polkit/*.c
+
+# Headers to ignore
+IGNORE_HFILES= \
+ $(NULL)
+
+# CFLAGS and LDFLAGS for compiling scan program. Only needed
+# if $(DOC_MODULE).types is non-empty.
+INCLUDES = \
+ $(GLIB_CFLAGS) \
+ -I$(top_srcdir) \
+ -I$(top_builddir) \
+ $(NULL)
+
+GTKDOC_LIBS = \
+ $(GLIB_LIBS) \
+ $(top_builddir)/polkit/libpolkit.la \
+ $(NULL)
+
+# Extra options to supply to gtkdoc-mkdb
+MKDB_OPTIONS=--sgml-mode --output-format=xml
+
+# Extra options to supply to gtkdoc-mktmpl
+MKTMPL_OPTIONS=
+
+# Non-autogenerated SGML files to be included in $(DOC_MAIN_SGML_FILE)
+content_files = \
+ version.xml \
+ $(NULL)
+
+# Images to copy into HTML directory
+HTML_IMAGES =
+
+# Extra options to supply to gtkdoc-fixref
+FIXXREF_OPTIONS=
+
+MAINTAINERCLEANFILES = \
+ *~ \
+ Makefile.in \
+ polkit.types \
+ polkit-*.txt \
+ $(NULL)
+
+include $(top_srcdir)/gtk-doc.make
+
+# Version information for marking the documentation
+EXTRA_DIST += version.xml.in
diff --git a/doc/api/polkit/polkit-docs.xml b/doc/api/polkit/polkit-docs.xml
new file mode 100644
index 0000000..6ed6222
--- /dev/null
+++ b/doc/api/polkit/polkit-docs.xml
@@ -0,0 +1,122 @@
+<?xml version="1.0"?>
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd" [
+<!ENTITY version SYSTEM "version.xml">
+]>
+<book id="index" xmlns:xi="http://www.w3.org/2003/XInclude">
+ <bookinfo>
+ <title>PolicyKit Library Reference Manual</title>
+ <releaseinfo>Version &version;</releaseinfo>
+ <authorgroup>
+ <author>
+ <firstname>David</firstname>
+ <surname>Zeuthen</surname>
+ <affiliation>
+ <address>
+ <email>david at fubar.dk</email>
+ </address>
+ </affiliation>
+ </author>
+ </authorgroup>
+
+ <copyright>
+ <year>2007</year>
+ <holder>The PolicyKit Authors</holder>
+ </copyright>
+
+ <legalnotice>
+ <para>
+ Permission is granted to copy, distribute and/or modify this
+ document under the terms of the <citetitle>GNU Free
+ Documentation License</citetitle>, Version 1.1 or any later
+ version published by the Free Software Foundation with no
+ Invariant Sections, no Front-Cover Texts, and no Back-Cover
+ Texts. You may obtain a copy of the <citetitle>GNU Free
+ Documentation License</citetitle> from the Free Software
+ Foundation by visiting <ulink type="http"
+ url="http://www.fsf.org">their Web site</ulink> or by writing
+ to:
+
+ <address>
+ The Free Software Foundation, Inc.,
+ <street>59 Temple Place</street> - Suite 330,
+ <city>Boston</city>, <state>MA</state> <postcode>02111-1307</postcode>,
+ <country>USA</country>
+ </address>
+ </para>
+
+ <para>
+ Many of the names used by companies to distinguish their
+ products and services are claimed as trademarks. Where those
+ names appear in any GNOME documentation, and those trademarks
+ are made aware to the members of the GNOME Documentation
+ Project, the names have been printed in caps or initial caps.
+ </para>
+ </legalnotice>
+ </bookinfo>
+
+ <reference>
+ <title>API Reference</title>
+
+ <partintro>
+ <para>
+ This part presents the class and function reference for the
+ PolicyKit library.
+ </para>
+ </partintro>
+ <xi:include href="xml/polkit-types.xml"/>
+ <xi:include href="xml/polkit-error.xml"/>
+ <xi:include href="xml/polkit-result.xml"/>
+ <xi:include href="xml/polkit-context.xml"/>
+ <xi:include href="xml/polkit-action.xml"/>
+ <xi:include href="xml/polkit-policy-file.xml"/>
+ <xi:include href="xml/polkit-policy-file-entry.xml"/>
+ <xi:include href="xml/polkit-policy-default.xml"/>
+ <xi:include href="xml/polkit-policy-cache.xml"/>
+ <xi:include href="xml/polkit-resource.xml"/>
+ <xi:include href="xml/polkit-seat.xml"/>
+ <xi:include href="xml/polkit-session.xml"/>
+ <xi:include href="xml/polkit-caller.xml"/>
+ <xi:include href="xml/polkit-module.xml"/>
+ </reference>
+
+ <index>
+ <title>Index</title>
+ </index>
+
+ <!-- License -->
+
+ <appendix id="license">
+ <title>License</title>
+
+ <para>
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the <citetitle>GNU General
+ Public License</citetitle> as published by the Free Software
+ Foundation; either version 2 of the License, or (at your option)
+ any later version.
+ </para>
+
+ <para>
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ <citetitle>GNU Library General Public License</citetitle> for
+ more details.
+ </para>
+
+ <para>
+ You may obtain a copy of the <citetitle>GNU General
+ Public License</citetitle> from the Free Software Foundation by
+ visiting <ulink type="http" url="http://www.fsf.org">their Web
+ site</ulink> or by writing to:
+
+ <address>
+ Free Software Foundation, Inc.
+ <street>59 Temple Place</street> - Suite 330
+ <city>Boston</city>, <state>MA</state> <postcode>02111-1307</postcode>
+ <country>USA</country>
+ </address>
+ </para>
+ </appendix>
+</book>
diff --git a/doc/api/polkit/polkit.types b/doc/api/polkit/polkit.types
new file mode 100644
index 0000000..e69de29
diff --git a/doc/api/polkit/version.xml.in b/doc/api/polkit/version.xml.in
new file mode 100644
index 0000000..d78bda9
--- /dev/null
+++ b/doc/api/polkit/version.xml.in
@@ -0,0 +1 @@
+ at VERSION@
diff --git a/libpolkit-dbus.pc.in b/libpolkit-dbus.pc.in
deleted file mode 100644
index f002060..0000000
--- a/libpolkit-dbus.pc.in
+++ /dev/null
@@ -1,11 +0,0 @@
-prefix=@prefix@
-exec_prefix=@exec_prefix@
-libdir=@libdir@
-includedir=@includedir@
-
-Name: libpolkit-dbus
-Description: helper library for obtaining seat, session and caller information via D-Bus and ConsoleKit
-Version: @VERSION@
-Requires: libpolkit dbus-1
-Libs: -L${libdir} -lpolkit-dbus
-Cflags: -I${includedir}/PolicyKit
diff --git a/libpolkit-dbus/Makefile.am b/libpolkit-dbus/Makefile.am
deleted file mode 100644
index 3a51c3a..0000000
--- a/libpolkit-dbus/Makefile.am
+++ /dev/null
@@ -1,31 +0,0 @@
-## Process this file with automake to produce Makefile.in
-
-INCLUDES = \
- -I$(top_builddir) -I$(top_srcdir) \
- -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
- -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
- -DPACKAGE_DATA_DIR=\""$(datadir)"\" \
- -DPACKAGE_BIN_DIR=\""$(bindir)"\" \
- -DPACKAGE_LOCALSTATEDIR=\""$(localstatedir)"\" \
- -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \
- -DPACKAGE_LIB_DIR=\""$(libdir)"\" \
- -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \
- @GLIB_CFLAGS@ @DBUS_CFLAGS@
-
-lib_LTLIBRARIES=libpolkit-dbus.la
-
-libpolkit_dbusincludedir=$(includedir)/PolicyKit/libpolkit-dbus
-
-libpolkit_dbusinclude_HEADERS = \
- libpolkit-dbus.h
-
-libpolkit_dbus_la_SOURCES = \
- libpolkit-dbus.h libpolkit-dbus.c
-
-libpolkit_dbus_la_LIBADD = @DBUS_LIBS@ $(top_builddir)/libpolkit/libpolkit.la
-
-libpolkit_dbus_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
-
-clean-local :
- rm -f *~ $(BUILT_SOURCES)
-
diff --git a/libpolkit-dbus/libpolkit-dbus.c b/libpolkit-dbus/libpolkit-dbus.c
deleted file mode 100644
index 6c4995a..0000000
--- a/libpolkit-dbus/libpolkit-dbus.c
+++ /dev/null
@@ -1,540 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-dbus.h : helper library for obtaining seat, session and
- * caller information via D-Bus and ConsoleKit
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-/**
- * SECTION:libpolkit-dbus
- * @short_description: Helper library for obtaining seat, session and caller information via D-Bus and ConsoleKit.
- *
- * Helper library for obtaining seat, session and caller information
- * via D-Bus and ConsoleKit.
- **/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <sys/time.h>
-#include <time.h>
-#include <glib.h>
-#include <string.h>
-
-#include "libpolkit-dbus.h"
-
-
-/**
- * libpolkit_session_new_from_objpath:
- * @con: D-Bus system bus connection
- * @objpath: object path of ConsoleKit session object
- * @uid: the user owning the session or -1 if unknown
- * @error: D-Bus error
- *
- * This function will construct a #PolKitSession object by querying
- * the ConsoleKit daemon for information. Note that this will do a lot
- * of blocking IO so it is best avoided if your process already
- * tracks/caches all the information. If you pass in @uid as a
- * non-negative number, a round trip can be saved.
- *
- * Returns: the new object or #NULL if an error occured (in which case
- * @error will be set)
- **/
-PolKitSession *
-libpolkit_session_new_from_objpath (DBusConnection *con, const char *objpath, uid_t uid, DBusError *error)
-{
- PolKitSeat *seat;
- PolKitSession *session;
- DBusMessage *message;
- DBusMessage *reply;
- char *str;
- dbus_bool_t is_active;
- dbus_bool_t is_local;
- char *remote_host;
- char *seat_path;
-
- g_return_val_if_fail (con != NULL, NULL);
- g_return_val_if_fail (objpath != NULL, NULL);
- g_return_val_if_fail (error != NULL, NULL);
- g_return_val_if_fail (! dbus_error_is_set (error), NULL);
-
- session = NULL;
- remote_host = NULL;
- seat_path = NULL;
-
- message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
- objpath,
- "org.freedesktop.ConsoleKit.Session",
- "IsActive");
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- g_warning ("Error doing Session.IsActive on ConsoleKit: %s: %s", error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- goto out;
- }
- if (!dbus_message_get_args (reply, NULL,
- DBUS_TYPE_BOOLEAN, &is_active,
- DBUS_TYPE_INVALID)) {
- g_warning ("Invalid IsActive reply from CK");
- goto out;
- }
- dbus_message_unref (message);
- dbus_message_unref (reply);
-
- message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
- objpath,
- "org.freedesktop.ConsoleKit.Session",
- "IsLocal");
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- g_warning ("Error doing Session.IsLocal on ConsoleKit: %s: %s", error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- goto out;
- }
- if (!dbus_message_get_args (reply, NULL,
- DBUS_TYPE_BOOLEAN, &is_local,
- DBUS_TYPE_INVALID)) {
- g_warning ("Invalid IsLocal reply from CK");
- goto out;
- }
- dbus_message_unref (message);
- dbus_message_unref (reply);
-
- if (!is_local) {
- message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
- objpath,
- "org.freedesktop.ConsoleKit.Session",
- "GetRemoteHostName");
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- g_warning ("Error doing Session.GetRemoteHostName on ConsoleKit: %s: %s",
- error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- goto out;
- }
- if (!dbus_message_get_args (reply, NULL,
- DBUS_TYPE_STRING, &str,
- DBUS_TYPE_INVALID)) {
- g_warning ("Invalid GetRemoteHostName reply from CK");
- goto out;
- }
- remote_host = g_strdup (str);
- dbus_message_unref (message);
- dbus_message_unref (reply);
- }
-
- message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
- objpath,
- "org.freedesktop.ConsoleKit.Session",
- "GetSeatId");
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- g_warning ("Error doing Session.GetSeatId on ConsoleKit: %s: %s",
- error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- goto out;
- }
- if (!dbus_message_get_args (reply, NULL,
- DBUS_TYPE_OBJECT_PATH, &str,
- DBUS_TYPE_INVALID)) {
- g_warning ("Invalid GetSeatId reply from CK");
- goto out;
- }
- seat_path = g_strdup (str);
- dbus_message_unref (message);
- dbus_message_unref (reply);
-
- if ((int) uid == -1) {
- message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
- objpath,
- "org.freedesktop.ConsoleKit.Session",
- "GetUnixUser");
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- g_warning ("Error doing Session.GetUnixUser on ConsoleKit: %s: %s",error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- goto out;
- }
- if (!dbus_message_get_args (reply, NULL,
- DBUS_TYPE_INT32, &uid,
- DBUS_TYPE_INVALID)) {
- g_warning ("Invalid GetUnixUser reply from CK");
- goto out;
- }
- dbus_message_unref (message);
- dbus_message_unref (reply);
- }
-
- session = libpolkit_session_new ();
- if (session == NULL) {
- goto out;
- }
- if (!libpolkit_session_set_ck_objref (session, objpath)) {
- libpolkit_session_unref (session);
- session = NULL;
- goto out;
- }
- if (!libpolkit_session_set_ck_is_active (session, is_active)) {
- libpolkit_session_unref (session);
- session = NULL;
- goto out;
- }
- if (!libpolkit_session_set_ck_is_local (session, is_local)) {
- libpolkit_session_unref (session);
- session = NULL;
- goto out;
- }
- if (!is_local) {
- if (!libpolkit_session_set_ck_remote_host (session, remote_host)) {
- libpolkit_session_unref (session);
- session = NULL;
- goto out;
- }
-
- }
-
- seat = libpolkit_seat_new ();
- if (seat == NULL) {
- libpolkit_session_unref (session);
- session = NULL;
- goto out;
- }
- if (!libpolkit_seat_set_ck_objref (seat, seat_path)) {
- libpolkit_seat_unref (seat);
- seat = NULL;
- libpolkit_session_unref (session);
- session = NULL;
- goto out;
- }
- if (!libpolkit_seat_validate (seat)) {
- libpolkit_seat_unref (seat);
- seat = NULL;
- libpolkit_session_unref (session);
- session = NULL;
- goto out;
- }
-
- if (!libpolkit_session_set_seat (session, seat)) {
- libpolkit_seat_unref (seat);
- seat = NULL;
- libpolkit_session_unref (session);
- session = NULL;
- goto out;
- }
- libpolkit_seat_unref (seat); /* session object now owns this object */
- seat = NULL;
-
- if (!libpolkit_session_validate (session)) {
- libpolkit_session_unref (session);
- session = NULL;
- goto out;
- }
-
-out:
- g_free (remote_host);
- g_free (seat_path);
- return session;
-}
-
-/**
- * libpolkit_session_new_from_cookie:
- * @con: D-Bus system bus connection
- * @cookie: a ConsoleKit XDG_SESSION_COOKIE
- * @error: D-Bus error
- *
- * This function will construct a #PolKitSession object by querying
- * the ConsoleKit daemon for information. Note that this will do a lot
- * of blocking IO so it is best avoided if your process already
- * tracks/caches all the information.
- *
- * Returns: the new object or #NULL if an error occured (in which case
- * @error will be set)
- **/
-PolKitSession *
-libpolkit_session_new_from_cookie (DBusConnection *con, const char *cookie, DBusError *error)
-{
- PolKitSession *session;
- DBusMessage *message;
- DBusMessage *reply;
- char *str;
- char *objpath;
-
- g_return_val_if_fail (con != NULL, NULL);
- g_return_val_if_fail (cookie != NULL, NULL);
- g_return_val_if_fail (error != NULL, NULL);
- g_return_val_if_fail (! dbus_error_is_set (error), NULL);
-
- objpath = NULL;
- session = NULL;
-
- message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
- "/org/freedesktop/ConsoleKit/Manager",
- "org.freedesktop.ConsoleKit.Manager",
- "GetSessionForCookie");
- dbus_message_append_args (message, DBUS_TYPE_STRING, &cookie, DBUS_TYPE_INVALID);
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- g_warning ("Error doing Manager.GetSessionForCookie on ConsoleKit: %s: %s",
- error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- goto out;
- }
- if (!dbus_message_get_args (reply, NULL,
- DBUS_TYPE_OBJECT_PATH, &str,
- DBUS_TYPE_INVALID)) {
- g_warning ("Invalid GetSessionForCookie reply from CK");
- goto out;
- }
- objpath = g_strdup (str);
- dbus_message_unref (message);
- dbus_message_unref (reply);
-
- session = libpolkit_session_new_from_objpath (con, objpath, -1, error);
-
-out:
- g_free (objpath);
- return session;
-}
-
-
-/**
- * libpolkit_caller_new_from_dbus_name:
- * @con: D-Bus system bus connection
- * @dbus_name: unique system bus connection name
- * @error: D-Bus error
- *
- * This function will construct a #PolKitCaller object by querying
- * both the system bus daemon and the ConsoleKit daemon for
- * information. Note that this will do a lot of blocking IO so it is
- * best avoided if your process already tracks/caches all the
- * information.
- *
- * Returns: the new object or #NULL if an error occured (in which case
- * @error will be set)
- **/
-PolKitCaller *
-libpolkit_caller_new_from_dbus_name (DBusConnection *con, const char *dbus_name, DBusError *error)
-{
- PolKitCaller *caller;
- pid_t pid;
- uid_t uid;
- char *selinux_context;
- char *ck_session_objpath;
- PolKitSession *session;
- DBusMessage *message;
- DBusMessage *reply;
- DBusMessageIter iter;
- DBusMessageIter sub_iter;
- char *str;
- int num_elems;
-
- g_return_val_if_fail (con != NULL, NULL);
- g_return_val_if_fail (dbus_name != NULL, NULL);
- g_return_val_if_fail (error != NULL, NULL);
- g_return_val_if_fail (! dbus_error_is_set (error), NULL);
-
- selinux_context = NULL;
- ck_session_objpath = NULL;
-
- caller = NULL;
- session = NULL;
-
- uid = dbus_bus_get_unix_user (con, dbus_name, error);
- if (uid == ((unsigned long) -1) || dbus_error_is_set (error)) {
- g_warning ("Could not get uid for connection: %s %s", error->name, error->message);
- goto out;
- }
-
- message = dbus_message_new_method_call ("org.freedesktop.DBus",
- "/org/freedesktop/DBus/Bus",
- "org.freedesktop.DBus",
- "GetConnectionUnixProcessID");
- dbus_message_iter_init_append (message, &iter);
- dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &dbus_name);
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- g_warning ("Error doing GetConnectionUnixProcessID on Bus: %s: %s", error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- goto out;
- }
- dbus_message_iter_init (reply, &iter);
- dbus_message_iter_get_basic (&iter, &pid);
- dbus_message_unref (message);
- dbus_message_unref (reply);
-
- message = dbus_message_new_method_call ("org.freedesktop.DBus",
- "/org/freedesktop/DBus/Bus",
- "org.freedesktop.DBus",
- "GetConnectionSELinuxSecurityContext");
- dbus_message_iter_init_append (message, &iter);
- dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &dbus_name);
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- /* SELinux might not be enabled */
- if (dbus_error_is_set (error) &&
- strcmp (error->name, "org.freedesktop.DBus.Error.SELinuxSecurityContextUnknown") == 0) {
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- dbus_error_init (error);
- } else if (reply == NULL || dbus_error_is_set (error)) {
- g_warning ("Error doing GetConnectionSELinuxSecurityContext on Bus: %s: %s", error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- goto out;
- } else {
- /* TODO: verify signature */
- dbus_message_iter_init (reply, &iter);
- dbus_message_iter_recurse (&iter, &sub_iter);
- dbus_message_iter_get_fixed_array (&sub_iter, (void *) &str, &num_elems);
- if (str != NULL && num_elems > 0)
- selinux_context = g_strndup (str, num_elems);
- dbus_message_unref (message);
- dbus_message_unref (reply);
- }
-
- message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
- "/org/freedesktop/ConsoleKit/Manager",
- "org.freedesktop.ConsoleKit.Manager",
- "GetSessionForUnixProcess");
- dbus_message_iter_init_append (message, &iter);
- dbus_message_iter_append_basic (&iter, DBUS_TYPE_UINT32, &pid);
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- g_warning ("Error doing GetSessionForUnixProcess on ConsoleKit: %s: %s", error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- /* OK, this is not a catastrophe; just means the caller is not a
- * member of any session or that ConsoleKit is not available..
- */
- goto not_in_session;
- }
- dbus_message_iter_init (reply, &iter);
- dbus_message_iter_get_basic (&iter, &str);
- ck_session_objpath = g_strdup (str);
- dbus_message_unref (message);
- dbus_message_unref (reply);
-
- session = libpolkit_session_new_from_objpath (con, ck_session_objpath, uid, error);
- if (session == NULL) {
- g_warning ("Got a session objpath but couldn't construct session object!");
- goto out;
- }
- if (!libpolkit_session_validate (session)) {
- libpolkit_session_unref (session);
- session = NULL;
- goto out;
- }
-
-not_in_session:
-
- caller = libpolkit_caller_new ();
- if (caller == NULL) {
- if (session != NULL) {
- libpolkit_session_unref (session);
- session = NULL;
- }
- goto out;
- }
-
- if (!libpolkit_caller_set_dbus_name (caller, dbus_name)) {
- if (session != NULL) {
- libpolkit_session_unref (session);
- session = NULL;
- }
- libpolkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
- if (!libpolkit_caller_set_uid (caller, uid)) {
- if (session != NULL) {
- libpolkit_session_unref (session);
- session = NULL;
- }
- libpolkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
- if (!libpolkit_caller_set_pid (caller, pid)) {
- if (session != NULL) {
- libpolkit_session_unref (session);
- session = NULL;
- }
- libpolkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
- if (selinux_context != NULL) {
- if (!libpolkit_caller_set_selinux_context (caller, selinux_context)) {
- if (session != NULL) {
- libpolkit_session_unref (session);
- session = NULL;
- }
- libpolkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
- }
- if (session != NULL) {
- if (!libpolkit_caller_set_ck_session (caller, session)) {
- if (session != NULL) {
- libpolkit_session_unref (session);
- session = NULL;
- }
- libpolkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
- libpolkit_session_unref (session); /* caller object now own this object */
- session = NULL;
- }
-
- if (!libpolkit_caller_validate (caller)) {
- libpolkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
-
-out:
- g_free (selinux_context);
- g_free (ck_session_objpath);
- return caller;
-}
diff --git a/libpolkit-dbus/libpolkit-dbus.h b/libpolkit-dbus/libpolkit-dbus.h
deleted file mode 100644
index dd8d019..0000000
--- a/libpolkit-dbus/libpolkit-dbus.h
+++ /dev/null
@@ -1,41 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-dbus.h : helper library for obtaining seat, session and
- * caller information via D-Bus and ConsoleKit
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#ifndef LIBPOLKIT_DBUS_H
-#define LIBPOLKIT_DBUS_H
-
-#include <libpolkit/libpolkit.h>
-#include <dbus/dbus.h>
-
-PolKitSession *libpolkit_session_new_from_objpath (DBusConnection *con, const char *objpath, uid_t uid, DBusError *error);
-PolKitSession *libpolkit_session_new_from_cookie (DBusConnection *con, const char *cookie, DBusError *error);
-
-PolKitCaller *libpolkit_caller_new_from_dbus_name (DBusConnection *con, const char *dbus_name, DBusError *error);
-
-
-#endif /* LIBPOLKIT_DBUS_H */
-
-
diff --git a/libpolkit-grant.pc.in b/libpolkit-grant.pc.in
deleted file mode 100644
index 8e40177..0000000
--- a/libpolkit-grant.pc.in
+++ /dev/null
@@ -1,11 +0,0 @@
-prefix=@prefix@
-exec_prefix=@exec_prefix@
-libdir=@libdir@
-includedir=@includedir@
-
-Name: libpolkit-grant
-Description: library for obtaining privileges via PolicyKit
-Version: @VERSION@
-Requires: glib-2.0 libpolkit
-Libs: -L${libdir} -lpolkit-grant
-Cflags: -I${includedir}/PolicyKit
diff --git a/libpolkit-grant/Makefile.am b/libpolkit-grant/Makefile.am
deleted file mode 100644
index 01ebcfe..0000000
--- a/libpolkit-grant/Makefile.am
+++ /dev/null
@@ -1,54 +0,0 @@
-## Process this file with automake to produce Makefile.in
-
-INCLUDES = \
- -I$(top_builddir) -I$(top_srcdir) \
- -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
- -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
- -DPACKAGE_DATA_DIR=\""$(datadir)"\" \
- -DPACKAGE_BIN_DIR=\""$(bindir)"\" \
- -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \
- -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \
- -DPACKAGE_LIB_DIR=\""$(libdir)"\" \
- -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \
- @GLIB_CFLAGS@ @DBUS_CFLAGS@
-
-lib_LTLIBRARIES=libpolkit-grant.la
-
-libpolkit_grantincludedir=$(includedir)/PolicyKit/libpolkit-grant
-
-libpolkit_grantinclude_HEADERS = \
- libpolkit-grant.h
-
-libpolkit_grant_la_SOURCES = \
- libpolkit-grant.h libpolkit-grant.c
-
-libpolkit_grant_la_LIBADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/libpolkit/libpolkit.la
-
-libpolkit_grant_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
-
-libexec_PROGRAMS = polkit-grant-helper
-
-polkit_grant_helper_SOURCES = polkit-grant-helper.c
-polkit_grant_helper_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ @AUTH_LIBS@ $(top_builddir)/libpolkit/libpolkit.la $(top_builddir)/libpolkit-dbus/libpolkit-dbus.la
-
-polkit_grant_alwaysdir = $(localstatedir)/lib/PolicyKit
-dist_polkit_grant_always_DATA =
-
-polkit_grant_sessiondir = $(localstatedir)/run/PolicyKit
-dist_polkit_grant_session_DATA =
-
-
-clean-local :
- rm -f *~ $(BUILT_SOURCES)
-
-# Hmm.. we could make the directories 750 and require that all mechanisms using
-# libpolkit (e.g. with a need for polkit-module-grant.so to look there) just
-# be part of $(POLKIT_GROUP)...
-#
-install-data-local:
- -chown :$(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-grant-helper
- -chmod 2755 $(DESTDIR)$(libexecdir)/polkit-grant-helper
- -chown $(POLKIT_USER):$(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/lib/PolicyKit
- -chown $(POLKIT_USER):$(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/run/PolicyKit
- -chmod 775 $(DESTDIR)$(localstatedir)/lib/PolicyKit
- -chmod 775 $(DESTDIR)$(localstatedir)/run/PolicyKit
diff --git a/libpolkit-grant/libpolkit-grant.c b/libpolkit-grant/libpolkit-grant.c
deleted file mode 100644
index d15f8a0..0000000
--- a/libpolkit-grant/libpolkit-grant.c
+++ /dev/null
@@ -1,465 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-grant.c : library for obtaining privileges
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#define _GNU_SOURCE
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <unistd.h>
-#include <sys/wait.h>
-
-#include <glib.h>
-#include "libpolkit-grant.h"
-
-/**
- * SECTION:libpolkit-grant
- * @short_description: Obtain privileges through authentication.
- *
- * These functions are used to obtain privileges for a user that is
- * able to successfully authenticate.
- **/
-
-/**
- * PolKitGrant:
- *
- * Objects of this class are used to obtain privileges for a user that
- * is able to successfully authenticate.
- **/
-struct PolKitGrant
-{
- int refcount;
-
- PolKitGrantAddIOWatch func_add_io_watch;
- PolKitGrantAddChildWatch func_add_child_watch;
- PolKitGrantRemoveWatch func_remove_watch;
- PolKitGrantType func_type;
- PolKitGrantConversationPromptEchoOff func_prompt_echo_off;
- PolKitGrantConversationPromptEchoOn func_prompt_echo_on;
- PolKitGrantConversationErrorMessage func_error_message;
- PolKitGrantConversationTextInfo func_text_info;
- PolKitGrantOverrideGrantType func_override_grant_type;
- PolKitGrantDone func_done;
- void *user_data;
-
- int child_stdin;
- int child_stdout;
- GPid child_pid;
- FILE *child_stdout_f;
-
- int child_watch_id;
- int io_watch_id;
-
- gboolean success;
- gboolean auth_in_progress;
-};
-
-/**
- * libpolkit_grant_new:
- * @void:
- *
- * Creates a #PolKitGrant object.
- *
- * Returns: the new object or #NULL on error.
- **/
-PolKitGrant *
-libpolkit_grant_new (void)
-{
- PolKitGrant *polkit_grant;
- polkit_grant = g_new0 (PolKitGrant, 1);
- polkit_grant->refcount = 1;
- return polkit_grant;
-}
-
-/**
- * libpolkit_grant_ref:
- * @polkit_grant: the object
- *
- * Increase reference count.
- *
- * Returns: the object.
- **/
-PolKitGrant *
-libpolkit_grant_ref (PolKitGrant *polkit_grant)
-{
- g_return_val_if_fail (polkit_grant != NULL, NULL);
-
- polkit_grant->refcount++;
- return polkit_grant;
-}
-
-/**
- * libpolkit_grant_unref:
- * @polkit_grant: the object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-libpolkit_grant_unref (PolKitGrant *polkit_grant)
-{
- g_return_if_fail (polkit_grant != NULL);
-
- polkit_grant->refcount--;
- if (polkit_grant->refcount > 0)
- return;
-
- if (polkit_grant->io_watch_id > 0) {
- polkit_grant->func_remove_watch (polkit_grant, polkit_grant->io_watch_id);
- }
- if (polkit_grant->child_watch_id > 0) {
- polkit_grant->func_remove_watch (polkit_grant, polkit_grant->child_watch_id);
- }
- if (polkit_grant->child_pid > 0) {
- kill (polkit_grant->child_pid, SIGTERM);
- }
- if (polkit_grant->child_stdout_f != NULL) {
- fclose (polkit_grant->child_stdout_f);
- }
- if (polkit_grant->child_stdout >= 0) {
- close (polkit_grant->child_stdout);
- }
- if (polkit_grant->child_stdin >= 0) {
- close (polkit_grant->child_stdin);
- }
-
- g_free (polkit_grant);
-}
-
-/**
- * libpolkit_grant_set_functions:
- * @polkit_grant: the object
- * @func_add_io_watch: Callback function
- * @func_add_child_watch: Callback function
- * @func_remove_watch: Callback function
- * @func_type: Callback function
- * @func_prompt_echo_off: Callback function
- * @func_prompt_echo_on: Callback function
- * @func_error_message: Callback function
- * @func_text_info: Callback function
- * @func_override_grant_type: Callback function
- * @func_done: Callback function
- * @user_data: User data that will be passed to the callback functions.
- *
- * Set callback functions used for authentication.
- **/
-void
-libpolkit_grant_set_functions (PolKitGrant *polkit_grant,
- PolKitGrantAddIOWatch func_add_io_watch,
- PolKitGrantAddChildWatch func_add_child_watch,
- PolKitGrantRemoveWatch func_remove_watch,
- PolKitGrantType func_type,
- PolKitGrantConversationPromptEchoOff func_prompt_echo_off,
- PolKitGrantConversationPromptEchoOn func_prompt_echo_on,
- PolKitGrantConversationErrorMessage func_error_message,
- PolKitGrantConversationTextInfo func_text_info,
- PolKitGrantOverrideGrantType func_override_grant_type,
- PolKitGrantDone func_done,
- void *user_data)
-{
- g_return_if_fail (polkit_grant != NULL);
- g_return_if_fail (func_add_io_watch != NULL);
- g_return_if_fail (func_add_child_watch != NULL);
- g_return_if_fail (func_remove_watch != NULL);
- g_return_if_fail (func_type != NULL);
- g_return_if_fail (func_prompt_echo_off != NULL);
- g_return_if_fail (func_prompt_echo_on != NULL);
- g_return_if_fail (func_error_message != NULL);
- g_return_if_fail (func_text_info != NULL);
- g_return_if_fail (func_override_grant_type != NULL);
- polkit_grant->func_add_io_watch = func_add_io_watch;
- polkit_grant->func_add_child_watch = func_add_child_watch;
- polkit_grant->func_remove_watch = func_remove_watch;
- polkit_grant->func_type = func_type;
- polkit_grant->func_prompt_echo_off = func_prompt_echo_off;
- polkit_grant->func_prompt_echo_on = func_prompt_echo_on;
- polkit_grant->func_error_message = func_error_message;
- polkit_grant->func_text_info = func_text_info;
- polkit_grant->func_override_grant_type = func_override_grant_type;
- polkit_grant->func_done = func_done;
- polkit_grant->user_data = user_data;
-}
-
-
-/**
- * libpolkit_grant_child_func:
- * @polkit_grant: the object
- * @pid: pid of the child
- * @exit_code: exit code of the child
- *
- * Method that the application must call when a child process
- * registered with the supplied function of type
- * #PolKitGrantAddChildWatch terminates.
- **/
-void
-libpolkit_grant_child_func (PolKitGrant *polkit_grant, pid_t pid, int exit_code)
-{
- g_return_if_fail (polkit_grant != NULL);
- g_return_if_fail (polkit_grant->auth_in_progress);
-
- polkit_grant->success = (exit_code == 0);
- polkit_grant->func_done (polkit_grant, polkit_grant->success, polkit_grant->user_data);
-}
-
-
-/**
- * libpolkit_grant_io_func:
- * @polkit_grant: the object
- * @fd: the file descriptor passed to the supplied function of type #PolKitGrantAddIOWatch.
- *
- * Method that the application must call when there is data to read
- * from a file descriptor registered with the supplied function of
- * type #PolKitGrantAddIOWatch.
- **/
-void
-libpolkit_grant_io_func (PolKitGrant *polkit_grant, int fd)
-{
- char *line = NULL;
- size_t line_len = 0;
- char *id;
- size_t id_len;
- char *response;
-
- g_return_if_fail (polkit_grant != NULL);
- g_return_if_fail (polkit_grant->auth_in_progress);
-
- while (getline (&line, &line_len, polkit_grant->child_stdout_f) != -1) {
- if (strlen (line) > 0 &&
- line[strlen (line) - 1] == '\n')
- line[strlen (line) - 1] = '\0';
-
- //printf ("from child '%s'\n", line);
-
- response = NULL;
-
- id = "PAM_PROMPT_ECHO_OFF ";
- if (g_str_has_prefix (line, id)) {
- id_len = strlen (id);
- response = polkit_grant->func_prompt_echo_off (polkit_grant,
- line + id_len,
- polkit_grant->user_data);
- goto processed;
- }
-
- id = "PAM_PROMPT_ECHO_ON ";
- if (g_str_has_prefix (line, id)) {
- id_len = strlen (id);
- response = polkit_grant->func_prompt_echo_on (polkit_grant,
- line + id_len,
- polkit_grant->user_data);
- goto processed;
- }
-
- id = "PAM_ERROR_MSG ";
- if (g_str_has_prefix (line, id)) {
- id_len = strlen (id);
- polkit_grant->func_error_message (polkit_grant,
- line + id_len,
- polkit_grant->user_data);
- goto processed;
- }
-
- id = "PAM_TEXT_INFO ";
- if (g_str_has_prefix (line, id)) {
- id_len = strlen (id);
- polkit_grant->func_text_info (polkit_grant,
- line + id_len,
- polkit_grant->user_data);
- goto processed;
- }
-
- id = "POLKIT_GRANT_HELPER_TELL_TYPE ";
- if (g_str_has_prefix (line, id)) {
- PolKitResult result;
- id_len = strlen (id);
- if (!libpolkit_result_from_string_representation (line + id_len, &result)) {
- /* TODO: danger will robinson */
- }
- polkit_grant->func_type (polkit_grant,
- result,
- polkit_grant->user_data);
- goto processed;
- }
-
- id = "POLKIT_GRANT_HELPER_ASK_OVERRIDE_GRANT_TYPE ";
- if (g_str_has_prefix (line, id)) {
- PolKitResult override;
- PolKitResult result;
- id_len = strlen (id);
- if (!libpolkit_result_from_string_representation (line + id_len, &result)) {
- /* TODO: danger will robinson */
- }
- override = polkit_grant->func_override_grant_type (polkit_grant,
- result,
- polkit_grant->user_data);
- response = g_strdup (libpolkit_result_to_string_representation (override));
- goto processed;
- }
-
- processed:
- if (response != NULL) {
- /* add a newline if there isn't one already... */
- if (response[strlen (response) - 1] != '\n') {
- char *old = response;
- response = g_strdup_printf ("%s\n", response);
- g_free (old);
- }
- write (polkit_grant->child_stdin, response, strlen (response));
- free (response);
- }
- }
-
- if (line != NULL)
- free (line);
-}
-
-/**
- * libpolkit_grant_cancel_auth:
- * @polkit_grant: the object
- *
- * Cancel an authentication in progress
- **/
-void
-libpolkit_grant_cancel_auth (PolKitGrant *polkit_grant)
-{
- GPid pid;
- g_return_if_fail (polkit_grant != NULL);
- g_return_if_fail (polkit_grant->auth_in_progress);
-
- pid = polkit_grant->child_pid;
- polkit_grant->child_pid = 0;
- kill (pid, SIGTERM);
- polkit_grant->func_done (polkit_grant, FALSE, polkit_grant->user_data);
-}
-
-/**
- * libpolkit_grant_initiate_auth:
- * @polkit_grant: the object
- * @action: Action requested by caller
- * @resource: Resource in question
- * @caller: Caller in question
- *
- * Initiate authentication to obtain the privilege for the given
- * @caller to perform the specified @action on the given
- * @resource. The caller of this method must have setup callback
- * functions using the method libpolkit_grant_set_functions() prior to
- * calling this method.
- *
- * Implementation-wise, this class uses a secure (e.g. as in that it
- * checks all information and fundamenally don't trust the caller;
- * e.g. the #PolKitGrant class) setgid helper that does all the heavy
- * lifting.
- *
- * The caller of this method must iterate the mainloop context in
- * order for authentication to make progress.
- *
- * Returns: #TRUE only if authentication have been initiated.
- **/
-polkit_bool_t
-libpolkit_grant_initiate_auth (PolKitGrant *polkit_grant,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitCaller *caller)
-{
- char *dbus_name;
- char *action_id;
- char *resource_type;
- char *resource_id;
- GError *g_error;
- const char *helper_argv[6];
-
- g_return_val_if_fail (polkit_grant != NULL, FALSE);
- /* check that callback functions have been properly set up */
- g_return_val_if_fail (polkit_grant->func_done != NULL, FALSE);
-
- if (!libpolkit_caller_get_dbus_name (caller, &dbus_name))
- goto error;
-
- if (!libpolkit_action_get_action_id (action, &action_id))
- goto error;
-
- if (!libpolkit_resource_get_resource_type (resource, &resource_type))
- goto error;
-
- if (!libpolkit_resource_get_resource_id (resource, &resource_id))
- goto error;
-
- /* TODO: verify incoming args */
-
- //helper_argv[0] = "/home/davidz/Hacking/PolicyKit/libpolkit-grant/.libs/polkit-grant-helper";
- helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-grant-helper";
- helper_argv[1] = dbus_name;
- helper_argv[2] = action_id;
- helper_argv[3] = resource_type;
- helper_argv[4] = resource_id;
- helper_argv[5] = NULL;
-
- polkit_grant->child_stdin = -1;
- polkit_grant->child_stdout = -1;
-
- g_error = NULL;
- if (!g_spawn_async_with_pipes (NULL,
- (char **) helper_argv,
- NULL,
- G_SPAWN_DO_NOT_REAP_CHILD |
- 0,//G_SPAWN_STDERR_TO_DEV_NULL,
- NULL,
- NULL,
- &polkit_grant->child_pid,
- &polkit_grant->child_stdin,
- &polkit_grant->child_stdout,
- NULL,
- &g_error)) {
- fprintf (stderr, "Cannot spawn helper: %s.\n", g_error->message);
- g_error_free (g_error);
- goto error;
- }
-
- polkit_grant->child_watch_id = polkit_grant->func_add_child_watch (polkit_grant, polkit_grant->child_pid);
- if (polkit_grant->child_watch_id == 0)
- goto error;
-
- polkit_grant->io_watch_id = polkit_grant->func_add_io_watch (polkit_grant, polkit_grant->child_stdout);
- if (polkit_grant->io_watch_id == 0)
- goto error;
-
- /* so we can use getline... */
- polkit_grant->child_stdout_f = fdopen (polkit_grant->child_stdout, "r");
- if (polkit_grant->child_stdout_f == NULL)
- goto error;
-
- polkit_grant->success = FALSE;
-
- polkit_grant->auth_in_progress = TRUE;
-
- return TRUE;
-error:
- return FALSE;
-}
diff --git a/libpolkit-grant/libpolkit-grant.h b/libpolkit-grant/libpolkit-grant.h
deleted file mode 100644
index 0ba8925..0000000
--- a/libpolkit-grant/libpolkit-grant.h
+++ /dev/null
@@ -1,344 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-grant.h : library for obtaining privileges
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#ifndef LIBPOLKIT_GRANT_H
-#define LIBPOLKIT_GRANT_H
-
-#include <libpolkit/libpolkit.h>
-
-struct PolKitGrant;
-typedef struct PolKitGrant PolKitGrant;
-
-/**
- * PolKitGrantType:
- * @polkit_grant: the grant object
- * @grant_type: the current type of what privilege to obtain
- * @user_data: user data pointed as passed into libpolkit_grant_set_functions()
- *
- * Type for callback function that describes to what extent the
- * privilege can be obtained; e.g. whether the user can keep it
- * (e.g. forever, for the session or not keep it at all).
- *
- * See also #PolKitGrantOverrideGrantType for discussion on the type
- * of user interfaces one should put up depending on the value of
- * @grant_type.
- **/
-typedef void (*PolKitGrantType) (PolKitGrant *polkit_grant,
- PolKitResult grant_type,
- void *user_data);
-
-/**
- * PolKitGrantConversationPromptEchoOff:
- * @polkit_grant: the grant object
- * @prompt: prompt passed by the authentication layer; do not free this string
- * @user_data: user data pointed as passed into libpolkit_grant_set_functions()
- *
- * Type for callback function that is invoked when the authentication
- * layer needs to ask the user a secret and the UI should NOT echo what
- * the user types on the screen.
- *
- * Returns: the answer obtained from the user; must be allocated with
- * malloc(3) and will be freed by the #PolKitGrant class.
- **/
-typedef char* (*PolKitGrantConversationPromptEchoOff) (PolKitGrant *polkit_grant,
- const char *prompt,
- void *user_data);
-
-/**
- * PolKitGrantConversationPromptEchoOn:
- * @polkit_grant: the grant object
- * @prompt: prompt passed by the authentication layer; do not free this string
- * @user_data: user data pointed as passed into libpolkit_grant_set_functions()
- *
- * Type for callback function that is invoked when the authentication
- * layer needs to ask the user a secret and the UI should echo what
- * the user types on the screen.
- *
- * Returns: the answer obtained from the user; must be allocated with
- * malloc(3) and will be freed by the #PolKitGrant class.
- **/
-typedef char* (*PolKitGrantConversationPromptEchoOn) (PolKitGrant *polkit_grant,
- const char *prompt,
- void *user_data);
-
-/**
- * PolKitGrantConversationErrorMessage:
- * @polkit_grant: the grant object
- * @error_message: error message passed by the authentication layer; do not free this string
- * @user_data: user data pointed as passed into libpolkit_grant_set_functions()
- *
- * Type for callback function that is invoked when the authentication
- * layer produces an error message that should be displayed in the UI.
- **/
-typedef void (*PolKitGrantConversationErrorMessage) (PolKitGrant *polkit_grant,
- const char *error_message,
- void *user_data);
-
-/**
- * PolKitGrantConversationTextInfo:
- * @polkit_grant: the grant object
- * @text_info: information passed by the authentication layer; do not free this string
- * @user_data: user data pointed as passed into libpolkit_grant_set_functions()
- *
- * Type for callback function that is invoked when the authentication
- * layer produces an informational message that should be displayed in
- * the UI.
- **/
-typedef void (*PolKitGrantConversationTextInfo) (PolKitGrant *polkit_grant,
- const char *text_info,
- void *user_data);
-
-/**
- * PolKitGrantOverrideGrantType:
- * @polkit_grant: the grant object
- * @grant_type: the current type of what privilege to obtain; this is
- * the same value as passed to the callback of type #PolKitGrantType.
- * @user_data: user data pointed as passed into libpolkit_grant_set_functions()
- *
- * Type for callback function that enables the UI to request a lesser
- * privilege than is obtainable. This callback is invoked when the
- * user have successfully authenticated but before the privilege is
- * granted.
- *
- * Basically, this callback enables a program to provide an user
- * interface like this:
- *
- * <programlisting>
- * +------------------------------------------------------------+
- * | You need to authenticate to access the volume 'Frobnicator |
- * | Adventures Vol 2' |
- * | |
- * | Password: [_________________] |
- * | |
- * [ [x] Remember this decision |
- * | [ ] for this session |
- * | [*] for this and future sessions |
- * | |
- * | [Cancel] [Authenticate] |
- * +------------------------------------------------------------+
- * </programlisting>
- *
- * This dialog assumes that @grant_type passed was
- * #LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS. By ticking the
- * check boxes in the dialog, the user can override this to either
- * #LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION or
- * #LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH. Thus, the user can
- * voluntarily choose to obtain a lesser privilege.
- *
- * Another example, would be that the @grant_type passed was
- * #LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION. Then the dialog
- * should look like this:
- *
- * <programlisting>
- * +------------------------------------------------------------+
- * | You need to authenticate to access the volume 'Frobnicator |
- * | Adventures Vol 2' |
- * | |
- * | Password: [_________________] |
- * | |
- * [ [x] Remember this decision for the rest of the session |
- * | |
- * | [Cancel] [Authenticate] |
- * +------------------------------------------------------------+
- * </programlisting>
- *
- * Finally, if the @grant_type value passed is
- * e.g. #LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH, there are no options to
- * click.:
- *
- * <programlisting>
- * +------------------------------------------------------------+
- * | You need to authenticate to access the volume 'Frobnicator |
- * | Adventures Vol 2' |
- * | |
- * | Password: [_________________] |
- * | |
- * | [Cancel] [Authenticate] |
- * +------------------------------------------------------------+
- * </programlisting>
- *
- * Of course, these examples also applies to
- * #LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH and friends.
- *
- * Returns: the desired type of what privilege to obtain; note that it
- * won't work asking for more privileges than what @grant_type
- * specifies; the passed value is properly checked in the secure
- * setgid granting helper mentioned in
- * libpolkit_grant_initiate_auth().
- **/
-typedef PolKitResult (*PolKitGrantOverrideGrantType) (PolKitGrant *polkit_grant,
- PolKitResult grant_type,
- void *user_data);
-
-/**
- * PolKitGrantDone:
- * @polkit_grant: the grant object
- * @gained_privilege: whether the privilege was obtained
- * @user_data: user data pointed as passed into libpolkit_grant_set_functions()
- *
- * This function is called when the granting process ends; either if
- * successful or if it was canceled using
- * e.g. libpolkit_grant_cancel_auth().
- **/
-typedef void (*PolKitGrantDone) (PolKitGrant *polkit_grant,
- polkit_bool_t gained_privilege,
- void *user_data);
-
-/**
- * PolKitGrantAddChildWatch:
- * @polkit_grant: the grant object
- * @pid: the child pid to watch
- *
- * Type for function supplied by the application to integrate a watch
- * on a child process into the applications main loop. The
- * application must call libpolkit_grant_child_func() when the
- * child dies
- *
- * For glib mainloop, the function will typically look like this:
- *
- * <programlisting>
- * static void
- * child_watch_func (GPid pid,
- * gint status,
- * gpointer user_data)
- * {
- * PolKitGrant *polkit_grant = user_data;
- * libpolkit_grant_child_func (polkit_grant, pid, WEXITSTATUS (status));
- * }
- *
- * static int
- * add_child_watch (PolKitGrant *polkit_grant, pid_t pid)
- * {
- * return g_child_watch_add (pid, child_watch_func, polkit_grant);
- * }
- * </programlisting>
- *
- * Returns: 0 if the watch couldn't be set up; otherwise an unique
- * identifier for the watch.
- **/
-typedef int (*PolKitGrantAddChildWatch) (PolKitGrant *polkit_grant,
- pid_t pid);
-
-/**
- * PolKitGrantAddIOWatch:
- * @polkit_grant: the grant object
- * @fd: the file descriptor to watch
- *
- * Type for function supplied by the application to integrate a watch
- * on a file descriptor into the applications main loop. The
- * application must call libpolkit_grant_io_func() when there is data
- * to read from the file descriptor.
- *
- * For glib mainloop, the function will typically look like this:
- *
- * <programlisting>
- * static gboolean
- * io_watch_have_data (GIOChannel *channel, GIOCondition condition, gpointer user_data)
- * {
- * int fd;
- * PolKitGrant *polkit_grant = user_data;
- * fd = g_io_channel_unix_get_fd (channel);
- * libpolkit_grant_io_func (polkit_grant, fd);
- * return TRUE;
- * }
- *
- * static int
- * add_io_watch (PolKitGrant *polkit_grant, int fd)
- * {
- * guint id = 0;
- * GIOChannel *channel;
- * channel = g_io_channel_unix_new (fd);
- * if (channel == NULL)
- * goto out;
- * id = g_io_add_watch (channel, G_IO_IN, io_watch_have_data, polkit_grant);
- * if (id == 0) {
- * g_io_channel_unref (channel);
- * goto out;
- * }
- * g_io_channel_unref (channel);
- * out:
- * return id;
- * }
- * </programlisting>
- *
- * Returns: 0 if the watch couldn't be set up; otherwise an unique
- * identifier for the watch.
- **/
-typedef int (*PolKitGrantAddIOWatch) (PolKitGrant *polkit_grant,
- int fd);
-
-/**
- * PolKitGrantRemoveWatch:
- * @polkit_grant: the grant object
- * @watch_id: the id obtained from using the supplied function
- * of type #PolKitGrantAddIOWatch or #PolKitGrantAddChildWatch.
- *
- * Type for function supplied by the application to remove a watch set
- * up via the supplied function of type #PolKitGrantAddIOWatch or type
- * #PolKitGrantAddChildWatch.
- *
- * For glib mainloop, the function will typically look like this:
- *
- * <programlisting>
- * static void
- * remove_watch (PolKitGrant *polkit_auth, int watch_id)
- * {
- * g_source_remove (watch_id);
- * }
- * </programlisting>
- *
- **/
-typedef void (*PolKitGrantRemoveWatch) (PolKitGrant *polkit_grant,
- int watch_id);
-
-PolKitGrant *libpolkit_grant_new (void);
-PolKitGrant *libpolkit_grant_ref (PolKitGrant *polkit_grant);
-void libpolkit_grant_unref (PolKitGrant *polkit_grant);
-void libpolkit_grant_set_functions (PolKitGrant *polkit_grant,
- PolKitGrantAddIOWatch func_add_io_watch,
- PolKitGrantAddChildWatch func_add_child_watch,
- PolKitGrantRemoveWatch func_remove_watch,
- PolKitGrantType func_type,
- PolKitGrantConversationPromptEchoOff func_prompt_echo_off,
- PolKitGrantConversationPromptEchoOn func_prompt_echo_on,
- PolKitGrantConversationErrorMessage func_error_message,
- PolKitGrantConversationTextInfo func_text_info,
- PolKitGrantOverrideGrantType func_override_grant_type,
- PolKitGrantDone func_done,
- void *user_data);
-polkit_bool_t libpolkit_grant_initiate_auth (PolKitGrant *polkit_grant,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitCaller *caller);
-
-void libpolkit_grant_cancel_auth (PolKitGrant *polkit_grant);
-
-void libpolkit_grant_io_func (PolKitGrant *polkit_grant, int fd);
-void libpolkit_grant_child_func (PolKitGrant *polkit_grant, pid_t pid, int exit_code);
-
-
-#endif /* LIBPOLKIT_GRANT_H */
-
-
diff --git a/libpolkit-grant/polkit-grant-helper.c b/libpolkit-grant/polkit-grant-helper.c
deleted file mode 100644
index cd48810..0000000
--- a/libpolkit-grant/polkit-grant-helper.c
+++ /dev/null
@@ -1,514 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-grant-helper.c : setgid grant helper for PolicyKit
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-/* TODO: FIXME: XXX: this code needs security review before it can be released! */
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <security/pam_appl.h>
-#include <grp.h>
-#include <pwd.h>
-
-#include <glib.h>
-
-#include <libpolkit-dbus/libpolkit-dbus.h>
-
-static int
-conversation_function (int n,
- const struct pam_message **msg,
- struct pam_response **resp,
- void *data)
-{
- struct pam_response *aresp;
- char buf[PAM_MAX_RESP_SIZE];
- int i;
-
- data = data;
- if (n <= 0 || n > PAM_MAX_NUM_MSG)
- return PAM_CONV_ERR;
-
- if ((aresp = calloc(n, sizeof *aresp)) == NULL)
- return PAM_BUF_ERR;
-
- for (i = 0; i < n; ++i) {
- aresp[i].resp_retcode = 0;
- aresp[i].resp = NULL;
- switch (msg[i]->msg_style) {
- case PAM_PROMPT_ECHO_OFF:
- fprintf (stdout, "PAM_PROMPT_ECHO_OFF ");
- goto conv1;
- case PAM_PROMPT_ECHO_ON:
- fprintf (stdout, "PAM_PROMPT_ECHO_ON ");
- conv1:
- fputs (msg[i]->msg, stdout);
- if (strlen (msg[i]->msg) > 0 &&
- msg[i]->msg[strlen (msg[i]->msg) - 1] != '\n')
- fputc ('\n', stdout);
- fflush (stdout);
-
- if (fgets (buf, sizeof buf, stdin) == NULL)
- goto error;
- if (strlen (buf) > 0 &&
- buf[strlen (buf) - 1] == '\n')
- buf[strlen (buf) - 1] = '\0';
-
- aresp[i].resp = strdup (buf);
- if (aresp[i].resp == NULL)
- goto error;
- break;
-
- case PAM_ERROR_MSG:
- fprintf (stdout, "PAM_ERROR_MSG ");
- goto conv2;
-
- case PAM_TEXT_INFO:
- fprintf (stdout, "PAM_TEXT_INFO ");
- conv2:
- fputs(msg[i]->msg, stdout);
- if (strlen(msg[i]->msg) > 0 &&
- msg[i]->msg[strlen (msg[i]->msg) - 1] != '\n')
- fputc ('\n', stdout);
-
- fflush (stdout);
- break;
- default:
- goto error;
- }
- }
- *resp = aresp;
- return PAM_SUCCESS;
-
-error:
- for (i = 0; i < n; ++i) {
- if (aresp[i].resp != NULL) {
- memset (aresp[i].resp, 0, strlen(aresp[i].resp));
- free (aresp[i].resp);
- }
- }
- memset (aresp, 0, n * sizeof *aresp);
- *resp = NULL;
- return PAM_CONV_ERR;
-}
-
-static polkit_bool_t
-do_auth (const char *user_to_auth)
-{
- struct pam_conv pam_conversation;
- pam_handle_t *pam_h;
- const void *authed_user;
- int rc;
-
- pam_conversation.conv = conversation_function;
- pam_conversation.appdata_ptr = NULL;
-
- /* start the pam stack */
- rc = pam_start ("polkit",
- user_to_auth,
- &pam_conversation,
- &pam_h);
- if (rc != PAM_SUCCESS) {
- fprintf (stderr, "pam_start failed: %s\n", pam_strerror (pam_h, rc));
- goto error;
- }
-
- /* is user really user? */
- rc = pam_authenticate (pam_h, 0);
- if (rc != PAM_SUCCESS) {
- fprintf (stderr, "pam_authenticated failed: %s\n", pam_strerror (pam_h, rc));
- goto error;
- }
-
- /* permitted access? */
- rc = pam_acct_mgmt (pam_h, 0);
- if (rc != PAM_SUCCESS) {
- fprintf (stderr, "pam_acct_mgmt failed: %s\n", pam_strerror (pam_h, rc));
- goto error;
- }
-
- /* did we auth the right user? */
- rc = pam_get_item (pam_h, PAM_USER, &authed_user);
- if (rc != PAM_SUCCESS) {
- fprintf (stderr, "pam_get_item failed: %s\n", pam_strerror (pam_h, rc));
- goto error;
- }
-
- if (strcmp (authed_user, user_to_auth) != 0) {
- fprintf (stderr, "Tried to auth user '%s' but we got auth for user '%s' instead",
- user_to_auth, (const char *) authed_user);
- goto error;
- }
-
- return TRUE;
- /* TODO: we should probably clean up */
-error:
- return FALSE;
-}
-
-static polkit_bool_t
-verify_with_polkit (const char *dbus_name,
- const char *action_name,
- const char *resource_type,
- const char *resource_name,
- PolKitResult *result,
- char **out_session_objpath)
-{
- PolKitCaller *caller;
- PolKitSession *session;
- char *str;
- DBusConnection *bus;
- DBusError error;
- PolKitContext *pol_ctx;
- PolKitAction *action;
- PolKitResource *resource;
-
- dbus_error_init (&error);
- bus = dbus_bus_get (DBUS_BUS_SYSTEM, &error);
- if (bus == NULL) {
- fprintf (stderr, "cannot connect to system bus: %s: %s\n", error.name, error.message);
- dbus_error_free (&error);
- goto out;
- }
-
- action = libpolkit_action_new ();
- libpolkit_action_set_action_id (action, action_name);
-
- if (resource_type != NULL && resource_name != NULL) {
- resource = libpolkit_resource_new ();
- libpolkit_resource_set_resource_type (resource, resource_type);
- libpolkit_resource_set_resource_id (resource, resource_name);
- } else {
- resource = NULL;
- }
-
- caller = libpolkit_caller_new_from_dbus_name (bus, dbus_name, &error);
- if (caller == NULL) {
- fprintf (stderr, "cannot get caller from dbus name\n");
- goto out;
- }
-
- if (!libpolkit_caller_get_ck_session (caller, &session)) {
- fprintf (stderr, "caller is not in a session\n");
- goto out;
- }
- if (!libpolkit_session_get_ck_objref (session, &str)) {
- fprintf (stderr, "cannot get session ck objpath\n");
- goto out;
- }
- *out_session_objpath = g_strdup (str);
- if (*out_session_objpath == NULL)
- goto out;
-
- //libpolkit_caller_debug (caller);
-
- pol_ctx = libpolkit_context_new ();
- if (!libpolkit_context_init (pol_ctx, NULL)) {
- fprintf (stderr, "cannot init polkit\n");
- goto out;
- }
-
- *result = libpolkit_context_can_caller_access_resource (pol_ctx, action, resource, caller);
-
- if (*result != LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH &&
- *result != LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_SESSION &&
- *result != LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_ALWAYS &&
- *result != LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH &&
- *result != LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION &&
- *result != LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS) {
- fprintf (stderr, "given auth type is bogus\n");
- goto out;
- }
-
- return TRUE;
- /* TODO: we should probably clean up */
-out:
- return FALSE;
-}
-
-static polkit_bool_t
-get_and_validate_override_details (PolKitResult *result)
-{
- char buf[256];
- PolKitResult desired_result;
-
- if (fgets (buf, sizeof buf, stdin) == NULL)
- goto error;
- if (strlen (buf) > 0 &&
- buf[strlen (buf) - 1] == '\n')
- buf[strlen (buf) - 1] = '\0';
-
- fprintf (stderr, "User said '%s'\n", buf);
-
- if (!libpolkit_result_from_string_representation (buf, &desired_result))
- goto error;
-
- fprintf (stderr, "Testing for voluntarily downgrade from '%s' to '%s'\n",
- libpolkit_result_to_string_representation (*result),
- libpolkit_result_to_string_representation (desired_result));
-
- /* See the huge comment in main() below...
- *
- * it comes down to this... users can only choose a more restricted granting type...
- *
- */
- switch (*result) {
- case LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH:
- if (desired_result != LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH)
- goto error;
- break;
- case LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_SESSION:
- if (desired_result != LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH &&
- desired_result != LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_SESSION)
- goto error;
- break;
- case LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_ALWAYS:
- if (desired_result != LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH &&
- desired_result != LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_SESSION &&
- desired_result != LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_ALWAYS)
- goto error;
- break;
-
- case LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH:
- if (desired_result != LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH)
- goto error;
- break;
- case LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION:
- if (desired_result != LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH &&
- desired_result != LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION)
- goto error;
- break;
- case LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS:
- if (desired_result != LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH &&
- desired_result != LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION &&
- desired_result != LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS)
- goto error;
- break;
-
- default:
- /* we should never reach this */
- goto error;
- }
-
- if (*result != desired_result) {
- fprintf (stderr, "Voluntarily downgrading from '%s' to '%s'\n",
- libpolkit_result_to_string_representation (*result),
- libpolkit_result_to_string_representation (desired_result));
- }
-
- *result = desired_result;
-
- return TRUE;
-error:
- return FALSE;
-}
-
-/* synopsis: /usr/libexec/polkit-grant-helper <auth-type> <dbus-name> <action-name> <resource-type> <resource-name>
- *
- * <dbus-name> : unique name of caller on the system message bus to grant privilege to
- * <action-name> : the PolicyKit action
- * <resource-type> : resource-type
- * <resource-name> : resource-name
- *
- * PAM interaction happens via stdin/stdout.
- *
- * If auth fails, we exit with code 1.
- * If input is not valid we exit with code 2.
- * If any other error occur we exit with code 3
- * If privilege was grant, we exit code 0.
- */
-
-int
-main (int argc, char *argv[])
-{
- int ret;
- uid_t invoking_user_id;
- const char *invoking_user_name;
- const char *dbus_name;
- const char *action_name;
- const char *resource_type;
- const char *resource_name;
- PolKitResult result;
- const char *user_to_auth;
- char *session_objpath;
- gid_t egid;
- struct group *group;
- struct passwd *pw;
-
- ret = 3;
-
- if (argc != 5) {
- fprintf (stderr, "wrong use\n");
- goto out;
- }
-
- /* check user */
- invoking_user_id = getuid ();
- if (invoking_user_id == 0) {
- fprintf (stderr, "it only makes sense to run polkit-grant-helper as non-root\n");
- goto out;
- }
- pw = getpwuid (invoking_user_id);
- if (pw == NULL) {
- fprintf (stderr, "cannot lookup passwd info for uid %d\n", invoking_user_id);
- goto out;
- }
- invoking_user_name = strdup (pw->pw_name);
- if (invoking_user_name == NULL) {
- fprintf (stderr, "OOM allocating memory for invoking user name\n");
- goto out;
- }
-
- fprintf (stderr, "invoking user '%s'\n", invoking_user_name);
-
- /* check group */
- egid = getegid ();
- group = getgrgid (egid);
- if (group == NULL) {
- fprintf (stderr, "cannot lookup group info for gid %d\n", egid);
- goto out;
- }
- if (strcmp (group->gr_name, POLKIT_GROUP) != 0) {
- fprintf (stderr, "polkit-grant-helper needs to be setgid " POLKIT_GROUP "\n");
- goto out;
- }
-
- fprintf (stderr, "Hello world %d %d %d %d!\n", getuid(), geteuid(), getgid(), getegid());
-
- /* clear the entire environment to avoid attacks using with libraries honoring environment variables */
- if (clearenv () != 0)
- goto out;
- /* hmm; seems like some library (libdbus) don't like environ==NULL .. TODO: file bug */
- setenv ("PATH", "/bin:/usr/bin", 1);
-
- dbus_name = argv[1];
- action_name = argv[2];
- resource_type = argv[3];
- resource_name = argv[4];
-
- fprintf (stderr, "dbus_name = %s\n", dbus_name);
- fprintf (stderr, "action_name = %s\n", action_name);
- fprintf (stderr, "resource_type = %s\n", resource_type);
- fprintf (stderr, "resource_name = %s\n", resource_name);
-
- ret = 2;
-
- /* we don't trust the user one bit...so..
- *
- * verify that the given thing to auth for really supports grant by auth in the requested way
- */
- if (!verify_with_polkit (dbus_name, action_name, resource_type, resource_name, &result, &session_objpath))
- goto out;
-
- /* tell user about the grant details; e.g. whether it's auth_self_keep_always or auth_self etc. */
- fprintf (stdout, "POLKIT_GRANT_HELPER_TELL_TYPE %s\n", libpolkit_result_to_string_representation (result));
- fflush (stdout);
-
- /* figure out what user to auth */
- if (result == LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH ||
- result == LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_SESSION ||
- result == LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_ALWAYS) {
- user_to_auth = "root";
- } else {
- user_to_auth = invoking_user_name;
- }
-
- /* OK, start auth! */
- if (!do_auth (user_to_auth))
- goto out;
-
- /* ask user if he want to slim down grant type...
- * e.g. he might want to go from auth_self_keep_always to auth_self_keep_session..
- *
- * See docs for the PolKitGrantOverrideGrantType callback type for use cases.
- */
- fprintf (stdout, "POLKIT_GRANT_HELPER_ASK_OVERRIDE_GRANT_TYPE %s\n",
- libpolkit_result_to_string_representation (result));
- fflush (stdout);
-
- if (!get_and_validate_override_details (&result))
- goto out;
-
- /* TODO: FIXME: XXX: this format of storing granted privileges needs be redone
- *
- * this concerns these two files
- * - libpolkit-grant/polkit-grant-helper.c
- * - modules/grant/polkit-module-grant.c
- */
-
- /*
- * /var/lib/PolicyKit/uid_<uid>_<action>_<resource-hash>.grant
- * uid_<uid>_<action>.grant
- *
- * /var/run/PolicyKit/session_<session>_<uid>_<action>_<resource-hash>.grant
- * session_<session>_<uid>_<action>.grant
- * dbus_<dbusname>_<uid>_<action>_<resource-hash>.grant
- */
-
- char *grant_file;
- const char *session_name;
- char *resource_str_to_hash;
- guint resource_hash;
- session_name = g_basename (session_objpath);
- resource_str_to_hash = g_strdup_printf ("%s:%s", resource_type, resource_name);
- resource_hash = g_str_hash (resource_str_to_hash);
- g_free (resource_str_to_hash);
-
- switch (result) {
- case LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH:
- case LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH:
- grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit/dbus_%s_%d_%s_%u.grant",
- dbus_name, invoking_user_id, action_name, resource_hash);
- break;
-
- case LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_SESSION:
- case LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION:
- grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit/session_%s_%d_%s_%u.grant",
- session_name, invoking_user_id, action_name, resource_hash);
- break;
-
- case LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS:
- case LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_ALWAYS:
- grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit/uid_%d_%s_%u.grant",
- invoking_user_id, action_name, resource_hash);
- break;
- default:
- /* should never happen */
- goto out;
- }
-
- umask (~0464);
- fprintf (stderr, "file is '%s'\n", grant_file);
- FILE *f = fopen (grant_file, "w");
- fclose (f);
-
- ret = 0;
-out:
- return ret;
-}
diff --git a/libpolkit.pc.in b/libpolkit.pc.in
deleted file mode 100644
index 3f36d2d..0000000
--- a/libpolkit.pc.in
+++ /dev/null
@@ -1,11 +0,0 @@
-prefix=@prefix@
-exec_prefix=@exec_prefix@
-libdir=@libdir@
-includedir=@includedir@
-
-Name: libpolkit
-Description: library for querying system-wide policy
-Version: @VERSION@
-Requires: glib-2.0
-Libs: -L${libdir} -lpolkit
-Cflags: -I${includedir}/PolicyKit
diff --git a/libpolkit/.gitignore b/libpolkit/.gitignore
deleted file mode 100644
index 764d994..0000000
--- a/libpolkit/.gitignore
+++ /dev/null
@@ -1,9 +0,0 @@
-.deps
-.libs
-*.la
-*.lo
-*.o
-Makefile
-Makefile.in
-polkit-interface-manager-glue.h
-polkit-interface-session-glue.h
diff --git a/libpolkit/Makefile.am b/libpolkit/Makefile.am
deleted file mode 100644
index 457f07a..0000000
--- a/libpolkit/Makefile.am
+++ /dev/null
@@ -1,62 +0,0 @@
-## Process this file with automake to produce Makefile.in
-
-INCLUDES = \
- -I$(top_builddir) -I$(top_srcdir) \
- -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
- -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
- -DPACKAGE_DATA_DIR=\""$(datadir)"\" \
- -DPACKAGE_BIN_DIR=\""$(bindir)"\" \
- -DPACKAGE_LOCALSTATEDIR=\""$(localstatedir)"\" \
- -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \
- -DPACKAGE_LIB_DIR=\""$(libdir)"\" \
- -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \
- -DPOLKIT_COMPILATION \
- @GLIB_CFLAGS@
-
-lib_LTLIBRARIES=libpolkit.la
-
-libpolkitincludedir=$(includedir)/PolicyKit/libpolkit
-
-libpolkitinclude_HEADERS = \
- libpolkit.h \
- libpolkit-types.h \
- libpolkit-error.h \
- libpolkit-result.h \
- libpolkit-context.h \
- libpolkit-action.h \
- libpolkit-resource.h \
- libpolkit-seat.h \
- libpolkit-session.h \
- libpolkit-caller.h \
- libpolkit-policy-file-entry.h \
- libpolkit-policy-file.h \
- libpolkit-policy-cache.h \
- libpolkit-policy-default.h \
- libpolkit-module.h
-
-libpolkit_la_SOURCES = \
- libpolkit.h \
- libpolkit-types.h \
- libpolkit-error.h libpolkit-error.c \
- libpolkit-result.h libpolkit-result.c \
- libpolkit-context.h libpolkit-context.c \
- libpolkit-action.h libpolkit-action.c \
- libpolkit-resource.h libpolkit-resource.c \
- libpolkit-seat.h libpolkit-seat.c \
- libpolkit-session.h libpolkit-session.c \
- libpolkit-caller.h libpolkit-caller.c \
- libpolkit-policy-file-entry.h libpolkit-policy-file-entry.c \
- libpolkit-policy-file.h libpolkit-policy-file.c \
- libpolkit-policy-cache.h libpolkit-policy-cache.c \
- libpolkit-policy-default.h libpolkit-policy-default.c \
- libpolkit-debug.h libpolkit-debug.c \
- libpolkit-utils.h libpolkit-utils.c \
- libpolkit-module.h libpolkit-module.c
-
-libpolkit_la_LIBADD = @GLIB_LIBS@ -ldl
-
-libpolkit_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
-
-clean-local :
- rm -f *~ $(BUILT_SOURCES)
-
diff --git a/libpolkit/libpolkit-action.c b/libpolkit/libpolkit-action.c
deleted file mode 100644
index f0a0a8c..0000000
--- a/libpolkit/libpolkit-action.c
+++ /dev/null
@@ -1,186 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-action.c : action
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <glib.h>
-#include "libpolkit-debug.h"
-#include "libpolkit-action.h"
-#include "libpolkit-utils.h"
-
-/**
- * SECTION:libpolkit-action
- * @short_description: Actions.
- *
- * This class is used to represent an action. TODO: describe what a action really is.
- **/
-
-/**
- * PolKitAction:
- *
- * Objects of this class are used to record information about an action.
- **/
-struct PolKitAction
-{
- int refcount;
- char *id;
- GHashTable *params;
-};
-
-/**
- * libpolkit_action_new:
- *
- * Create a new #PolKitAction object.
- *
- * Returns: the new object
- **/
-PolKitAction *
-libpolkit_action_new (void)
-{
- PolKitAction *action;
- action = g_new0 (PolKitAction, 1);
- action->refcount = 1;
- action->params = g_hash_table_new_full (g_str_hash,
- g_str_equal,
- g_free,
- g_free);
- return action;
-}
-
-/**
- * libpolkit_action_ref:
- * @action: the action object
- *
- * Increase reference count.
- *
- * Returns: the object
- **/
-PolKitAction *
-libpolkit_action_ref (PolKitAction *action)
-{
- g_return_val_if_fail (action != NULL, action);
- action->refcount++;
- return action;
-}
-
-/**
- * libpolkit_action_unref:
- * @action: the action object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-libpolkit_action_unref (PolKitAction *action)
-{
- g_return_if_fail (action != NULL);
- action->refcount--;
- if (action->refcount > 0)
- return;
- g_free (action->id);
- g_hash_table_destroy (action->params);
- g_free (action);
-}
-
-/**
- * libpolkit_action_set_action_id:
- * @action: the action object
- * @action_id: action identifier
- *
- * Set the action identifier
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-libpolkit_action_set_action_id (PolKitAction *action, const char *action_id)
-{
- g_return_val_if_fail (action != NULL, FALSE);
- g_return_val_if_fail (_pk_validate_identifier (action_id), FALSE);
- if (action->id != NULL)
- g_free (action->id);
- action->id = g_strdup (action_id);
- return TRUE;
-}
-
-/**
- * libpolkit_action_get_action_id:
- * @action: the action object
- * @out_action_id: Returns the action identifier. The caller shall not free this string.
- *
- * Get the action identifier.
- *
- * Returns: TRUE iff the value was returned.
- **/
-polkit_bool_t
-libpolkit_action_get_action_id (PolKitAction *action, char **out_action_id)
-{
- g_return_val_if_fail (action != NULL, FALSE);
- g_return_val_if_fail (out_action_id != NULL, FALSE);
- if (action->id == NULL)
- return FALSE;
- *out_action_id = action->id;
- return TRUE;
-}
-
-/**
- * libpolkit_action_debug:
- * @action: the object
- *
- * Print debug details
- **/
-void
-libpolkit_action_debug (PolKitAction *action)
-{
- g_return_if_fail (action != NULL);
- _pk_debug ("PolKitAction: refcount=%d id=%s", action->refcount, action->id);
-}
-
-/**
- * libpolkit_action_validate:
- * @action: the object
- *
- * Validate the object
- *
- * Returns: #TRUE iff the object is valid.
- **/
-polkit_bool_t
-libpolkit_action_validate (PolKitAction *action)
-{
- g_return_val_if_fail (action != NULL, FALSE);
- g_return_val_if_fail (action->id != NULL, FALSE);
- return TRUE;
-}
diff --git a/libpolkit/libpolkit-action.h b/libpolkit/libpolkit-action.h
deleted file mode 100644
index e266c2d..0000000
--- a/libpolkit/libpolkit-action.h
+++ /dev/null
@@ -1,49 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-action.h : actions
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <libpolkit/libpolkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef LIBPOLKIT_ACTION_H
-#define LIBPOLKIT_ACTION_H
-
-#include <libpolkit/libpolkit-types.h>
-
-struct PolKitAction;
-typedef struct PolKitAction PolKitAction;
-
-PolKitAction *libpolkit_action_new (void);
-PolKitAction *libpolkit_action_ref (PolKitAction *action);
-void libpolkit_action_unref (PolKitAction *action);
-polkit_bool_t libpolkit_action_set_action_id (PolKitAction *action, const char *action_id);
-polkit_bool_t libpolkit_action_get_action_id (PolKitAction *action, char **out_action_id);
-
-void libpolkit_action_debug (PolKitAction *action);
-polkit_bool_t libpolkit_action_validate (PolKitAction *action);
-
-#endif /* LIBPOLKIT_ACTION_H */
-
-
diff --git a/libpolkit/libpolkit-caller.c b/libpolkit/libpolkit-caller.c
deleted file mode 100644
index c9808ae..0000000
--- a/libpolkit/libpolkit-caller.c
+++ /dev/null
@@ -1,345 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-caller.c : callers
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-/**
- * SECTION:libpolkit-caller
- * @short_description: Callers on the system message bus.
- *
- * This class is used to represent a caller in another process connected to the system message bus.
- **/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <glib.h>
-#include "libpolkit-debug.h"
-#include "libpolkit-caller.h"
-#include "libpolkit-utils.h"
-
-/**
- * PolKitCaller:
- *
- * Objects of this class are used to record information about a caller
- * on the system bus.
- **/
-struct PolKitCaller
-{
- int refcount;
- char *dbus_name;
- uid_t uid;
- pid_t pid;
- char *selinux_context;
- PolKitSession *session;
-};
-
-/**
- * libpolkit_caller_new:
- *
- * Creates a new #PolKitCaller object.
- *
- * Returns: the new object
- **/
-PolKitCaller *
-libpolkit_caller_new (void)
-{
- PolKitCaller *caller;
- caller = g_new0 (PolKitCaller, 1);
- caller->refcount = 1;
- return caller;
-}
-
-/**
- * libpolkit_caller_ref:
- * @caller: The caller object
- *
- * Increase reference count.
- *
- * Returns: the object
- **/
-PolKitCaller *
-libpolkit_caller_ref (PolKitCaller *caller)
-{
- g_return_val_if_fail (caller != NULL, caller);
- caller->refcount++;
- return caller;
-}
-
-
-/**
- * libpolkit_caller_unref:
- * @caller: The caller object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-libpolkit_caller_unref (PolKitCaller *caller)
-{
- g_return_if_fail (caller != NULL);
- caller->refcount--;
- if (caller->refcount > 0)
- return;
- g_free (caller->dbus_name);
- g_free (caller->selinux_context);
- if (caller->session != NULL)
- libpolkit_session_unref (caller->session);
- g_free (caller);
-}
-
-/**
- * libpolkit_caller_set_dbus_name:
- * @caller: The caller object
- * @dbus_name: unique system bus connection name
- *
- * Set the callers unique system bus connection name.
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-libpolkit_caller_set_dbus_name (PolKitCaller *caller, const char *dbus_name)
-{
- g_return_val_if_fail (caller != NULL, FALSE);
- g_return_val_if_fail (_pk_validate_unique_bus_name (dbus_name), FALSE);
- if (caller->dbus_name != NULL)
- g_free (caller->dbus_name);
- caller->dbus_name = g_strdup (dbus_name);
- return TRUE;
-}
-
-/**
- * libpolkit_caller_set_uid:
- * @caller: The caller object
- * @uid: UNIX user id
- *
- * Set the callers UNIX user id.
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-libpolkit_caller_set_uid (PolKitCaller *caller, uid_t uid)
-{
- g_return_val_if_fail (caller != NULL, FALSE);
- caller->uid = uid;
- return TRUE;
-}
-
-/**
- * libpolkit_caller_set_pid:
- * @caller: The caller object
- * @pid: UNIX process id
- *
- * Set the callers UNIX process id.
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-libpolkit_caller_set_pid (PolKitCaller *caller, pid_t pid)
-{
- g_return_val_if_fail (caller != NULL, FALSE);
- caller->pid = pid;
- return TRUE;
-}
-
-/**
- * libpolkit_caller_set_selinux_context:
- * @caller: The caller object
- * @selinux_context: SELinux security context
- *
- * Set the callers SELinux security context.
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-libpolkit_caller_set_selinux_context (PolKitCaller *caller, const char *selinux_context)
-{
- g_return_val_if_fail (caller != NULL, FALSE);
- /* TODO: probably should have a separate validation function for SELinux contexts */
- g_return_val_if_fail (_pk_validate_identifier (selinux_context), FALSE);
-
- if (caller->selinux_context != NULL)
- g_free (caller->selinux_context);
- caller->selinux_context = g_strdup (selinux_context);
- return TRUE;
-}
-
-/**
- * libpolkit_caller_set_ck_session:
- * @caller: The caller object
- * @session: a session object
- *
- * Set the callers session. The reference count on the given object
- * will be increased by one. If an existing session object was set
- * already, the reference count on that one will be decreased by one.
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-libpolkit_caller_set_ck_session (PolKitCaller *caller, PolKitSession *session)
-{
- g_return_val_if_fail (caller != NULL, FALSE);
- g_return_val_if_fail (libpolkit_session_validate (session), FALSE);
- if (caller->session != NULL)
- libpolkit_session_unref (caller->session);
- caller->session = session != NULL ? libpolkit_session_ref (session) : NULL;
- return TRUE;
-}
-
-/**
- * libpolkit_caller_get_dbus_name:
- * @caller: The caller object
- * @out_dbus_name: Returns the unique system bus connection name. The caller shall not free this string.
- *
- * Get the callers unique system bus connection name.
- *
- * Returns: TRUE iff the value is returned
- **/
-polkit_bool_t
-libpolkit_caller_get_dbus_name (PolKitCaller *caller, char **out_dbus_name)
-{
- g_return_val_if_fail (caller != NULL, FALSE);
- g_return_val_if_fail (out_dbus_name != NULL, FALSE);
- *out_dbus_name = caller->dbus_name;
- return TRUE;
-}
-
-/**
- * libpolkit_caller_get_uid:
- * @caller: The caller object
- * @out_uid: Returns the UNIX user id
- *
- * Get the callers UNIX user id.
- *
- * Returns: TRUE iff the value is returned
- **/
-polkit_bool_t
-libpolkit_caller_get_uid (PolKitCaller *caller, uid_t *out_uid)
-{
- g_return_val_if_fail (caller != NULL, FALSE);
- g_return_val_if_fail (out_uid != NULL, FALSE);
- *out_uid = caller->uid;
- return TRUE;
-}
-
-/**
- * libpolkit_caller_get_pid:
- * @caller: The caller object
- * @out_pid: Returns the UNIX process id
- *
- * Get the callers UNIX process id.
- *
- * Returns: TRUE iff the value is returned
- **/
-polkit_bool_t
-libpolkit_caller_get_pid (PolKitCaller *caller, pid_t *out_pid)
-{
- g_return_val_if_fail (caller != NULL, FALSE);
- g_return_val_if_fail (out_pid != NULL, FALSE);
- *out_pid = caller->pid;
- return TRUE;
-}
-
-/**
- * libpolkit_caller_get_selinux_context:
- * @caller: The caller object
- * @out_selinux_context: Returns the SELinux security context. The caller shall not free this string.
- *
- * Get the callers SELinux security context. Note that this may be
- * #NULL if SELinux is not available on the system.
- *
- * Returns: TRUE iff the value is returned
- **/
-polkit_bool_t
-libpolkit_caller_get_selinux_context (PolKitCaller *caller, char **out_selinux_context)
-{
- g_return_val_if_fail (caller != NULL, FALSE);
- g_return_val_if_fail (out_selinux_context != NULL, FALSE);
- *out_selinux_context = caller->selinux_context;
- return TRUE;
-}
-
-/**
- * libpolkit_caller_get_ck_session:
- * @caller: The caller object
- * @out_session: Returns the session object. Caller shall not unref it.
- *
- * Get the callers session. Note that this may be #NULL if the caller
- * is not in any session.
- *
- * Returns: TRUE iff the value is returned
- **/
-polkit_bool_t
-libpolkit_caller_get_ck_session (PolKitCaller *caller, PolKitSession **out_session)
-{
- g_return_val_if_fail (caller != NULL, FALSE);
- g_return_val_if_fail (out_session != NULL, FALSE);
- *out_session = caller->session;
- return TRUE;
-}
-
-/**
- * libpolkit_caller_debug:
- * @caller: the object
- *
- * Print debug details
- **/
-void
-libpolkit_caller_debug (PolKitCaller *caller)
-{
- g_return_if_fail (caller != NULL);
- _pk_debug ("PolKitCaller: refcount=%d dbus_name=%s uid=%d pid=%d selinux_context=%s",
- caller->refcount, caller->dbus_name, caller->uid, caller->pid, caller->selinux_context);
- if (caller->session != NULL)
- libpolkit_session_debug (caller->session);
-}
-
-
-/**
- * libpolkit_caller_validate:
- * @caller: the object
- *
- * Validate the object
- *
- * Returns: #TRUE iff the object is valid.
- **/
-polkit_bool_t
-libpolkit_caller_validate (PolKitCaller *caller)
-{
- g_return_val_if_fail (caller != NULL, FALSE);
- g_return_val_if_fail (caller->pid > 0, FALSE);
- g_return_val_if_fail (caller->dbus_name != NULL, FALSE);
- /* NOTE TODO FIXME: remove need to have a dbus name set */
- return TRUE;
-}
diff --git a/libpolkit/libpolkit-caller.h b/libpolkit/libpolkit-caller.h
deleted file mode 100644
index bb91f6e..0000000
--- a/libpolkit/libpolkit-caller.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-caller.h : callers
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <libpolkit/libpolkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef LIBPOLKIT_CALLER_H
-#define LIBPOLKIT_CALLER_H
-
-#include <libpolkit/libpolkit-types.h>
-#include <libpolkit/libpolkit-session.h>
-#include <sys/types.h>
-
-struct PolKitCaller;
-typedef struct PolKitCaller PolKitCaller;
-
-PolKitCaller *libpolkit_caller_new (void);
-PolKitCaller *libpolkit_caller_ref (PolKitCaller *caller);
-void libpolkit_caller_unref (PolKitCaller *caller);
-polkit_bool_t libpolkit_caller_set_dbus_name (PolKitCaller *caller, const char *dbus_name);
-polkit_bool_t libpolkit_caller_set_uid (PolKitCaller *caller, uid_t uid);
-polkit_bool_t libpolkit_caller_set_pid (PolKitCaller *caller, pid_t pid);
-polkit_bool_t libpolkit_caller_set_selinux_context (PolKitCaller *caller, const char *selinux_context);
-polkit_bool_t libpolkit_caller_set_ck_session (PolKitCaller *caller, PolKitSession *session);
-polkit_bool_t libpolkit_caller_get_dbus_name (PolKitCaller *caller, char **out_dbus_name);
-polkit_bool_t libpolkit_caller_get_uid (PolKitCaller *caller, uid_t *out_uid);
-polkit_bool_t libpolkit_caller_get_pid (PolKitCaller *caller, pid_t *out_pid);
-polkit_bool_t libpolkit_caller_get_selinux_context (PolKitCaller *caller, char **out_selinux_context);
-polkit_bool_t libpolkit_caller_get_ck_session (PolKitCaller *caller, PolKitSession **out_session);
-
-void libpolkit_caller_debug (PolKitCaller *caller);
-polkit_bool_t libpolkit_caller_validate (PolKitCaller *caller);
-
-#endif /* LIBPOLKIT_H */
diff --git a/libpolkit/libpolkit-context.c b/libpolkit/libpolkit-context.c
deleted file mode 100644
index de9aad8..0000000
--- a/libpolkit/libpolkit-context.c
+++ /dev/null
@@ -1,767 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-context.c : context for PolicyKit
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <glib.h>
-#include "libpolkit-debug.h"
-#include "libpolkit-context.h"
-#include "libpolkit-policy-cache.h"
-#include "libpolkit-module.h"
-
-/**
- * SECTION:libpolkit
- * @short_description: Centralized policy management.
- *
- * libpolkit is a C library for centralized policy management.
- **/
-
-/**
- * SECTION:libpolkit-context
- * @short_description: Context.
- *
- * This class is used to represent the interface to PolicyKit.
- **/
-
-/**
- * PolKitContext:
- *
- * Context object for users of PolicyKit.
- **/
-struct PolKitContext
-{
- int refcount;
-
- PolKitContextConfigChangedCB config_changed_cb;
- void *config_changed_user_data;
-
- PolKitContextFileMonitorAddWatch file_monitor_add_watch_func;
- PolKitContextFileMonitorRemoveWatch file_monitor_remove_watch_func;
-
- char *policy_dir;
-
- PolKitPolicyCache *priv_cache;
-
- GSList *modules;
-};
-
-/**
- * libpolkit_context_new:
- *
- * Create a new context
- *
- * Returns: the object
- **/
-PolKitContext *
-libpolkit_context_new (void)
-{
- PolKitContext *pk_context;
- pk_context = g_new0 (PolKitContext, 1);
- pk_context->refcount = 1;
- return pk_context;
-}
-
-static polkit_bool_t
-unload_modules (PolKitContext *pk_context)
-{
- GSList *i;
- for (i = pk_context->modules; i != NULL; i = g_slist_next (i)) {
- PolKitModuleInterface *module_interface = i->data;
- libpolkit_module_interface_unref (module_interface);
- }
- g_slist_free (pk_context->modules);
- pk_context->modules = NULL;
- _pk_debug ("Unloaded modules");
-
- return TRUE;
-}
-
-static polkit_bool_t
-load_modules (PolKitContext *pk_context, PolKitError **error)
-{
- const char *config_file;
- polkit_bool_t ret;
- char *buf;
- char *end;
- char line[256];
- char *p;
- char *q;
- gsize len;
- int line_number;
- int mod_number;
- GError *g_error;
-
- ret = FALSE;
- buf = NULL;
- mod_number = 0;
-
- config_file = PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf";
- g_error = NULL;
- if (!g_file_get_contents (config_file,
- &buf,
- &len,
- &g_error)) {
- _pk_debug ("Cannot load PolicyKit configuration file at '%s'", config_file);
- polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID,
- "Cannot load PolicyKit configuration file at '%s': %s",
- config_file,
- g_error->message);
- g_error_free (g_error);
- goto out;
- }
-
- end = buf + len;
-
- /* parse the config file; one line at a time (yes, this is super ugly code) */
- p = buf;
- line_number = -1;
- while (TRUE) {
- int argc;
- char **tokens;
- char *module_name;
- char *module_path;
- PolKitModuleControl module_control;
- PolKitModuleInterface *module_interface;
-
- line_number++;
-
- q = p;
- while (*q != '\n' && q != '\0' && q < end)
- q++;
- if (*q == '\0' || q >= end) {
- /* skip last line if it's not terminated by whitespace */
- break;
- }
- if ((unsigned int) (q - p) > sizeof(line) - 1) {
- _pk_debug ("Line is too long; skipping it");
- continue;
- }
- strncpy (line, p, q - p);
- line[q - p] = '\0';
- p = q + 1;
-
- /* remove leading and trailing white space */
- g_strstrip (line);
-
- /* comments, blank lines are fine; just skip them */
- if (line[0] == '#' || strlen (line) == 0) {
- continue;
- }
-
- /*_pk_debug ("Looking at line: '%s'", line);*/
-
- if (!g_shell_parse_argv (line, &argc, &tokens, NULL)) {
- _pk_debug ("Cannot parse line %d - skipping", line_number);
- continue;
- }
- if (argc < 2) {
- _pk_debug ("Line %d is malformed - skipping line", line_number);
- g_strfreev (tokens);
- continue;
- }
- if (!libpolkit_module_control_from_string_representation (tokens[0], &module_control)) {
- _pk_debug ("Unknown module_control '%s' at line %d - skipping line", tokens[0], line_number);
- g_strfreev (tokens);
- continue;
- }
- module_name = tokens[1];
-
- module_path = g_strdup_printf (PACKAGE_LIB_DIR "/PolicyKit/modules/%s", module_name);
- _pk_debug ("MODULE: number=%d control=%d name=%s argc=%d",
- mod_number, module_control, module_name, argc - 1);
- module_interface = libpolkit_module_interface_load_module (module_path,
- module_control,
- argc - 1,
- tokens + 1);
- g_free (module_path);
-
- if (module_interface != NULL) {
- pk_context->modules = g_slist_append (pk_context->modules, module_interface);
- mod_number++;
- }
- g_strfreev (tokens);
-
- }
-
- ret = TRUE;
-
-out:
- if (buf != NULL)
- g_free (buf);
-
- _pk_debug ("Loaded %d modules in total", mod_number);
- return ret;
-}
-
-static void
-_config_file_events (PolKitContext *pk_context,
- PolKitContextFileMonitorEvent event_mask,
- const char *path,
- void *user_data)
-{
- _pk_debug ("Config file changed");
- unload_modules (pk_context);
- load_modules (pk_context, NULL);
-
- /* signal that our configuration (may have) changed */
- if (pk_context->config_changed_cb) {
- pk_context->config_changed_cb (pk_context, pk_context->config_changed_user_data);
- }
-}
-
-static void
-_policy_dir_events (PolKitContext *pk_context,
- PolKitContextFileMonitorEvent event_mask,
- const char *path,
- void *user_data)
-{
- /* mark cache of policy files as stale.. (will be populated on-demand, see _get_cache()) */
- if (pk_context->priv_cache != NULL) {
- _pk_debug ("Something happened in %s - invalidating cache", pk_context->policy_dir);
- libpolkit_policy_cache_unref (pk_context->priv_cache);
- pk_context->priv_cache = NULL;
- }
-
- /* signal that our configuration (may have) changed */
- if (pk_context->config_changed_cb) {
- pk_context->config_changed_cb (pk_context, pk_context->config_changed_user_data);
- }
-}
-
-/**
- * libpolkit_context_init:
- * @pk_context: the context object
- * @error: return location for error
- *
- * Initializes a new context; loads PolicyKit files from
- * /etc/PolicyKit/policy unless the environment variable
- * $POLKIT_POLICY_DIR points to a location.
- *
- * Returns: #FALSE if @error was set, otherwise #TRUE
- **/
-polkit_bool_t
-libpolkit_context_init (PolKitContext *pk_context, PolKitError **error)
-{
- const char *dirname;
-
- dirname = getenv ("POLKIT_POLICY_DIR");
- if (dirname != NULL) {
- pk_context->policy_dir = g_strdup (dirname);
- } else {
- pk_context->policy_dir = g_strdup (PACKAGE_SYSCONF_DIR "/PolicyKit/policy");
- }
- _pk_debug ("Using policy files from directory %s", pk_context->policy_dir);
-
- /* Load modules */
- if (!load_modules (pk_context, error))
- goto error;
-
- /* don't populate the cache until it's needed.. */
-
- if (pk_context->file_monitor_add_watch_func == NULL) {
- _pk_debug ("No file monitor; cannot monitor '%s' for .policy file changes", pk_context->policy_dir);
- } else {
- /* Watch when policy definitions file change */
- pk_context->file_monitor_add_watch_func (pk_context,
- pk_context->policy_dir,
- POLKIT_CONTEXT_FILE_MONITOR_EVENT_CREATE|
- POLKIT_CONTEXT_FILE_MONITOR_EVENT_DELETE|
- POLKIT_CONTEXT_FILE_MONITOR_EVENT_CHANGE,
- _policy_dir_events,
- NULL);
-
- /* Config file changes */
- pk_context->file_monitor_add_watch_func (pk_context,
- PACKAGE_SYSCONF_DIR "/PolicyKit",
- POLKIT_CONTEXT_FILE_MONITOR_EVENT_CREATE|
- POLKIT_CONTEXT_FILE_MONITOR_EVENT_DELETE|
- POLKIT_CONTEXT_FILE_MONITOR_EVENT_CHANGE,
- _config_file_events,
- NULL);
- }
-
- return TRUE;
-error:
- if (pk_context != NULL)
- libpolkit_context_unref (pk_context);
-
- return FALSE;
-}
-
-/**
- * libpolkit_context_ref:
- * @pk_context: the context object
- *
- * Increase reference count.
- *
- * Returns: the object
- **/
-PolKitContext *
-libpolkit_context_ref (PolKitContext *pk_context)
-{
- g_return_val_if_fail (pk_context != NULL, pk_context);
- pk_context->refcount++;
- return pk_context;
-}
-
-/**
- * libpolkit_context_unref:
- * @pk_context: the context object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-libpolkit_context_unref (PolKitContext *pk_context)
-{
-
- g_return_if_fail (pk_context != NULL);
- pk_context->refcount--;
- if (pk_context->refcount > 0)
- return;
-
- unload_modules (pk_context);
-
- g_free (pk_context);
-}
-
-/**
- * libpolkit_context_set_config_changed:
- * @pk_context: the context object
- * @cb: the callback to invoke
- * @user_data: user data to pass to the callback
- *
- * Register the callback function for when configuration changes.
- * Mechanisms should use this callback to e.g. reconfigure all
- * permissions / acl's they have set in response to policy decisions
- * made from information provided by PolicyKit.
- *
- * Note that this function may be called many times within a short
- * interval due to how file monitoring works if e.g. the user is
- * editing a configuration file (editors typically create back-up
- * files). Mechanisms should use a "cool-off" timer (of, say, one
- * second) to avoid doing many expensive operations (such as
- * reconfiguring all ACL's for all devices) within a very short
- * timeframe.
- **/
-void
-libpolkit_context_set_config_changed (PolKitContext *pk_context,
- PolKitContextConfigChangedCB cb,
- void *user_data)
-{
- g_return_if_fail (pk_context != NULL);
- pk_context->config_changed_cb = cb;
- pk_context->config_changed_user_data = user_data;
-}
-
-/**
- * libpolkit_context_set_file_monitor:
- * @pk_context: the context object
- * @add_watch_func: the function that the PolicyKit library can invoke to start watching a file
- * @remove_watch_func: the function that the PolicyKit library can invoke to stop watching a file
- *
- * Register a functions that PolicyKit can use for watching files.
- **/
-void
-libpolkit_context_set_file_monitor (PolKitContext *pk_context,
- PolKitContextFileMonitorAddWatch add_watch_func,
- PolKitContextFileMonitorRemoveWatch remove_watch_func)
-{
- g_return_if_fail (pk_context != NULL);
- pk_context->file_monitor_add_watch_func = add_watch_func;
- pk_context->file_monitor_remove_watch_func = remove_watch_func;
-}
-
-
-/**
- * libpolkit_context_get_policy_cache:
- * @pk_context: the context
- *
- * Get the #PolKitPolicyCache object that holds all the defined policies as well as their defaults.
- *
- * Returns: the #PolKitPolicyCache object. Caller shall not unref it.
- **/
-PolKitPolicyCache *
-libpolkit_context_get_policy_cache (PolKitContext *pk_context)
-{
- g_return_val_if_fail (pk_context != NULL, NULL);
-
- if (pk_context->priv_cache == NULL) {
- PolKitError *error;
-
- _pk_debug ("Populating cache from directory %s", pk_context->policy_dir);
-
- error = NULL;
- pk_context->priv_cache = libpolkit_policy_cache_new (pk_context->policy_dir, &error);
- if (pk_context->priv_cache == NULL) {
- g_warning ("Error loading policy files from %s: %s",
- pk_context->policy_dir, polkit_error_get_error_message (error));
- polkit_error_free (error);
- } else {
- libpolkit_policy_cache_debug (pk_context->priv_cache);
- }
- }
-
- return pk_context->priv_cache;
-}
-
-
-/**
- * libpolkit_context_get_seat_resource_association:
- * @pk_context: the PolicyKit context
- * @visitor: visitor function
- * @user_data: user data
- *
- * Retrieve information about what resources are associated to what
- * seats. Note that a resource may be associated to more than one
- * seat. This information stems from user configuration and consumers
- * of this information that know better (e.g. HAL) may choose to
- * override it.
- *
- * Typically, this information is used to e.g. bootstrap the system
- * insofar that it can be used to start login greeters on the given
- * video hardware (e.g. resources) on the given user-configured seats.
- *
- * If a resource is not associated with any seat, it is assumed to be
- * available to any local seat.
- *
- * Returns: A #PolKitResult - can only be one of
- * #LIBPOLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW or
- * #LIBPOLKIT_RESULT_YES (if the callback was invoked)
- */
-PolKitResult
-libpolkit_context_get_seat_resource_association (PolKitContext *pk_context,
- PolKitSeatVisitorCB visitor,
- void *user_data)
-{
- return LIBPOLKIT_RESULT_YES;
-}
-
-/**
- * libpolkit_context_is_resource_associated_with_seat:
- * @pk_context: the PolicyKit context
- * @resource: the resource in question
- * @seat: the seat
- *
- * Determine if a given resource is associated with a given seat. The
- * same comments noted in libpolkit_get_seat_resource_association() about the
- * source purely being user configuration applies here as well.
- *
- * Returns: A #PolKitResult - can only be one of
- * #LIBPOLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW,
- * #LIBPOLKIT_RESULT_YES, #LIBPOLKIT_RESULT_NO.
- */
-PolKitResult
-libpolkit_context_is_resource_associated_with_seat (PolKitContext *pk_context,
- PolKitResource *resource,
- PolKitSeat *seat)
-{
- return LIBPOLKIT_RESULT_NO;
-}
-
-/**
- * libpolkit_context_can_session_access_resource:
- * @pk_context: the PolicyKit context
- * @action: the type of access to check for
- * @resource: the resource in question or #NULL to test for all resources
- * @session: the session in question
- *
- * Determine if a given session can access a given resource in a given way.
- *
- * Returns: A #PolKitResult - can only be one of
- * #LIBPOLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW,
- * #LIBPOLKIT_RESULT_YES, #LIBPOLKIT_RESULT_NO.
- */
-PolKitResult
-libpolkit_context_can_session_access_resource (PolKitContext *pk_context,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitSession *session)
-{
- PolKitPolicyCache *cache;
- PolKitPolicyFileEntry *pfe;
- PolKitResult current_result;
- PolKitModuleControl current_control;
- GSList *i;
-
- current_result = LIBPOLKIT_RESULT_NO;
- g_return_val_if_fail (pk_context != NULL, current_result);
-
- /* resource may actually by NULL */
- if (action == NULL || session == NULL)
- goto out;
-
-
- /* now validate the incoming objects */
- if (!libpolkit_action_validate (action))
- goto out;
- if (resource == NULL)
- if (!libpolkit_resource_validate (resource))
- goto out;
- if (!libpolkit_session_validate (session))
- goto out;
-
- cache = libpolkit_context_get_policy_cache (pk_context);
- if (cache == NULL)
- goto out;
-
- _pk_debug ("entering libpolkit_can_session_access_resource()");
- libpolkit_action_debug (action);
- if (resource != NULL)
- libpolkit_resource_debug (resource);
- libpolkit_session_debug (session);
-
- pfe = libpolkit_policy_cache_get_entry (cache, action);
- if (pfe == NULL) {
- char *action_name;
- if (!libpolkit_action_get_action_id (action, &action_name)) {
- g_warning ("given action has no name");
- } else {
- g_warning ("no action with name '%s'", action_name);
- }
- current_result = LIBPOLKIT_RESULT_UNKNOWN_ACTION;
- goto out;
- }
-
- libpolkit_policy_file_entry_debug (pfe);
-
- current_result = LIBPOLKIT_RESULT_UNKNOWN_ACTION;
- current_control = LIBPOLKIT_MODULE_CONTROL_ADVISE; /* start with advise */
-
- /* visit modules */
- for (i = pk_context->modules; i != NULL; i = g_slist_next (i)) {
- PolKitModuleInterface *module_interface = i->data;
- PolKitModuleCanSessionAccessResource func;
-
- func = libpolkit_module_get_func_can_session_access_resource (module_interface);
- if (func != NULL) {
- PolKitModuleControl module_control;
- PolKitResult module_result;
-
- _pk_debug ("Asking module '%s'", libpolkit_module_get_name (module_interface));
-
- module_control = libpolkit_module_interface_get_control (module_interface);
-
- if (libpolkit_module_interface_check_builtin_confinement_for_session (
- module_interface,
- pk_context,
- action,
- resource,
- session)) {
- /* module is confined by built-in options */
- module_result = LIBPOLKIT_RESULT_UNKNOWN_ACTION;
- _pk_debug ("Module '%s' confined by built-in's",
- libpolkit_module_get_name (module_interface));
- } else {
- module_result = func (module_interface,
- pk_context,
- action,
- resource,
- session);
- }
-
- /* if a module returns _UNKNOWN_ACTION, it means that it doesn't
- * have an opinion about the query; e.g. polkit-module-allow-all(8)
- * will return this if it's confined to only consider certain actions
- * or certain users.
- */
- if (module_result != LIBPOLKIT_RESULT_UNKNOWN_ACTION) {
-
- if (current_control == LIBPOLKIT_MODULE_CONTROL_ADVISE &&
- module_control == LIBPOLKIT_MODULE_CONTROL_ADVISE) {
-
- /* take the less strict result */
- if (current_result < module_result) {
- current_result = module_result;
- }
-
- } else if (current_control == LIBPOLKIT_MODULE_CONTROL_ADVISE &&
- module_control == LIBPOLKIT_MODULE_CONTROL_MANDATORY) {
-
- /* here we just override */
- current_result = module_result;
-
- /* we are now in mandatory mode */
- current_control = LIBPOLKIT_MODULE_CONTROL_MANDATORY;
- }
- }
- }
- }
-
- /* Never return UNKNOWN_ACTION to user */
- if (current_result == LIBPOLKIT_RESULT_UNKNOWN_ACTION)
- current_result = LIBPOLKIT_RESULT_NO;
-
-out:
- _pk_debug ("... result was %s", libpolkit_result_to_string_representation (current_result));
- return current_result;
-}
-
-/**
- * libpolkit_context_can_caller_access_resource:
- * @pk_context: the PolicyKit context
- * @action: the type of access to check for
- * @resource: the resource in question or #NULL to test for all resources
- * @caller: the resource in question
- *
- * Determine if a given caller can access a given resource in a given way.
- *
- * Returns: A #PolKitResult specifying if, and how, the caller can
- * access the resource in the given way
- */
-PolKitResult
-libpolkit_context_can_caller_access_resource (PolKitContext *pk_context,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitCaller *caller)
-{
- PolKitPolicyCache *cache;
- PolKitPolicyFileEntry *pfe;
- PolKitResult current_result;
- PolKitModuleControl current_control;
- GSList *i;
-
- current_result = LIBPOLKIT_RESULT_NO;
- g_return_val_if_fail (pk_context != NULL, current_result);
-
- /* resource may actually by NULL */
- if (action == NULL || caller == NULL)
- goto out;
-
- cache = libpolkit_context_get_policy_cache (pk_context);
- if (cache == NULL)
- goto out;
-
- /* now validate the incoming objects */
- if (!libpolkit_action_validate (action))
- goto out;
- if (resource == NULL)
- if (!libpolkit_resource_validate (resource))
- goto out;
- if (!libpolkit_caller_validate (caller))
- goto out;
-
- _pk_debug ("entering libpolkit_can_caller_access_resource()");
- libpolkit_action_debug (action);
- if (resource != NULL)
- libpolkit_resource_debug (resource);
- libpolkit_caller_debug (caller);
-
- pfe = libpolkit_policy_cache_get_entry (cache, action);
- if (pfe == NULL) {
- char *action_name;
- if (!libpolkit_action_get_action_id (action, &action_name)) {
- g_warning ("given action has no name");
- } else {
- g_warning ("no action with name '%s'", action_name);
- }
- current_result = LIBPOLKIT_RESULT_UNKNOWN_ACTION;
- goto out;
- }
-
- libpolkit_policy_file_entry_debug (pfe);
-
- current_result = LIBPOLKIT_RESULT_UNKNOWN_ACTION;
- current_control = LIBPOLKIT_MODULE_CONTROL_ADVISE; /* start with advise */
-
- /* visit modules */
- for (i = pk_context->modules; i != NULL; i = g_slist_next (i)) {
- PolKitModuleInterface *module_interface = i->data;
- PolKitModuleCanCallerAccessResource func;
-
- func = libpolkit_module_get_func_can_caller_access_resource (module_interface);
- if (func != NULL) {
- PolKitModuleControl module_control;
- PolKitResult module_result;
-
- _pk_debug ("Asking module '%s'", libpolkit_module_get_name (module_interface));
-
- module_control = libpolkit_module_interface_get_control (module_interface);
-
- if (libpolkit_module_interface_check_builtin_confinement_for_caller (
- module_interface,
- pk_context,
- action,
- resource,
- caller)) {
- /* module is confined by built-in options */
- module_result = LIBPOLKIT_RESULT_UNKNOWN_ACTION;
- _pk_debug ("Module '%s' confined by built-in's",
- libpolkit_module_get_name (module_interface));
- } else {
- module_result = func (module_interface,
- pk_context,
- action,
- resource,
- caller);
- }
-
- /* if a module returns _UNKNOWN_ACTION, it means that it doesn't
- * have an opinion about the query; e.g. polkit-module-allow-all(8)
- * will return this if it's confined to only consider certain actions
- * or certain users.
- */
- if (module_result != LIBPOLKIT_RESULT_UNKNOWN_ACTION) {
-
- if (current_control == LIBPOLKIT_MODULE_CONTROL_ADVISE &&
- module_control == LIBPOLKIT_MODULE_CONTROL_ADVISE) {
-
- /* take the less strict result */
- if (current_result < module_result) {
- current_result = module_result;
- }
-
- } else if (current_control == LIBPOLKIT_MODULE_CONTROL_ADVISE &&
- module_control == LIBPOLKIT_MODULE_CONTROL_MANDATORY) {
-
- /* here we just override */
- current_result = module_result;
-
- /* we are now in mandatory mode */
- current_control = LIBPOLKIT_MODULE_CONTROL_MANDATORY;
- }
- }
- }
- }
-
- /* Never return UNKNOWN_ACTION to user */
- if (current_result == LIBPOLKIT_RESULT_UNKNOWN_ACTION)
- current_result = LIBPOLKIT_RESULT_NO;
-out:
- _pk_debug ("... result was %s", libpolkit_result_to_string_representation (current_result));
- return current_result;
-}
diff --git a/libpolkit/libpolkit-context.h b/libpolkit/libpolkit-context.h
deleted file mode 100644
index cf0f2c4..0000000
--- a/libpolkit/libpolkit-context.h
+++ /dev/null
@@ -1,186 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-context.h : PolicyKit context
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <libpolkit/libpolkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef LIBPOLKIT_CONTEXT_H
-#define LIBPOLKIT_CONTEXT_H
-
-#include <libpolkit/libpolkit-types.h>
-#include <libpolkit/libpolkit-error.h>
-#include <libpolkit/libpolkit-result.h>
-#include <libpolkit/libpolkit-context.h>
-#include <libpolkit/libpolkit-action.h>
-#include <libpolkit/libpolkit-resource.h>
-#include <libpolkit/libpolkit-seat.h>
-#include <libpolkit/libpolkit-session.h>
-#include <libpolkit/libpolkit-caller.h>
-#include <libpolkit/libpolkit-policy-cache.h>
-
-struct PolKitContext;
-typedef struct PolKitContext PolKitContext;
-
-/**
- * PolKitContextConfigChangedCB:
- * @pk_context: PolicyKit context
- * @user_data: user data
- *
- * The type of the callback function for when configuration changes.
- * Mechanisms should use this callback to e.g. reconfigure all
- * permissions / acl's they have set in response to policy decisions
- * made from information provided by PolicyKit.
- *
- * Note that this function may be called many times within a short
- * interval due to how file monitoring works if e.g. the user is
- * editing a configuration file (editors typically create back-up
- * files). Mechanisms should use a "cool-off" timer (of, say, one
- * second) to avoid doing many expensive operations (such as
- * reconfiguring all ACL's for all devices) within a very short
- * timeframe.
- */
-typedef void (*PolKitContextConfigChangedCB) (PolKitContext *pk_context,
- void *user_data);
-
-/**
- * PolKitContextFileMonitorEvent:
- * @POLKIT_CONTEXT_FILE_MONITOR_EVENT_NONE: TODO
- * @POLKIT_CONTEXT_FILE_MONITOR_EVENT_ACCESS: watch when a file is accessed
- * @POLKIT_CONTEXT_FILE_MONITOR_EVENT_CREATE: watch when a file is created
- * @POLKIT_CONTEXT_FILE_MONITOR_EVENT_DELETE: watch when a file is deleted
- * @POLKIT_CONTEXT_FILE_MONITOR_EVENT_CHANGE: watch when a file changes
- *
- * File monitoring events.
- **/
-typedef enum
-{
- POLKIT_CONTEXT_FILE_MONITOR_EVENT_NONE = 1 << 0,
- POLKIT_CONTEXT_FILE_MONITOR_EVENT_ACCESS = 1 << 1,
- POLKIT_CONTEXT_FILE_MONITOR_EVENT_CREATE = 1 << 2,
- POLKIT_CONTEXT_FILE_MONITOR_EVENT_DELETE = 1 << 3,
- POLKIT_CONTEXT_FILE_MONITOR_EVENT_CHANGE = 1 << 4,
-} PolKitContextFileMonitorEvent;
-
-/**
- * PolKitContextFileMonitorNotifyFunc:
- * @pk_context: PolicyKit context
- * @event_mask: event that happened
- * @path: the path to the monitored file
- * @user_data: the user data supplied to the function of type #PolKitContextFileMonitorAddWatch
- *
- * Callback when an event happens on a file that is monitored.
- **/
-typedef void (*PolKitContextFileMonitorNotifyFunc) (PolKitContext *pk_context,
- PolKitContextFileMonitorEvent event_mask,
- const char *path,
- void *user_data);
-
-/**
- * PolKitContextFileMonitorAddWatch:
- * @pk_context: PolicyKit context
- * @path: path to file/directory to monitor for events
- * @event_mask: events to look for
- * @notify_cb: function to call on events
- * @user_data: user data
- *
- * The type of a function that PolicyKit can use to watch file
- * events. This function must call the supplied @notify_cb function
- * (and pass @path and @user_data) on events
- *
- * Returns: A handle for the watch. If zero it means the file cannot
- * be watched. Caller can remove the watch using the supplied function
- * of type #PolKitContextFileMonitorRemoveWatch and the handle.
- */
-typedef int (*PolKitContextFileMonitorAddWatch) (PolKitContext *pk_context,
- const char *path,
- PolKitContextFileMonitorEvent event_mask,
- PolKitContextFileMonitorNotifyFunc notify_cb,
- void *user_data);
-
-/**
- * PolKitContextFileMonitorRemoveWatch:
- * @pk_context: PolicyKit context
- * @watch_id: the watch id
- *
- * The type of a function that PolicyKit can use to stop monitoring
- * file events. Pass the handle obtained from the supplied function of
- * type #PolKitContextFileMonitorAddWatch.
- */
-typedef void (*PolKitContextFileMonitorRemoveWatch) (PolKitContext *pk_context,
- int watch_id);
-
-
-PolKitContext *libpolkit_context_new (void);
-void libpolkit_context_set_config_changed (PolKitContext *pk_context,
- PolKitContextConfigChangedCB cb,
- void *user_data);
-void libpolkit_context_set_file_monitor (PolKitContext *pk_context,
- PolKitContextFileMonitorAddWatch add_watch_func,
- PolKitContextFileMonitorRemoveWatch remove_watch_func);
-polkit_bool_t libpolkit_context_init (PolKitContext *pk_context,
- PolKitError **error);
-PolKitContext *libpolkit_context_ref (PolKitContext *pk_context);
-void libpolkit_context_unref (PolKitContext *pk_context);
-
-PolKitPolicyCache *libpolkit_context_get_policy_cache (PolKitContext *pk_context);
-
-/**
- * PolKitSeatVisitorCB:
- * @seat: the seat
- * @resources_associated_with_seat: A NULL terminated array of resources associated with the seat
- * @user_data: user data
- *
- * Visitor function for libpolkit_get_seat_resource_association(). The caller should _not_ unref the passed objects.
- */
-typedef void (*PolKitSeatVisitorCB) (PolKitSeat *seat,
- PolKitResource **resources_associated_with_seat,
- void *user_data);
-
-PolKitResult
-libpolkit_context_get_seat_resource_association (PolKitContext *pk_context,
- PolKitSeatVisitorCB visitor,
- void *user_data);
-
-PolKitResult
-libpolkit_context_is_resource_associated_with_seat (PolKitContext *pk_context,
- PolKitResource *resource,
- PolKitSeat *seat);
-
-PolKitResult
-libpolkit_context_can_session_access_resource (PolKitContext *pk_context,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitSession *session);
-
-PolKitResult
-libpolkit_context_can_caller_access_resource (PolKitContext *pk_context,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitCaller *caller);
-
-#endif /* LIBPOLKIT_CONTEXT_H */
-
-
diff --git a/libpolkit/libpolkit-debug.c b/libpolkit/libpolkit-debug.c
deleted file mode 100644
index d81b7e7..0000000
--- a/libpolkit/libpolkit-debug.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit.c : library for querying system-wide policy
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-/**
- * SECTION:libpolkit-debug
- * @short_description: Internal debug functions for libpolkit.
- *
- * These functions are used for debug purposes
- **/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <sys/time.h>
-#include <time.h>
-
-#include "libpolkit-types.h"
-#include "libpolkit-debug.h"
-
-/**
- * pk_debug:
- * @format: format
- *
- * Print debug message
- **/
-void
-_pk_debug (const char *format, ...)
-{
- va_list args;
- static polkit_bool_t show_debug = FALSE;
- static polkit_bool_t init = FALSE;
-
- if (!init) {
- init = TRUE;
- if (getenv ("POLKIT_DEBUG") != NULL) {
- show_debug = TRUE;
- }
- }
-
- if (show_debug) {
- struct timeval tnow;
- struct tm *tlocaltime;
- struct timezone tzone;
- char tbuf[256];
- gettimeofday (&tnow, &tzone);
- tlocaltime = localtime ((time_t *) &tnow.tv_sec);
- strftime (tbuf, sizeof (tbuf), "%H:%M:%S", tlocaltime);
- fprintf (stdout, "%s.%03d: ", tbuf, (int)(tnow.tv_usec/1000));
-
- va_start (args, format);
- vfprintf (stdout, format, args);
- va_end (args);
- fprintf (stdout, "\n");
- }
-}
diff --git a/libpolkit/libpolkit-debug.h b/libpolkit/libpolkit-debug.h
deleted file mode 100644
index d6c51f2..0000000
--- a/libpolkit/libpolkit-debug.h
+++ /dev/null
@@ -1,33 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-debug.h : debug infrastructure for libpolkit
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#ifndef LIBPOLKIT_DEBUG_H
-#define LIBPOLKIT_DEBUG_H
-
-void _pk_debug (const char *format, ...) __attribute__((__format__ (__printf__, 1, 2)));
-
-#endif /* LIBPOLKIT_DEBUG_H */
-
-
diff --git a/libpolkit/libpolkit-error.c b/libpolkit/libpolkit-error.c
deleted file mode 100644
index e6cf33b..0000000
--- a/libpolkit/libpolkit-error.c
+++ /dev/null
@@ -1,140 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-error.c : GError error codes from PolicyKit
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-/**
- * SECTION:libpolkit-error
- * @short_description: Error codes from PolicyKit.
- *
- * Error codes from PolicyKit.
- **/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <glib.h>
-
-#include "libpolkit-types.h"
-#include "libpolkit-error.h"
-
-/**
- * PolKitError:
- *
- * Objects of this class are used for error reporting.
- **/
-struct PolKitError
-{
- polkit_bool_t is_static;
- PolKitErrorCode error_code;
- char *error_message;
-};
-
-//static PolKitError _oom_error = {true, POLKIT_ERROR_OUT_OF_MEMORY, "Out of memory"};
-
-/**
- * polkit_error_get_error_code:
- * @error: the error object
- *
- * Returns the error code.
- *
- * Returns: A value from the #PolKitErrorCode enumeration.
- **/
-PolKitErrorCode
-polkit_error_get_error_code (PolKitError *error)
-{
- g_return_val_if_fail (error != NULL, -1);
- return error->error_code;
-}
-
-/**
- * polkit_error_get_error_message:
- * @error: the error object
- *
- * Get the error message.
- *
- * Returns: A string describing the error. Caller shall not free this string.
- **/
-const char *
-polkit_error_get_error_message (PolKitError *error)
-{
- g_return_val_if_fail (error != NULL, NULL);
- return error->error_message;
-}
-
-/**
- * polkit_error_free:
- * @error: the error
- *
- * Free an error.
- **/
-void
-polkit_error_free (PolKitError *error)
-{
- g_return_if_fail (error != NULL);
- if (!error->is_static) {
- g_free (error->error_message);
- g_free (error);
- }
-}
-
-/**
- * polkit_error_set_error:
- * @error: the error object
- * @error_code: A value from the #PolKitErrorCode enumeration.
- * @format: printf style formatting string
- * @Varargs: printf style arguments
- *
- * Sets an error. If OOM, the error will be set to a pre-allocated OOM error.
- **/
-void
-polkit_error_set_error (PolKitError **error, PolKitErrorCode error_code, const char *format, ...)
-{
- va_list args;
- PolKitError *e;
-
- if (*error == NULL)
- return;
-
- e = g_new0 (PolKitError, 1);
- e->is_static = FALSE;
- e->error_code = error_code;
- va_start (args, format);
- e->error_message = g_strdup_vprintf (format, args);
- va_end (args);
-
- *error = e;
-}
-
-
-
diff --git a/libpolkit/libpolkit-error.h b/libpolkit/libpolkit-error.h
deleted file mode 100644
index d5d5e8e..0000000
--- a/libpolkit/libpolkit-error.h
+++ /dev/null
@@ -1,54 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-error.h : error reporting from PolicyKit
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <libpolkit/libpolkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef LIBPOLKIT_ERROR_H
-#define LIBPOLKIT_ERROR_H
-
-/**
- * PolKitErrorCode:
- * @POLKIT_ERROR_OUT_OF_MEMORY: Out of memory
- * @POLKIT_ERROR_POLICY_FILE_INVALID: There was an error parsing the given policy file
- *
- * Error codes returned by PolicyKit
- */
-typedef enum
-{
- POLKIT_ERROR_OUT_OF_MEMORY,
- POLKIT_ERROR_POLICY_FILE_INVALID
-} PolKitErrorCode;
-
-struct PolKitError;
-typedef struct PolKitError PolKitError;
-
-PolKitErrorCode polkit_error_get_error_code (PolKitError *error);
-const char *polkit_error_get_error_message (PolKitError *error);
-void polkit_error_free (PolKitError *error);
-void polkit_error_set_error (PolKitError **error, PolKitErrorCode error_code, const char *format, ...) __attribute__((__format__ (__printf__, 3, 4)));
-
-#endif /* LIBPOLKIT_ERROR_H */
diff --git a/libpolkit/libpolkit-module.c b/libpolkit/libpolkit-module.c
deleted file mode 100644
index 7e1440f..0000000
--- a/libpolkit/libpolkit-module.c
+++ /dev/null
@@ -1,748 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-module.c : PolicyKit loadable module interface
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-/**
- * SECTION:libpolkit-module
- * @short_description: PolicyKit loadable module interface
- *
- * These functions are used by loadable PolicyKit modules.
- **/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-#include <dlfcn.h>
-#include <regex.h>
-#include <pwd.h>
-#include <grp.h>
-#include <glib.h>
-#include <unistd.h>
-
-#include "libpolkit-debug.h"
-#include "libpolkit-module.h"
-
-/**
- * PolKitModuleInterface:
- *
- * Objects of this class are used to interface with PolicyKit modules
- **/
-struct PolKitModuleInterface
-{
- int refcount;
- void *dlopen_handle;
- char *name;
-
- void *module_user_data;
- PolKitModuleControl module_control;
-
- PolKitModuleInitialize func_initialize;
- PolKitModuleShutdown func_shutdown;
- PolKitModuleGetSeatResourceAssociation func_get_seat_resource_association;
- PolKitModuleIsResourceAssociatedWithSeat func_is_resource_associated_with_seat;
- PolKitModuleCanSessionAccessResource func_can_session_access_resource;
- PolKitModuleCanCallerAccessResource func_can_caller_access_resource;
-
- polkit_bool_t builtin_have_action_regex;
- regex_t builtin_action_regex_compiled;
-
- GSList *builtin_users;
-};
-
-static uid_t
-_util_name_to_uid (const char *username, gid_t *default_gid)
-{
- int rc;
- uid_t res;
- char *buf = NULL;
- unsigned int bufsize;
- struct passwd pwd;
- struct passwd *pwdp;
-
- res = (uid_t) -1;
-
- bufsize = sysconf (_SC_GETPW_R_SIZE_MAX);
- buf = g_new0 (char, bufsize);
-
- rc = getpwnam_r (username, &pwd, buf, bufsize, &pwdp);
- if (rc != 0 || pwdp == NULL) {
- /*g_warning ("getpwnam_r() returned %d", rc);*/
- goto out;
- }
-
- res = pwdp->pw_uid;
- if (default_gid != NULL)
- *default_gid = pwdp->pw_gid;
-
-out:
- g_free (buf);
- return res;
-}
-
-static void
-_parse_builtin_remove_option (int *argc, char *argv[], int position)
-{
- int n;
- for (n = position; n < *argc; n++)
- argv[n] = argv[n+1];
- (*argc)--;
-}
-
-static polkit_bool_t
-_parse_builtin (PolKitModuleInterface *mi, int *argc, char *argv[])
-{
- int n;
- polkit_bool_t ret;
-
- ret = FALSE;
-
- for (n = 1; n < *argc; ) {
- if (g_str_has_prefix (argv[n], "action=")) {
- const char *regex;
-
- if (mi->builtin_have_action_regex) {
- _pk_debug ("Already have option 'action='");
- goto error;
- }
-
- regex = argv[n] + 10;
- if (regcomp (&(mi->builtin_action_regex_compiled), regex, REG_EXTENDED) != 0) {
- _pk_debug ("Regex '%s' didn't compile", regex);
- goto error;
- }
- mi->builtin_have_action_regex = TRUE;
-
- _pk_debug ("Compiled regex '%s' for option 'action=' OK", regex);
-
- _parse_builtin_remove_option (argc, argv, n);
- } else if (g_str_has_prefix (argv[n], "user=")) {
- const char *user;
- uid_t uid;
- GSList *i;
-
- user = argv[n] + 5;
- uid = _util_name_to_uid (user, NULL);
- if ((int) uid == -1) {
- _pk_debug ("Unknown user name '%s'", user);
- goto error;
- }
-
- for (i = mi->builtin_users; i != NULL; i = g_slist_next (i)) {
- uid_t uid_in_list = GPOINTER_TO_INT (i->data);
- if (uid_in_list == uid) {
- _pk_debug ("Already have user '%s'", user);
- goto error;
- }
- }
-
- _pk_debug ("adding uid %d", uid);
- mi->builtin_users = g_slist_prepend (mi->builtin_users, GINT_TO_POINTER (uid));
-
- _parse_builtin_remove_option (argc, argv, n);
- } else {
- n++;
- }
- }
-
- ret = TRUE;
-
-error:
- return ret;
-}
-
-/**
- * libpolkit_module_interface_load_module:
- * @name: name of module, e.g. "polkit-module-default.so"
- * @module_control: the module control; from the configuration file
- * @argc: number arguments to pass
- * @argv: argument vector, the first argument must be the filename/path to the module
- *
- * Load and initialize a PolicyKit module
- *
- * Returns: A #PolKitModuleInterface object on success; #NULL on failure.
- **/
-PolKitModuleInterface *
-libpolkit_module_interface_load_module (const char *name, PolKitModuleControl module_control, int argc, char *argv[])
-{
- void *handle;
- PolKitModuleInterface *mi;
- polkit_bool_t (*func) (PolKitModuleInterface *);
-
- mi = NULL;
-
- _pk_debug ("loading %s", name);
-
- handle = dlopen (name, RTLD_NOW | RTLD_LOCAL);
- if (handle == NULL) {
- _pk_debug ("Cannot load module '%s'", name);
- goto error;
- }
-
- func = dlsym (handle, "libpolkit_module_set_functions");
- if (func == NULL) {
- _pk_debug ("Cannot get symbol 'libpolkit_module_set_functions' in module '%s'", name);
- goto error;
- }
-
- _pk_debug ("func = %p", func);
-
- mi = libpolkit_module_interface_new ();
- if (!func (mi)) {
- _pk_debug ("Module '%s' returned FALSE when asked to set functions", name);
- goto error;
- }
-
- if (mi->func_initialize == NULL) {
- _pk_debug ("Module '%s' didn't set initialize function", name);
- goto error;
- }
-
- if (mi->func_shutdown == NULL) {
- _pk_debug ("Module '%s' didn't set shutdown function", name);
- goto error;
- }
-
- if (!_parse_builtin (mi, &argc, argv)) {
- _pk_debug ("Error parsing built-in module options for '%s'", name);
- goto error;
- }
-
- if (!mi->func_initialize (mi, argc, argv)) {
- _pk_debug ("Module '%s' returned FALSE in initialization function", name);
- goto error;
- }
-
- mi->dlopen_handle = handle;
- mi->name = g_strdup (name);
- mi->module_control = module_control;
- return mi;
-error:
- if (mi != NULL)
- libpolkit_module_interface_unref (mi);
- if (handle != NULL)
- dlclose (handle);
- return NULL;
-}
-
-/**
- * libpolkit_module_get_name:
- * @module_interface: the module interface
- *
- * Get the name of the module
- *
- * Returns: name or #NULL if an error occured
- **/
-const char *
-libpolkit_module_get_name (PolKitModuleInterface *module_interface)
-{
- g_return_val_if_fail (module_interface != NULL, NULL);
- return module_interface->name;
-}
-
-
-/**
- * libpolkit_module_interface_new:
- *
- * Create a new #PolKitModuleInterface object.
- *
- * Returns: the new object
- **/
-PolKitModuleInterface *
-libpolkit_module_interface_new (void)
-{
- PolKitModuleInterface *module_interface;
- module_interface = g_new0 (PolKitModuleInterface, 1);
- module_interface->refcount = 1;
- return module_interface;
-}
-
-/**
- * libpolkit_module_interface_ref:
- * @module_interface: the module_interface object
- *
- * Increase reference count.
- *
- * Returns: the object
- **/
-PolKitModuleInterface *
-libpolkit_module_interface_ref (PolKitModuleInterface *module_interface)
-{
- g_return_val_if_fail (module_interface != NULL, module_interface);
- module_interface->refcount++;
- return module_interface;
-}
-
-/**
- * libpolkit_module_interface_unref:
- * @module_interface: the module_interface object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-libpolkit_module_interface_unref (PolKitModuleInterface *module_interface)
-{
- g_return_if_fail (module_interface != NULL);
- module_interface->refcount--;
- if (module_interface->refcount > 0)
- return;
-
- /* builtins */
- if (module_interface->builtin_have_action_regex)
- regfree (&module_interface->builtin_action_regex_compiled);
- g_slist_free (module_interface->builtin_users);
-
- /* shutdown the module and unload it */
- if (module_interface->func_shutdown != NULL)
- module_interface->func_shutdown (module_interface);
- if (module_interface->dlopen_handle != NULL)
- dlclose (module_interface->dlopen_handle);
-
- g_free (module_interface->name);
- g_free (module_interface);
-}
-
-/**
- * libpolkit_module_set_func_initialize:
- * @module_interface: the module interface
- * @func: the function pointer
- *
- * Set the function pointer.
- **/
-void
-libpolkit_module_set_func_initialize (PolKitModuleInterface *module_interface,
- PolKitModuleInitialize func)
-{
- g_return_if_fail (module_interface != NULL);
- module_interface->func_initialize = func;
-}
-
-/**
- * libpolkit_module_set_func_shutdown:
- * @module_interface: the module interface
- * @func: the function pointer
- *
- * Set the function pointer.
- **/
-void
-libpolkit_module_set_func_shutdown (PolKitModuleInterface *module_interface,
- PolKitModuleShutdown func)
-{
- g_return_if_fail (module_interface != NULL);
- module_interface->func_shutdown = func;
-}
-
-/**
- * libpolkit_module_set_func_get_seat_resource_association:
- * @module_interface: the module interface
- * @func: the function pointer
- *
- * Set the function pointer.
- **/
-void
-libpolkit_module_set_func_get_seat_resource_association (PolKitModuleInterface *module_interface,
- PolKitModuleGetSeatResourceAssociation func)
-{
- g_return_if_fail (module_interface != NULL);
- module_interface->func_get_seat_resource_association = func;
-}
-
-/**
- * libpolkit_module_set_func_is_resource_associated_with_seat:
- * @module_interface: the module interface
- * @func: the function pointer
- *
- * Set the function pointer.
- **/
-void libpolkit_module_set_func_is_resource_associated_with_seat (PolKitModuleInterface *module_interface,
- PolKitModuleIsResourceAssociatedWithSeat func)
-{
- g_return_if_fail (module_interface != NULL);
- module_interface->func_is_resource_associated_with_seat = func;
-}
-
-/**
- * libpolkit_module_set_func_can_session_access_resource:
- * @module_interface: the module interface
- * @func: the function pointer
- *
- * Set the function pointer.
- **/
-void libpolkit_module_set_func_can_session_access_resource (PolKitModuleInterface *module_interface,
- PolKitModuleCanSessionAccessResource func)
-{
- g_return_if_fail (module_interface != NULL);
- module_interface->func_can_session_access_resource = func;
-}
-
-/**
- * libpolkit_module_set_func_can_caller_access_resource:
- * @module_interface: the module interface
- * @func: the function pointer
- *
- * Set the function pointer.
- **/
-void libpolkit_module_set_func_can_caller_access_resource (PolKitModuleInterface *module_interface,
- PolKitModuleCanCallerAccessResource func)
-{
- g_return_if_fail (module_interface != NULL);
- module_interface->func_can_caller_access_resource = func;
-}
-
-/**
- * libpolkit_module_get_func_initialize:
- * @module_interface: the module interface
- *
- * Get the function pointer.
- *
- * Returns: Function pointer or #NULL if it's unavailable or an error occured
- **/
-PolKitModuleInitialize
-libpolkit_module_get_func_initialize (PolKitModuleInterface *module_interface)
-{
- g_return_val_if_fail (module_interface != NULL, NULL);
- return module_interface->func_initialize;
-}
-
-/**
- * libpolkit_module_get_func_shutdown:
- * @module_interface: the module interface
- *
- * Get the function pointer.
- *
- * Returns: Function pointer or #NULL if it's unavailable or an error occured
- **/
-PolKitModuleShutdown
-libpolkit_module_get_func_shutdown (PolKitModuleInterface *module_interface)
-{
- g_return_val_if_fail (module_interface != NULL, NULL);
- return module_interface->func_shutdown;
-}
-
-/**
- * libpolkit_module_get_func_get_seat_resource_association:
- * @module_interface: the module interface
- *
- * Get the function pointer.
- *
- * Returns: Function pointer or #NULL if it's unavailable or an error occured
- **/
-PolKitModuleGetSeatResourceAssociation
-libpolkit_module_get_func_get_seat_resource_association (PolKitModuleInterface *module_interface)
-{
- g_return_val_if_fail (module_interface != NULL, NULL);
- return module_interface->func_get_seat_resource_association;
-}
-
-/**
- * libpolkit_module_get_func_is_resource_associated_with_seat:
- * @module_interface: the module interface
- *
- * Get the function pointer.
- *
- * Returns: Function pointer or #NULL if it's unavailable or an error occured
- **/
-PolKitModuleIsResourceAssociatedWithSeat
-libpolkit_module_get_func_is_resource_associated_with_seat (PolKitModuleInterface *module_interface)
-{
- g_return_val_if_fail (module_interface != NULL, NULL);
- return module_interface->func_is_resource_associated_with_seat;
-}
-
-/**
- * libpolkit_module_get_func_can_session_access_resource:
- * @module_interface: the module interface
- *
- * Get the function pointer.
- *
- * Returns: Function pointer or #NULL if it's unavailable or an error occured
- **/
-PolKitModuleCanSessionAccessResource
-libpolkit_module_get_func_can_session_access_resource (PolKitModuleInterface *module_interface)
-{
- g_return_val_if_fail (module_interface != NULL, NULL);
- return module_interface->func_can_session_access_resource;
-}
-
-/**
- * libpolkit_module_get_func_can_caller_access_resource:
- * @module_interface: the module interface
- *
- * Get the function pointer.
- *
- * Returns: Function pointer or #NULL if it's unavailable or an error occured
- **/
-PolKitModuleCanCallerAccessResource
-libpolkit_module_get_func_can_caller_access_resource (PolKitModuleInterface *module_interface)
-{
- g_return_val_if_fail (module_interface != NULL, NULL);
- return module_interface->func_can_caller_access_resource;
-}
-
-
-/**
- * libpolkit_module_interface_get_control:
- * @module_interface: the module interface
- *
- * Get the control for this module.
- *
- * Returns: A #PolKitModuleControl value.
- **/
-PolKitModuleControl
-libpolkit_module_interface_get_control (PolKitModuleInterface *module_interface)
-{
- /* hmm, should we have UNKNOWN? */
- g_return_val_if_fail (module_interface != NULL, LIBPOLKIT_MODULE_CONTROL_MANDATORY);
- return module_interface->module_control;
-}
-
-static const struct {
- PolKitModuleControl module_control;
- const char *str;
-} mapping[] =
-{
- {LIBPOLKIT_MODULE_CONTROL_ADVISE, "advise"},
- {LIBPOLKIT_MODULE_CONTROL_MANDATORY, "mandatory"},
- {0, NULL}
-};
-
-/**
- * libpolkit_module_control_to_string_representation:
- * @module_control: the given value
- *
- * Gives a textual representation of a #PolKitModuleControl object.
- *
- * Returns: The textual representation or #NULL if the value passed is invalid
- **/
-const char *
-libpolkit_module_control_to_string_representation (PolKitModuleControl module_control)
-{
- if (module_control < 0 || module_control >= LIBPOLKIT_MODULE_CONTROL_N_CONTROLS) {
- g_warning ("The passed module control identifier, %d, is not valid", module_control);
- return NULL;
- }
-
- return mapping[module_control].str;
-}
-
-/**
- * libpolkit_module_control_from_string_representation:
- * @string: the textual representation
- * @out_module_control: return location for the value
- *
- * Given a textual representation of a #PolKitModuleControl object, find the #PolKitModuleControl value.
- *
- * Returns: TRUE if the textual representation was valid, otherwise FALSE
- **/
-polkit_bool_t
-libpolkit_module_control_from_string_representation (const char *string, PolKitModuleControl *out_module_control)
-{
- int n;
-
- g_return_val_if_fail (out_module_control != NULL, FALSE);
-
- for (n = 0; n < LIBPOLKIT_MODULE_CONTROL_N_CONTROLS; n++) {
- if (mapping[n].str == NULL)
- break;
- if (g_ascii_strcasecmp (mapping[n].str, string) == 0) {
- *out_module_control = mapping[n].module_control;
- goto found;
- }
- }
-
- return FALSE;
-found:
- return TRUE;
-}
-
-
-/**
- * libpolkit_module_set_user_data:
- * @module_interface: module interface
- * @user_data: user data to set
- *
- * Set user data. A PolicyKit module should use these instead of
- * global variables as multiple instances of the module may be
- * instantiated at the same time.
- **/
-void
-libpolkit_module_set_user_data (PolKitModuleInterface *module_interface, void *user_data)
-{
- g_return_if_fail (module_interface != NULL);
- module_interface->module_user_data = user_data;
-}
-
-/**
- * libpolkit_module_get_user_data:
- * @module_interface: module interface
- *
- * Get user data.
- *
- * Returns: The user data set with libpolkit_module_set_user_data()
- **/
-void *
-libpolkit_module_get_user_data (PolKitModuleInterface *module_interface)
-{
- g_return_val_if_fail (module_interface != NULL, NULL);
- return module_interface->module_user_data;
-}
-
-static polkit_bool_t
-_check_action (PolKitModuleInterface *module_interface, PolKitAction *action)
-{
- polkit_bool_t ret;
-
- ret = FALSE;
-
- if (module_interface->builtin_have_action_regex) {
- char *action_name;
- if (libpolkit_action_get_action_id (action, &action_name)) {
- if (regexec (&module_interface->builtin_action_regex_compiled,
- action_name, 0, NULL, 0) == 0) {
- ret = TRUE;
- }
- }
- } else {
- ret = TRUE;
- }
-
- return ret;
-}
-
-/*----*/
-
-static polkit_bool_t
-_check_uid_in_list (GSList *list, uid_t given_uid)
-{
- GSList *i;
-
- for (i = list; i != NULL; i = g_slist_next (i)) {
- uid_t uid = GPOINTER_TO_INT (i->data);
- if (given_uid == uid)
- return TRUE;
- }
- return FALSE;
-}
-
-static polkit_bool_t
-_check_users_for_session (PolKitModuleInterface *module_interface, PolKitSession *session)
-{
- uid_t uid;
- GSList *list;
- if ((list = module_interface->builtin_users) == NULL)
- return TRUE;
- if (session == NULL)
- return FALSE;
- if (!libpolkit_session_get_uid (session, &uid))
- return FALSE;
- return _check_uid_in_list (list, uid);
-}
-
-static polkit_bool_t
-_check_users_for_caller (PolKitModuleInterface *module_interface, PolKitCaller *caller)
-{
- uid_t uid;
- GSList *list;
- if ((list = module_interface->builtin_users) == NULL)
- return TRUE;
- if (caller == NULL)
- return FALSE;
- if (!libpolkit_caller_get_uid (caller, &uid))
- return FALSE;
- return _check_uid_in_list (list, uid);
-}
-
-
-/**
- * libpolkit_module_interface_check_builtin_confinement_for_session:
- * @module_interface: the given module
- * @pk_context: the PolicyKit context
- * @action: the type of access to check for
- * @resource: the resource in question
- * @session: the session in question
- *
- * Check whether some of the built-in module options (e.g. action="hal-storage-*",
- * user=davidz) confines the given module, e.g. whether it should be skipped.
- *
- * Returns: TRUE if, and only if, the module is confined from handling the request
- **/
-polkit_bool_t
-libpolkit_module_interface_check_builtin_confinement_for_session (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitSession *session)
-{
- polkit_bool_t ret;
- ret = TRUE;
-
- g_return_val_if_fail (module_interface != NULL, ret);
-
- if (!_check_action (module_interface, action))
- goto out;
- if (!_check_users_for_session (module_interface, session))
- goto out;
-
- /* not confined */
- ret = FALSE;
-out:
- return ret;
-}
-
-/**
- * libpolkit_module_interface_check_builtin_confinement_for_caller:
- * @module_interface: the given module
- * @pk_context: the PolicyKit context
- * @action: the type of access to check for
- * @resource: the resource in question
- * @caller: the resource in question
- *
- * Check whether some of the built-in module options (e.g. action="hal-storage-*",
- * user=davidz) confines the given module, e.g. whether it should be skipped.
- *
- * Returns: TRUE if, and only if, the module is confined from handling the request
- **/
-polkit_bool_t
-libpolkit_module_interface_check_builtin_confinement_for_caller (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitCaller *caller)
-{
- polkit_bool_t ret;
- ret = TRUE;
-
- g_return_val_if_fail (module_interface != NULL, ret);
-
- if (!_check_action (module_interface, action))
- goto out;
- if (!_check_users_for_caller (module_interface, caller))
- goto out;
-
- /* not confined */
- ret = FALSE;
-out:
- return ret;
-}
diff --git a/libpolkit/libpolkit-module.h b/libpolkit/libpolkit-module.h
deleted file mode 100644
index bb4bbc9..0000000
--- a/libpolkit/libpolkit-module.h
+++ /dev/null
@@ -1,207 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-module.h : PolicyKit loadable module interface
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <libpolkit/libpolkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef LIBPOLKIT_MODULE_H
-#define LIBPOLKIT_MODULE_H
-
-#include <libpolkit/libpolkit-types.h>
-#include <libpolkit/libpolkit.h>
-
-struct PolKitModuleInterface;
-typedef struct PolKitModuleInterface PolKitModuleInterface;
-
-/**
- * PolKitModuleInitialize:
- * @module_interface: the module interface
- * @argc: number of arguments to pass to module
- * @argv: arguments passed to module; the first argument is the filename/path to the module
- *
- * Type of PolicyKit module function to initialize the module.
- *
- * Returns: Whether the module was initialized.
- **/
-typedef polkit_bool_t (*PolKitModuleInitialize) (PolKitModuleInterface *module_interface,
- int argc,
- char *argv[]);
-
-/**
- * PolKitModuleShutdown:
- * @module_interface: the module interface
- *
- * Type of PolicyKit module function to shutdown the module.
- **/
-typedef void (*PolKitModuleShutdown) (PolKitModuleInterface *module_interface);
-
-/**
- * PolKitModuleGetSeatResourceAssociation:
- * @module_interface: the module interface
- * @pk_context: the PolicyKit context
- * @visitor: visitor function
- * @user_data: user data
- *
- * Type of PolicyKit module function to implement libpolkit_get_seat_resource_association().
- *
- * Returns: the #PolKitResult
- **/
-typedef PolKitResult (*PolKitModuleGetSeatResourceAssociation) (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitSeatVisitorCB visitor,
- void *user_data);
-
-/**
- * PolKitModuleIsResourceAssociatedWithSeat:
- * @module_interface: the module interface
- * @pk_context: the PolicyKit context
- * @resource: the resource in question
- * @seat: the seat
- *
- * Type of PolicyKit module function to implement libpolkit_is_resource_associated_with_seat().
- *
- * Returns: the #PolKitResult
- **/
-typedef PolKitResult (*PolKitModuleIsResourceAssociatedWithSeat) (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitResource *resource,
- PolKitSeat *seat);
-
-/**
- * PolKitModuleCanSessionAccessResource:
- * @module_interface: the module interface
- * @pk_context: the PolicyKit context
- * @action: the type of access to check for
- * @resource: the resource in question
- * @session: the session in question
- *
- * Type of PolicyKit module function to implement libpolkit_can_session_access_resource().
- *
- * Returns: the #PolKitResult
- **/
-typedef PolKitResult (*PolKitModuleCanSessionAccessResource) (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitSession *session);
-
-/**
- * PolKitModuleCanCallerAccessResource:
- * @module_interface: the module interface
- * @pk_context: the PolicyKit context
- * @action: the type of access to check for
- * @resource: the resource in question
- * @caller: the resource in question
- *
- * Type of PolicyKit module function to implement libpolkit_can_caller_access_resource().
- *
- * Returns: the #PolKitResult
- **/
-typedef PolKitResult (*PolKitModuleCanCallerAccessResource) (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitCaller *caller);
-
-PolKitModuleInterface *libpolkit_module_interface_new (void);
-PolKitModuleInterface *libpolkit_module_interface_ref (PolKitModuleInterface *module_interface);
-void libpolkit_module_interface_unref (PolKitModuleInterface *module_interface);
-const char *libpolkit_module_get_name (PolKitModuleInterface *module_interface);
-
-void libpolkit_module_set_user_data (PolKitModuleInterface *module_interface, void *user_data);
-void *libpolkit_module_get_user_data (PolKitModuleInterface *module_interface);
-
-void libpolkit_module_set_func_initialize (PolKitModuleInterface *module_interface,
- PolKitModuleInitialize func);
-void libpolkit_module_set_func_shutdown (PolKitModuleInterface *module_interface,
- PolKitModuleShutdown func);
-void libpolkit_module_set_func_get_seat_resource_association (PolKitModuleInterface *module_interface,
- PolKitModuleGetSeatResourceAssociation func);
-void libpolkit_module_set_func_is_resource_associated_with_seat (PolKitModuleInterface *module_interface,
- PolKitModuleIsResourceAssociatedWithSeat func);
-void libpolkit_module_set_func_can_session_access_resource (PolKitModuleInterface *module_interface,
- PolKitModuleCanSessionAccessResource func);
-void libpolkit_module_set_func_can_caller_access_resource (PolKitModuleInterface *module_interface,
- PolKitModuleCanCallerAccessResource func);
-
-PolKitModuleInitialize libpolkit_module_get_func_initialize (PolKitModuleInterface *module_interface);
-PolKitModuleShutdown libpolkit_module_get_func_shutdown (PolKitModuleInterface *module_interface);
-PolKitModuleGetSeatResourceAssociation libpolkit_module_get_func_get_seat_resource_association (PolKitModuleInterface *module_interface);
-PolKitModuleIsResourceAssociatedWithSeat libpolkit_module_get_func_is_resource_associated_with_seat (PolKitModuleInterface *module_interface);
-PolKitModuleCanSessionAccessResource libpolkit_module_get_func_can_session_access_resource (PolKitModuleInterface *module_interface);
-PolKitModuleCanCallerAccessResource libpolkit_module_get_func_can_caller_access_resource (PolKitModuleInterface *module_interface);
-
-/**
- * PolKitModuleControl:
- * @LIBPOLKIT_MODULE_CONTROL_ADVISE: Allow modules, marked with #LIBPOLKIT_MODULE_CONTROL_MANDATORY, down the
- * stack to override results from this module. Modules down the stack that are also marked with
- * the #LIBPOLKIT_MODULE_CONTROL_ADVISE control will only take effect it they change the result to be "less strict".
- * @LIBPOLKIT_MODULE_CONTROL_MANDATORY: Always use results (unless it returns
- * #LIBPOLKIT_RESULT_UNKNOWN_ACTION for a given request) from this module, even if it changes whether the
- * result to be "more strict". . If a later module also uses this control, results from that module will override it.
- * @LIBPOLKIT_MODULE_CONTROL_N_CONTROLS: Number of control stanzas
- *
- * The control stanza for a PolicyKit module. This is read from the
- * PolicyKit configuration file (/etc/PolicyKit/PolicyKit.conf) that
- * defines the stacked order of the modules and is chosen by the
- * system administrator. See the definition of #PolKitResult for
- * the definition of "strict" with respect to result values.
- **/
-typedef enum
-{
- LIBPOLKIT_MODULE_CONTROL_ADVISE,
- LIBPOLKIT_MODULE_CONTROL_MANDATORY,
- LIBPOLKIT_MODULE_CONTROL_N_CONTROLS
-} PolKitModuleControl;
-
-const char *
-libpolkit_module_control_to_string_representation (PolKitModuleControl module_control);
-
-polkit_bool_t
-libpolkit_module_control_from_string_representation (const char *string, PolKitModuleControl *out_module_control);
-
-PolKitModuleInterface *libpolkit_module_interface_load_module (const char *name,
- PolKitModuleControl module_control,
- int argc, char *argv[]);
-
-PolKitModuleControl libpolkit_module_interface_get_control (PolKitModuleInterface *module_interface);
-
-
-polkit_bool_t
-libpolkit_module_interface_check_builtin_confinement_for_session (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitSession *session);
-
-polkit_bool_t
-libpolkit_module_interface_check_builtin_confinement_for_caller (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitCaller *caller);
-
-#endif /* LIBPOLKIT_MODULE_H */
diff --git a/libpolkit/libpolkit-policy-cache.c b/libpolkit/libpolkit-policy-cache.c
deleted file mode 100644
index f5549d0..0000000
--- a/libpolkit/libpolkit-policy-cache.c
+++ /dev/null
@@ -1,248 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-policy-cache.c : policy cache
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <glib.h>
-#include "libpolkit-debug.h"
-#include "libpolkit-policy-file.h"
-#include "libpolkit-policy-cache.h"
-
-/**
- * SECTION:libpolkit-policy-cache
- * @short_description: Class for holding all policy objects.
- *
- * This class is used to hold all policy objects (stemming from policy
- * files) and provide look-up functions.
- **/
-
-/**
- * PolKitPolicyCache:
- *
- * Instances of this class are used to hold all policy objects
- * (stemming from policy files) and provide look-up functions.
- **/
-struct PolKitPolicyCache
-{
- int refcount;
-
- GSList *priv_entries;
-};
-
-
-static void
-_append_entry (PolKitPolicyFile *policy_file,
- PolKitPolicyFileEntry *policy_file_entry,
- void *user_data)
-{
- PolKitPolicyCache *policy_cache = user_data;
-
- libpolkit_policy_file_entry_ref (policy_file_entry);
- policy_cache->priv_entries = g_slist_append (policy_cache->priv_entries, policy_file_entry);
-}
-
-/**
- * libpolkit_policy_cache_new:
- * @dirname: directory containing policy files
- * @error: location to return error
- *
- * Create a new #PolKitPolicyCache object and load information from policy files.
- *
- * Returns: #NULL if @error was set, otherwise the #PolKitPolicyCache object
- **/
-PolKitPolicyCache *
-libpolkit_policy_cache_new (const char *dirname, PolKitError **error)
-{
- const char *file;
- GDir *dir;
- PolKitPolicyCache *pc;
- GError *g_error;
-
- pc = g_new0 (PolKitPolicyCache, 1);
- pc->refcount = 1;
-
- g_error = NULL;
- dir = g_dir_open (dirname, 0, &g_error);
- if (dir == NULL) {
- polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID,
- "Cannot load policy files from directory %s: %s",
- dirname,
- g_error->message);
- g_error_free (g_error);
- goto out;
- }
- while ((file = g_dir_read_name (dir)) != NULL) {
- char *path;
- PolKitPolicyFile *pf;
-
- if (!g_str_has_suffix (file, ".policy"))
- continue;
-
- if (g_str_has_prefix (file, "."))
- continue;
-
- path = g_strdup_printf ("%s/%s", dirname, file);
-
- _pk_debug ("Loading %s", path);
- pf = libpolkit_policy_file_new (path, error);
- g_free (path);
-
- if (pf == NULL) {
- goto out;
- }
-
- /* steal entries */
- libpolkit_policy_file_entry_foreach (pf, _append_entry, pc);
- libpolkit_policy_file_unref (pf);
- }
- g_dir_close (dir);
-
- return pc;
-out:
- if (pc != NULL)
- libpolkit_policy_cache_ref (pc);
- return NULL;
-}
-
-/**
- * libpolkit_policy_cache_ref:
- * @policy_cache: the policy cache object
- *
- * Increase reference count.
- *
- * Returns: the object
- **/
-PolKitPolicyCache *
-libpolkit_policy_cache_ref (PolKitPolicyCache *policy_cache)
-{
- g_return_val_if_fail (policy_cache != NULL, policy_cache);
- policy_cache->refcount++;
- return policy_cache;
-}
-
-/**
- * libpolkit_policy_cache_unref:
- * @policy_cache: the policy cache object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-libpolkit_policy_cache_unref (PolKitPolicyCache *policy_cache)
-{
- GSList *i;
-
- g_return_if_fail (policy_cache != NULL);
- policy_cache->refcount--;
- if (policy_cache->refcount > 0)
- return;
-
- for (i = policy_cache->priv_entries; i != NULL; i = g_slist_next (i)) {
- PolKitPolicyFileEntry *pfe = i->data;
- libpolkit_policy_file_entry_unref (pfe);
- }
- if (policy_cache->priv_entries != NULL)
- g_slist_free (policy_cache->priv_entries);
-
- g_free (policy_cache);
-}
-
-/**
- * libpolkit_policy_cache_debug:
- * @policy_cache: the cache
- *
- * Print debug information about object
- **/
-void
-libpolkit_policy_cache_debug (PolKitPolicyCache *policy_cache)
-{
- GSList *i;
- g_return_if_fail (policy_cache != NULL);
-
- _pk_debug ("PolKitPolicyCache: refcount=%d num_entries=%d ...",
- policy_cache->refcount,
- policy_cache->priv_entries == NULL ? 0 : g_slist_length (policy_cache->priv_entries));
-
- for (i = policy_cache->priv_entries; i != NULL; i = g_slist_next (i)) {
- PolKitPolicyFileEntry *pfe = i->data;
- libpolkit_policy_file_entry_debug (pfe);
- }
-}
-
-/**
- * libpolkit_policy_cache_get_entry:
- * @policy_cache: the cache
- * @action: the action
- *
- * Given a action, find the object describing the definition of the
- * policy; e.g. data stemming from files in
- * /etc/PolicyKit/policy.
- *
- * Returns: A #PolKitPolicyFileEntry entry on sucess; otherwise
- * #NULL if the action wasn't identified. Caller shall not unref
- * this object.
- **/
-PolKitPolicyFileEntry*
-libpolkit_policy_cache_get_entry (PolKitPolicyCache *policy_cache,
- PolKitAction *action)
-{
- char *priv_id;
- GSList *i;
- PolKitPolicyFileEntry *pfe;
-
- pfe = NULL;
-
- /* I'm sure it would be easy to make this O(1)... */
-
- g_return_val_if_fail (policy_cache != NULL, NULL);
- g_return_val_if_fail (action != NULL, NULL);
-
- if (!libpolkit_action_get_action_id (action, &priv_id))
- goto out;
-
- for (i = policy_cache->priv_entries; i != NULL; i = g_slist_next (i)) {
- pfe = i->data;
- if (strcmp (libpolkit_policy_file_entry_get_id (pfe), priv_id) == 0) {
- goto out;
- }
- }
-
- pfe = NULL;
-
-out:
- return pfe;
-}
diff --git a/libpolkit/libpolkit-policy-cache.h b/libpolkit/libpolkit-policy-cache.h
deleted file mode 100644
index 12cf00e..0000000
--- a/libpolkit/libpolkit-policy-cache.h
+++ /dev/null
@@ -1,50 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-policy-cache.h : policy cache
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <libpolkit/libpolkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef LIBPOLKIT_POLICY_CACHE_H
-#define LIBPOLKIT_POLICY_CACHE_H
-
-#include <libpolkit/libpolkit-error.h>
-#include <libpolkit/libpolkit-action.h>
-#include <libpolkit/libpolkit-policy-file-entry.h>
-
-struct PolKitPolicyCache;
-typedef struct PolKitPolicyCache PolKitPolicyCache;
-
-PolKitPolicyCache *libpolkit_policy_cache_new (const char *dirname, PolKitError **error);
-PolKitPolicyCache *libpolkit_policy_cache_ref (PolKitPolicyCache *policy_cache);
-void libpolkit_policy_cache_unref (PolKitPolicyCache *policy_cache);
-void libpolkit_policy_cache_debug (PolKitPolicyCache *policy_cache);
-
-PolKitPolicyFileEntry* libpolkit_policy_cache_get_entry (PolKitPolicyCache *policy_cache,
- PolKitAction *action);
-
-#endif /* LIBPOLKIT_POLICY_CACHE_H */
-
-
diff --git a/libpolkit/libpolkit-policy-default.c b/libpolkit/libpolkit-policy-default.c
deleted file mode 100644
index 1cba253..0000000
--- a/libpolkit/libpolkit-policy-default.c
+++ /dev/null
@@ -1,322 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-policy-default.c : policy definition for the defaults
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <glib.h>
-#include "libpolkit-debug.h"
-#include "libpolkit-error.h"
-#include "libpolkit-policy-default.h"
-
-/**
- * SECTION:libpolkit-policy-default
- * @short_description: Defaults policy.
- *
- * This class records the default policy of an action.
- **/
-
-/**
- * PolKitPolicyDefault:
- *
- * Objects of this class are used to record information about a
- * default policy for an action.
- **/
-struct PolKitPolicyDefault
-{
- int refcount;
- PolKitResult default_remote_inactive;
- PolKitResult default_remote_active;
- PolKitResult default_local_inactive;
- PolKitResult default_local_active;
-};
-
-static gboolean
-parse_default (const char *key, char *s, const char *group, PolKitResult* target, PolKitError **error)
-{
- gboolean ret;
-
- ret = libpolkit_result_from_string_representation (s, target);
- if (!ret) {
- int n;
- char *s2;
- GString *str;
-
- str = g_string_new (NULL);
- for (n = 0; n < LIBPOLKIT_RESULT_N_RESULTS; n++) {
- if (n == LIBPOLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW)
- continue;
-
- if (str->len > 0) {
- g_string_append (str, ", ");
- }
- g_string_append (str, libpolkit_result_to_string_representation (n));
- }
- s2 = g_string_free (str, FALSE);
-
- polkit_error_set_error (error,
- POLKIT_ERROR_POLICY_FILE_INVALID,
- "Value '%s' is not allowed for key '%s' in group '%s'; "
- "supported values are: %s",
- s,
- key,
- group,
- s2);
- g_free (s2);
- }
-
- g_free (s);
- return ret;
-}
-
-extern PolKitPolicyDefault *_libpolkit_policy_default_new (GKeyFile *key_file, const char *action, PolKitError **error);
-
-PolKitPolicyDefault *
-_libpolkit_policy_default_new (GKeyFile *key_file, const char *action, PolKitError **error)
-{
- const char *key;
- const char *group;
- char *s;
- char buf[256];
- PolKitPolicyDefault *pd;
- GError *g_error;
-
- pd = g_new0 (PolKitPolicyDefault, 1);
- pd->refcount = 1;
-
- g_snprintf (buf, sizeof (buf), "Action %s", action);
- group = buf;
-
- g_error = NULL;
- key = "AllowRemoteInactive";
- if ((s = g_key_file_get_string (key_file, group, key, &g_error)) == NULL)
- goto error;
- if (!parse_default (key, s, group, &pd->default_remote_inactive, error))
- goto error;
- key = "AllowRemoteActive";
- if ((s = g_key_file_get_string (key_file, group, key, &g_error)) == NULL)
- goto error;
- if (!parse_default (key, s, group, &pd->default_remote_active, error))
- goto error;
- key = "AllowLocalInactive";
- if ((s = g_key_file_get_string (key_file, group, key, &g_error)) == NULL)
- goto error;
- if (!parse_default (key, s, group, &pd->default_local_inactive, error))
- goto error;
- key = "AllowLocalActive";
- if ((s = g_key_file_get_string (key_file, group, key, &g_error)) == NULL)
- goto error;
- if (!parse_default (key, s, group, &pd->default_local_active, error))
- goto error;
-
- return pd;
-error:
- if (g_error != NULL) {
- polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID,
- "Missing key in policy file: %s",
- g_error->message);
- g_error_free (g_error);
- }
-
- if (pd != NULL)
- libpolkit_policy_default_ref (pd);
- return NULL;
-}
-
-/**
- * libpolkit_policy_default_ref:
- * @policy_default: the policy object
- *
- * Increase reference count.
- *
- * Returns: the object
- **/
-PolKitPolicyDefault *
-libpolkit_policy_default_ref (PolKitPolicyDefault *policy_default)
-{
- g_return_val_if_fail (policy_default != NULL, policy_default);
- policy_default->refcount++;
- return policy_default;
-}
-
-/**
- * libpolkit_policy_default_unref:
- * @policy_default: the object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-libpolkit_policy_default_unref (PolKitPolicyDefault *policy_default)
-{
- g_return_if_fail (policy_default != NULL);
- policy_default->refcount--;
- if (policy_default->refcount > 0)
- return;
- g_free (policy_default);
-}
-
-/**
- * libpolkit_policy_default_debug:
- * @policy_default: the object
- *
- * Print debug details
- **/
-void
-libpolkit_policy_default_debug (PolKitPolicyDefault *policy_default)
-{
- g_return_if_fail (policy_default != NULL);
- _pk_debug ("PolKitPolicyDefault: refcount=%d\n"
- " default_remote_inactive=%s\n"
- " default_remote_active=%s\n"
- " default_local_inactive=%s\n"
- " default_local_active=%s",
- policy_default->refcount,
- libpolkit_result_to_string_representation (policy_default->default_remote_inactive),
- libpolkit_result_to_string_representation (policy_default->default_remote_active),
- libpolkit_result_to_string_representation (policy_default->default_local_inactive),
- libpolkit_result_to_string_representation (policy_default->default_local_active));
-}
-
-
-/**
- * libpolkit_policy_default_can_session_access_resource:
- * @policy_default: the object
- * @action: the type of access to check for
- * @resource: the resource in question
- * @session: the session in question
- *
- * Using the default policy for an action, determine if a given
- * session can access a given resource in a given way.
- *
- * Returns: A #PolKitResult - can only be one of
- * #LIBPOLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW,
- * #LIBPOLKIT_RESULT_YES, #LIBPOLKIT_RESULT_NO.
- **/
-PolKitResult
-libpolkit_policy_default_can_session_access_resource (PolKitPolicyDefault *policy_default,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitSession *session)
-{
- polkit_bool_t is_local;
- polkit_bool_t is_active;
- PolKitResult ret;
-
- ret = LIBPOLKIT_RESULT_NO;
-
- g_return_val_if_fail (policy_default != NULL, ret);
- g_return_val_if_fail (action != NULL, ret);
- g_return_val_if_fail (session != NULL, ret);
-
- if (!libpolkit_session_get_ck_is_local (session, &is_local))
- goto out;
- if (!libpolkit_session_get_ck_is_active (session, &is_active))
- goto out;
-
- if (is_local) {
- if (is_active) {
- ret = policy_default->default_local_active;
- } else {
- ret = policy_default->default_local_inactive;
- }
- } else {
- if (is_active) {
- ret = policy_default->default_remote_active;
- } else {
- ret = policy_default->default_remote_inactive;
- }
- }
-out:
- return ret;
-}
-
-/**
- * libpolkit_policy_default_can_caller_access_resource:
- * @policy_default: the object
- * @action: the type of access to check for
- * @resource: the resource in question
- * @caller: the resource in question
- *
- * Using the default policy for an action, determine if a given
- * caller can access a given resource in a given way.
- *
- * Returns: A #PolKitResult specifying if, and how, the caller can
- * access the resource in the given way
- **/
-PolKitResult
-libpolkit_policy_default_can_caller_access_resource (PolKitPolicyDefault *policy_default,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitCaller *caller)
-{
- polkit_bool_t is_local;
- polkit_bool_t is_active;
- PolKitSession *session;
- PolKitResult ret;
-
- ret = LIBPOLKIT_RESULT_NO;
-
- g_return_val_if_fail (policy_default != NULL, ret);
- g_return_val_if_fail (action != NULL, ret);
- g_return_val_if_fail (caller != NULL, ret);
-
- if (!libpolkit_caller_get_ck_session (caller, &session))
- goto out;
- if (session == NULL)
- goto out;
-
- if (!libpolkit_session_get_ck_is_local (session, &is_local))
- goto out;
- if (!libpolkit_session_get_ck_is_active (session, &is_active))
- goto out;
-
- if (is_local) {
- if (is_active) {
- ret = policy_default->default_local_active;
- } else {
- ret = policy_default->default_local_inactive;
- }
- } else {
- if (is_active) {
- ret = policy_default->default_remote_active;
- } else {
- ret = policy_default->default_remote_inactive;
- }
- }
-out:
- return ret;
-}
diff --git a/libpolkit/libpolkit-policy-default.h b/libpolkit/libpolkit-policy-default.h
deleted file mode 100644
index 19cce21..0000000
--- a/libpolkit/libpolkit-policy-default.h
+++ /dev/null
@@ -1,60 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-policy-default.h : policy definition for the defaults
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <libpolkit/libpolkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef LIBPOLKIT_POLICY_DEFAULT_H
-#define LIBPOLKIT_POLICY_DEFAULT_H
-
-#include <libpolkit/libpolkit-result.h>
-#include <libpolkit/libpolkit-action.h>
-#include <libpolkit/libpolkit-resource.h>
-#include <libpolkit/libpolkit-session.h>
-#include <libpolkit/libpolkit-caller.h>
-#include <libpolkit/libpolkit-error.h>
-
-struct PolKitPolicyDefault;
-typedef struct PolKitPolicyDefault PolKitPolicyDefault;
-
-PolKitPolicyDefault *libpolkit_policy_default_ref (PolKitPolicyDefault *policy_default);
-void libpolkit_policy_default_unref (PolKitPolicyDefault *policy_default);
-void libpolkit_policy_default_debug (PolKitPolicyDefault *policy_default);
-
-PolKitResult libpolkit_policy_default_can_session_access_resource (PolKitPolicyDefault *policy_default,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitSession *session);
-PolKitResult libpolkit_policy_default_can_caller_access_resource (PolKitPolicyDefault *policy_default,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitCaller *caller);
-
-/* TODO: export knobs for "default policy" */
-
-#endif /* LIBPOLKIT_POLICY_DEFAULT_H */
-
-
diff --git a/libpolkit/libpolkit-policy-file-entry.c b/libpolkit/libpolkit-policy-file-entry.c
deleted file mode 100644
index e07f46e..0000000
--- a/libpolkit/libpolkit-policy-file-entry.c
+++ /dev/null
@@ -1,171 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-policy-file-entry.c : entries in policy files
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <glib.h>
-#include "libpolkit-debug.h"
-#include "libpolkit-error.h"
-#include "libpolkit-result.h"
-#include "libpolkit-policy-file-entry.h"
-
-/**
- * SECTION:libpolkit-policy-file-entry
- * @short_description: Policy files entries.
- *
- * This class is used to represent a entries in policy files.
- **/
-
-/**
- * PolKitPolicyFileEntry:
- *
- * Objects of this class are used to record information about a
- * policy.
- **/
-struct PolKitPolicyFileEntry
-{
- int refcount;
- char *action;
- PolKitPolicyDefault *defaults;
-};
-
-PolKitPolicyFileEntry *
-_libpolkit_policy_file_entry_new (GKeyFile *key_file, const char *action, PolKitError **error);
-
-extern PolKitPolicyDefault *_libpolkit_policy_default_new (GKeyFile *key_file, const char *action, PolKitError **error);
-
-extern PolKitPolicyFileEntry *
-_libpolkit_policy_file_entry_new (GKeyFile *key_file, const char *action, PolKitError **error)
-{
- PolKitPolicyFileEntry *pfe;
-
- pfe = g_new0 (PolKitPolicyFileEntry, 1);
- pfe->refcount = 1;
- pfe->action = g_strdup (action);
-
- pfe->defaults = _libpolkit_policy_default_new (key_file, action, error);
- if (pfe->defaults == NULL)
- goto error;
-
- return pfe;
-error:
- if (pfe != NULL)
- libpolkit_policy_file_entry_unref (pfe);
- return NULL;
-}
-
-/**
- * libpolkit_policy_file_entry_ref:
- * @policy_file_entry: the policy file object
- *
- * Increase reference count.
- *
- * Returns: the object
- **/
-PolKitPolicyFileEntry *
-libpolkit_policy_file_entry_ref (PolKitPolicyFileEntry *policy_file_entry)
-{
- g_return_val_if_fail (policy_file_entry != NULL, policy_file_entry);
- policy_file_entry->refcount++;
- return policy_file_entry;
-}
-
-/**
- * libpolkit_policy_file_entry_unref:
- * @policy_file_entry: the policy file object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-libpolkit_policy_file_entry_unref (PolKitPolicyFileEntry *policy_file_entry)
-{
- g_return_if_fail (policy_file_entry != NULL);
- policy_file_entry->refcount--;
- if (policy_file_entry->refcount > 0)
- return;
- g_free (policy_file_entry->action);
- if (policy_file_entry->defaults != NULL)
- libpolkit_policy_default_unref (policy_file_entry->defaults);
- g_free (policy_file_entry);
-}
-
-/**
- * libpolkit_policy_file_entry_debug:
- * @policy_file_entry: the entry
- *
- * Print debug information about object
- **/
-void
-libpolkit_policy_file_entry_debug (PolKitPolicyFileEntry *policy_file_entry)
-{
- g_return_if_fail (policy_file_entry != NULL);
- _pk_debug ("PolKitPolicyFileEntry: refcount=%d action=%s",
- policy_file_entry->refcount,
- policy_file_entry->action);
- libpolkit_policy_default_debug (policy_file_entry->defaults);
-}
-
-/**
- * libpolkit_policy_file_entry_get_id:
- * @policy_file_entry: the file entry
- *
- * Get the action identifier.
- *
- * Returns: A string - caller shall not free this string.
- **/
-const char *
-libpolkit_policy_file_entry_get_id (PolKitPolicyFileEntry *policy_file_entry)
-{
- g_return_val_if_fail (policy_file_entry != NULL, NULL);
- return policy_file_entry->action;
-}
-
-/**
- * libpolkit_policy_file_entry_get_default:
- * @policy_file_entry: the file entry
- *
- * Get the the default policy for this policy.
- *
- * Returns: A #PolKitPolicyDefault object - caller shall not unref this object.
- **/
-PolKitPolicyDefault *
-libpolkit_policy_file_entry_get_default (PolKitPolicyFileEntry *policy_file_entry)
-{
- g_return_val_if_fail (policy_file_entry != NULL, NULL);
- return policy_file_entry->defaults;
-}
diff --git a/libpolkit/libpolkit-policy-file-entry.h b/libpolkit/libpolkit-policy-file-entry.h
deleted file mode 100644
index f9aeb01..0000000
--- a/libpolkit/libpolkit-policy-file-entry.h
+++ /dev/null
@@ -1,49 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-policy-file-entry.h : entries in policy files
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <libpolkit/libpolkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef LIBPOLKIT_POLICY_FILE_ENTRY_H
-#define LIBPOLKIT_POLICY_FILE_ENTRY_H
-
-#include <libpolkit/libpolkit-result.h>
-#include <libpolkit/libpolkit-policy-default.h>
-
-struct PolKitPolicyFileEntry;
-typedef struct PolKitPolicyFileEntry PolKitPolicyFileEntry;
-
-PolKitPolicyFileEntry *libpolkit_policy_file_entry_ref (PolKitPolicyFileEntry *policy_file_entry);
-void libpolkit_policy_file_entry_unref (PolKitPolicyFileEntry *policy_file_entry);
-void libpolkit_policy_file_entry_debug (PolKitPolicyFileEntry *policy_file_entry);
-
-const char *libpolkit_policy_file_entry_get_id (PolKitPolicyFileEntry *policy_file_entry);
-PolKitPolicyDefault *libpolkit_policy_file_entry_get_default (PolKitPolicyFileEntry *policy_file_entry);
-
-
-#endif /* LIBPOLKIT_POLICY_FILE_ENTRY_H */
-
-
diff --git a/libpolkit/libpolkit-policy-file.c b/libpolkit/libpolkit-policy-file.c
deleted file mode 100644
index 57b6bf8..0000000
--- a/libpolkit/libpolkit-policy-file.c
+++ /dev/null
@@ -1,218 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-policy-file.c : policy files
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <glib.h>
-#include "libpolkit-error.h"
-#include "libpolkit-result.h"
-#include "libpolkit-policy-file.h"
-#include "libpolkit-policy-file-entry.h"
-
-/**
- * SECTION:libpolkit-policy-file
- * @short_description: Policy files.
- *
- * This class is used to represent a policy files.
- **/
-
-/**
- * PolKitPolicyFile:
- *
- * Objects of this class are used to record information about a
- * policy file.
- **/
-struct PolKitPolicyFile
-{
- int refcount;
- GSList *entries;
-};
-
-extern PolKitPolicyFileEntry *_libpolkit_policy_file_entry_new (GKeyFile *keyfile,
- const char *action,
- PolKitError **error);
-
-/**
- * libpolkit_policy_file_new:
- * @path: path to policy file
- * @error: return location for error
- *
- * Create a new #PolKitPolicyFile object. If the file does not
- * validate, a human readable explanation of why will be set in
- * @error.
- *
- * Returns: the new object or #NULL if error is set
- **/
-PolKitPolicyFile *
-libpolkit_policy_file_new (const char *path, PolKitError **error)
-{
- GKeyFile *key_file;
- PolKitPolicyFile *pf;
- char **groups;
- gsize groups_len;
- int n;
- GError *g_error;
-
- pf = NULL;
- key_file = NULL;
- groups = NULL;
-
- if (!g_str_has_suffix (path, ".policy")) {
- polkit_error_set_error (error,
- POLKIT_ERROR_POLICY_FILE_INVALID,
- "Policy files must have extension .policy; file '%s' doesn't", path);
- goto error;
- }
-
- g_error = NULL;
- key_file = g_key_file_new ();
- if (!g_key_file_load_from_file (key_file, path, G_KEY_FILE_NONE, &g_error)) {
- polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID,
- "Cannot load PolicyKit policy file at '%s': %s",
- path,
- g_error->message);
- g_error_free (g_error);
- goto error;
- }
-
- pf = g_new0 (PolKitPolicyFile, 1);
- pf->refcount = 1;
-
- groups = g_key_file_get_groups(key_file, &groups_len);
- if (groups == NULL)
- goto error;
-
- for (n = 0; groups[n] != NULL; n++) {
- const char *action;
- PolKitPolicyFileEntry *pfe;
-
- if (!g_str_has_prefix (groups[n], "Action ")) {
- polkit_error_set_error (error,
- POLKIT_ERROR_POLICY_FILE_INVALID,
- "Unknown group of name '%s'", groups[n]);
- goto error;
- }
-
- action = groups[n] + 7; /* "Action " */
- if (strlen (action) == 0) {
- polkit_error_set_error (error,
- POLKIT_ERROR_POLICY_FILE_INVALID,
- "Zero-length action name");
- goto error;
- }
-
- pfe = _libpolkit_policy_file_entry_new (key_file, action, error);
- if (pfe == NULL)
- goto error;
- pf->entries = g_slist_prepend (pf->entries, pfe);
- }
-
- g_strfreev (groups);
- g_key_file_free (key_file);
- return pf;
-error:
- if (groups != NULL)
- g_strfreev (groups);
- if (key_file != NULL)
- g_key_file_free (key_file);
- if (pf != NULL)
- libpolkit_policy_file_unref (pf);
- return NULL;
-}
-
-/**
- * libpolkit_policy_file_ref:
- * @policy_file: the policy file object
- *
- * Increase reference count.
- *
- * Returns: the object
- **/
-PolKitPolicyFile *
-libpolkit_policy_file_ref (PolKitPolicyFile *policy_file)
-{
- g_return_val_if_fail (policy_file != NULL, policy_file);
- policy_file->refcount++;
- return policy_file;
-}
-
-/**
- * libpolkit_policy_file_unref:
- * @policy_file: the policy file object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-libpolkit_policy_file_unref (PolKitPolicyFile *policy_file)
-{
- GSList *i;
- g_return_if_fail (policy_file != NULL);
- policy_file->refcount--;
- if (policy_file->refcount > 0)
- return;
- for (i = policy_file->entries; i != NULL; i = g_slist_next (i)) {
- libpolkit_policy_file_entry_unref (i->data);
- }
- if (policy_file->entries != NULL)
- g_slist_free (policy_file->entries);
- g_free (policy_file);
-}
-
-/**
- * libpolkit_policy_file_entry_foreach:
- * @policy_file: the policy file object
- * @cb: callback to invoke for each entry
- * @user_data: user data
- *
- * Visits all entries in a policy file.
- **/
-void
-libpolkit_policy_file_entry_foreach (PolKitPolicyFile *policy_file,
- PolKitPolicyFileEntryForeachFunc cb,
- void *user_data)
-{
- GSList *i;
-
- g_return_if_fail (policy_file != NULL);
- g_return_if_fail (cb != NULL);
-
- for (i = policy_file->entries; i != NULL; i = g_slist_next (i)) {
- PolKitPolicyFileEntry *pfe = i->data;
- cb (policy_file, pfe, user_data);
- }
-}
diff --git a/libpolkit/libpolkit-policy-file.h b/libpolkit/libpolkit-policy-file.h
deleted file mode 100644
index cdd9096..0000000
--- a/libpolkit/libpolkit-policy-file.h
+++ /dev/null
@@ -1,60 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-policy-file.h : policy files
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <libpolkit/libpolkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef LIBPOLKIT_POLICY_FILE_H
-#define LIBPOLKIT_POLICY_FILE_H
-
-#include <libpolkit/libpolkit-error.h>
-#include <libpolkit/libpolkit-policy-file-entry.h>
-
-struct PolKitPolicyFile;
-typedef struct PolKitPolicyFile PolKitPolicyFile;
-
-/**
- * PolKitPolicyFileEntryForeachFunc:
- * @policy_file: the policy file
- * @policy_file_entry: the entry
- * @user_data: user data
- *
- * Type for function used in libpolkit_policy_file_entry_foreach().
- **/
-typedef void (*PolKitPolicyFileEntryForeachFunc) (PolKitPolicyFile *policy_file,
- PolKitPolicyFileEntry *policy_file_entry,
- void *user_data);
-
-PolKitPolicyFile *libpolkit_policy_file_new (const char *path, PolKitError **error);
-PolKitPolicyFile *libpolkit_policy_file_ref (PolKitPolicyFile *policy_file);
-void libpolkit_policy_file_unref (PolKitPolicyFile *policy_file);
-void libpolkit_policy_file_entry_foreach (PolKitPolicyFile *policy_file,
- PolKitPolicyFileEntryForeachFunc cb,
- void *user_data);
-
-#endif /* LIBPOLKIT_POLICY_FILE_H */
-
-
diff --git a/libpolkit/libpolkit-resource.c b/libpolkit/libpolkit-resource.c
deleted file mode 100644
index dd68b72..0000000
--- a/libpolkit/libpolkit-resource.c
+++ /dev/null
@@ -1,232 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-resource.c : resources
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <glib.h>
-#include "libpolkit-debug.h"
-#include "libpolkit-resource.h"
-#include "libpolkit-utils.h"
-
-/**
- * SECTION:libpolkit-resource
- * @short_description: Resources.
- *
- * This class is used to represent a resource. TODO: describe what a resource really is.
- **/
-
-/**
- * PolKitResource:
- *
- * Objects of this class are used to record information about a
- * resource. TODO: describe what a resource really is.
- **/
-struct PolKitResource
-{
- int refcount;
- char *type;
- char *id;
-};
-
-/**
- * libpolkit_resource_new:
- *
- * Create a new #PolKitResource object.
- *
- * Returns: the new object
- **/
-PolKitResource *
-libpolkit_resource_new (void)
-{
- PolKitResource *resource;
- resource = g_new0 (PolKitResource, 1);
- resource->refcount = 1;
- return resource;
-}
-
-/**
- * libpolkit_resource_ref:
- * @resource: the resource object
- *
- * Increase reference count
- *
- * Returns: the object
- **/
-PolKitResource *
-libpolkit_resource_ref (PolKitResource *resource)
-{
- g_return_val_if_fail (resource != NULL, resource);
- resource->refcount++;
- return resource;
-}
-
-
-/**
- * libpolkit_resource_unref:
- * @resource: the resource object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-libpolkit_resource_unref (PolKitResource *resource)
-{
- g_return_if_fail (resource != NULL);
-
- resource->refcount--;
- if (resource->refcount > 0)
- return;
-
- g_free (resource->type);
- g_free (resource->id);
- g_free (resource);
-}
-
-
-/**
- * libpolkit_resource_set_resource_type:
- * @resource: the resource object
- * @resource_type: type of resource
- *
- * Set the type of the resource. TODO: link to wtf this is.
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-libpolkit_resource_set_resource_type (PolKitResource *resource, const char *resource_type)
-{
- g_return_val_if_fail (resource != NULL, FALSE);
- g_return_val_if_fail (_pk_validate_identifier (resource_type), FALSE);
- if (resource->type != NULL)
- g_free (resource->type);
- resource->type = g_strdup (resource_type);
- return TRUE;
-}
-
-/**
- * libpolkit_resource_set_resource_id:
- * @resource: the resource object
- * @resource_id: identifier of resource
- *
- * set the identifier of the resource. TODO: link to wtf this is.
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-libpolkit_resource_set_resource_id (PolKitResource *resource, const char *resource_id)
-{
- g_return_val_if_fail (resource != NULL, FALSE);
- g_return_val_if_fail (_pk_validate_identifier (resource_id), FALSE);
- if (resource->id != NULL)
- g_free (resource->id);
- resource->id = g_strdup (resource_id);
- return TRUE;
-}
-
-/**
- * libpolkit_resource_get_resource_type:
- * @resource: the resource object
- * @out_resource_type: Returns the resource type. The caller shall not free this string.
- *
- * Get the type of the resource.
- *
- * Returns: TRUE iff the value was returned.
- **/
-polkit_bool_t
-libpolkit_resource_get_resource_type (PolKitResource *resource, char **out_resource_type)
-{
- g_return_val_if_fail (resource != NULL, FALSE);
- g_return_val_if_fail (out_resource_type != NULL, FALSE);
-
- if (resource->type == NULL)
- return FALSE;
-
- *out_resource_type = resource->type;
- return TRUE;
-}
-
-/**
- * libpolkit_resource_get_resource_id:
- * @resource: the resource object
- * @out_resource_id: Returns the resource identifier. The caller shall not free this string.
- *
- * Get the identifier of the resource
- *
- * Returns: TRUE iff the value was returned.
- **/
-polkit_bool_t
-libpolkit_resource_get_resource_id (PolKitResource *resource, char **out_resource_id)
-{
- g_return_val_if_fail (resource != NULL, FALSE);
- g_return_val_if_fail (out_resource_id != NULL, FALSE);
-
- if (resource->id == NULL)
- return FALSE;
-
- *out_resource_id = resource->id;
- return TRUE;
-}
-
-/**
- * libpolkit_resource_debug:
- * @resource: the object
- *
- * Print debug details
- **/
-void
-libpolkit_resource_debug (PolKitResource *resource)
-{
- g_return_if_fail (resource != NULL);
- _pk_debug ("PolKitResource: refcount=%d type=%s id=%s", resource->refcount, resource->type, resource->id);
-}
-
-/**
- * libpolkit_resource_validate:
- * @resource: the object
- *
- * Validate the object
- *
- * Returns: #TRUE iff the object is valid.
- **/
-polkit_bool_t
-libpolkit_resource_validate (PolKitResource *resource)
-{
- g_return_val_if_fail (resource != NULL, FALSE);
- g_return_val_if_fail (resource->type != NULL, FALSE);
- g_return_val_if_fail (resource->id != NULL, FALSE);
- return TRUE;
-}
diff --git a/libpolkit/libpolkit-resource.h b/libpolkit/libpolkit-resource.h
deleted file mode 100644
index 427b6e7..0000000
--- a/libpolkit/libpolkit-resource.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-resource.h : resources
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <libpolkit/libpolkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef LIBPOLKIT_RESOURCE_H
-#define LIBPOLKIT_RESOURCE_H
-
-#include <libpolkit/libpolkit-types.h>
-
-struct PolKitResource;
-typedef struct PolKitResource PolKitResource;
-
-PolKitResource *libpolkit_resource_new (void);
-PolKitResource *libpolkit_resource_ref (PolKitResource *resource);
-void libpolkit_resource_unref (PolKitResource *resource);
-polkit_bool_t libpolkit_resource_set_resource_type (PolKitResource *resource, const char *resource_type);
-polkit_bool_t libpolkit_resource_set_resource_id (PolKitResource *resource, const char *resource_id);
-polkit_bool_t libpolkit_resource_get_resource_type (PolKitResource *resource, char **out_resource_type);
-polkit_bool_t libpolkit_resource_get_resource_id (PolKitResource *resource, char **out_resource_id);
-
-void libpolkit_resource_debug (PolKitResource *resource);
-
-polkit_bool_t libpolkit_resource_validate (PolKitResource *resource);
-
-#endif /* LIBPOLKIT_RESOURCE_H */
-
-
diff --git a/libpolkit/libpolkit-result.c b/libpolkit/libpolkit-result.c
deleted file mode 100644
index 05d787e..0000000
--- a/libpolkit/libpolkit-result.c
+++ /dev/null
@@ -1,116 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-result.c : result codes from PolicyKit
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-/**
- * SECTION:libpolkit-result
- * @short_description: Result of PolicyKit queries
- *
- * These functions are used to manipulate PolicyKit results.
- **/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <glib.h>
-#include "libpolkit-result.h"
-
-
-static const struct {
- PolKitResult result;
- const char *str;
-} mapping[] =
-{
- {LIBPOLKIT_RESULT_UNKNOWN_ACTION, "unknown"},
- {LIBPOLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW, "not_authorized"},
- {LIBPOLKIT_RESULT_NO, "no"},
- {LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH, "auth_root"},
- {LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_SESSION, "auth_root_keep_session"},
- {LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_ALWAYS, "auth_root_keep_always"},
- {LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH, "auth_self"},
- {LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION, "auth_self_keep_session"},
- {LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS, "auth_self_keep_always"},
- {LIBPOLKIT_RESULT_YES, "yes"},
- {0, NULL}
-};
-
-
-/**
- * libpolkit_result_to_string_representation:
- * @result: the given result to get a textual representation of
- *
- * Gives a textual representation of a #PolKitResult object.
- *
- * Returns: string representing the result (do not free) or #NULL if the given result is invalid
- **/
-const char *
-libpolkit_result_to_string_representation (PolKitResult result)
-{
- if (result < 0 || result >= LIBPOLKIT_RESULT_N_RESULTS) {
- g_warning ("The passed result code, %d, is not valid", result);
- return NULL;
- }
-
- return mapping[result].str;
-}
-
-/**
- * libpolkit_result_from_string_representation:
- * @string: textual representation of a #PolKitResult object
- * @out_result: return location for #PolKitResult
- *
- * Given a textual representation of a #PolKitResult object, find the #PolKitResult value.
- *
- * Returns: TRUE if the textual representation was valid, otherwise FALSE
- **/
-polkit_bool_t
-libpolkit_result_from_string_representation (const char *string, PolKitResult *out_result)
-{
- int n;
-
- g_return_val_if_fail (out_result != NULL, FALSE);
-
- for (n = 0; n < LIBPOLKIT_RESULT_N_RESULTS; n++) {
- if (mapping[n].str == NULL)
- break;
- if (strcmp (mapping[n].str, string) == 0) {
- *out_result = mapping[n].result;
- goto found;
- }
- }
-
- return FALSE;
-found:
- return TRUE;
-}
diff --git a/libpolkit/libpolkit-result.h b/libpolkit/libpolkit-result.h
deleted file mode 100644
index 74da794..0000000
--- a/libpolkit/libpolkit-result.h
+++ /dev/null
@@ -1,84 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-result.h : result codes from PolicyKit
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <libpolkit/libpolkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef LIBPOLKIT_RESULT_H
-#define LIBPOLKIT_RESULT_H
-
-#include <libpolkit/libpolkit-types.h>
-
-/**
- * PolKitResult:
- * @LIBPOLKIT_RESULT_UNKNOWN_ACTION: The passed action is unknown.
- * @LIBPOLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW: The caller of libpolkit is not sufficiently privilege to know the answer.
- * @LIBPOLKIT_RESULT_NO: Access denied.
- * @LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH: Access denied, but authentication of the caller as
- * root will grant access to the resource... but the access isn't permanent
- * @LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_SESSION: Access denied, but authentication of the caller as
- * root will grant access to the resource for the remainder of the session
- * @LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_ALWAYS: Access denied, but authentication of the caller as
- * root will grant access to the resource in the future.
- * @LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH: Access denied, but authentication of the caller as
- * himself will grant access to the resource... but the access isn't permanent
- * @LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION: Access denied, but authentication of the caller as
- * himself will grant access to the resource for the remainder of the session
- * @LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS: Access denied, but authentication of the caller as
- * himself will grant access to the resource in the future.
- * @LIBPOLKIT_RESULT_YES: Access granted.
- * @LIBPOLKIT_RESULT_N_RESULTS: Number of result codes
- *
- * Result codes from queries to PolicyKit. These are ordered and we
- * say that a result A is "more strict" than a result B, if A has a
- * lower numerical value. (e.g. #LIBPOLKIT_RESULT_NO is more strict
- * than #LIBPOLKIT_RESULT_YES).
- */
-typedef enum
-{
- LIBPOLKIT_RESULT_UNKNOWN_ACTION,
- LIBPOLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW,
- LIBPOLKIT_RESULT_NO,
-
- LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH,
- LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_SESSION,
- LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_ALWAYS,
-
- LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH,
- LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION,
- LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS,
-
- LIBPOLKIT_RESULT_YES,
- LIBPOLKIT_RESULT_N_RESULTS
-} PolKitResult;
-
-const char *
-libpolkit_result_to_string_representation (PolKitResult result);
-
-polkit_bool_t
-libpolkit_result_from_string_representation (const char *string, PolKitResult *out_result);
-
-#endif /* LIBPOLKIT_RESULT_H */
diff --git a/libpolkit/libpolkit-seat.c b/libpolkit/libpolkit-seat.c
deleted file mode 100644
index 8a51991..0000000
--- a/libpolkit/libpolkit-seat.c
+++ /dev/null
@@ -1,179 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-seat.c : seat
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <glib.h>
-#include "libpolkit-debug.h"
-#include "libpolkit-seat.h"
-#include "libpolkit-utils.h"
-
-/**
- * SECTION:libpolkit-seat
- * @short_description: Seats.
- *
- * This class is used to represent a seat. TODO: describe seat.
- **/
-
-/**
- * PolKitSeat:
- *
- * Objects of this class are used to record information about a
- * seat.
- **/
-struct PolKitSeat
-{
- int refcount;
- char *ck_objref;
-};
-
-/**
- * libpolkit_seat_new:
- *
- * Creates a new #PolKitSeat object.
- *
- * Returns: the new object
- **/
-PolKitSeat *
-libpolkit_seat_new (void)
-{
- PolKitSeat *seat;
- seat = g_new0 (PolKitSeat, 1);
- seat->refcount = 1;
- return seat;
-}
-
-/**
- * libpolkit_seat_ref:
- * @seat: the seat object
- *
- * Increase reference count.
- *
- * Returns: the object
- **/
-PolKitSeat *
-libpolkit_seat_ref (PolKitSeat *seat)
-{
- g_return_val_if_fail (seat != NULL, seat);
- seat->refcount++;
- return seat;
-}
-
-/**
- * libpolkit_seat_unref:
- * @seat: the seat object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-libpolkit_seat_unref (PolKitSeat *seat)
-{
- g_return_if_fail (seat != NULL);
- seat->refcount--;
- if (seat->refcount > 0)
- return;
- g_free (seat->ck_objref);
- g_free (seat);
-}
-
-/**
- * libpolkit_seat_set_ck_objref:
- * @seat: the seat object
- * @ck_objref: the D-Bus object path to the ConsoleKit seat object
- *
- * Set the D-Bus object path to the ConsoleKit seat object.
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-libpolkit_seat_set_ck_objref (PolKitSeat *seat, const char *ck_objref)
-{
- g_return_val_if_fail (seat != NULL, FALSE);
- g_return_val_if_fail (_pk_validate_identifier (ck_objref), FALSE);
- if (seat->ck_objref != NULL)
- g_free (seat->ck_objref);
- seat->ck_objref = g_strdup (ck_objref);
- return TRUE;
-}
-
-/**
- * libpolkit_seat_get_ck_objref:
- * @seat: the seat object
- * @out_ck_objref: Returns the D-Bus object path to the ConsoleKit seat object. The caller shall not free this string.
- *
- * Get the D-Bus object path to the ConsoleKit seat object.
- *
- * Returns: TRUE iff the value is returned
- **/
-polkit_bool_t
-libpolkit_seat_get_ck_objref (PolKitSeat *seat, char **out_ck_objref)
-{
- g_return_val_if_fail (seat != NULL, FALSE);
- g_return_val_if_fail (out_ck_objref != NULL, FALSE);
- *out_ck_objref = seat->ck_objref;
- return TRUE;
-}
-
-/**
- * libpolkit_seat_debug:
- * @seat: the object
- *
- * Print debug details
- **/
-void
-libpolkit_seat_debug (PolKitSeat *seat)
-{
- g_return_if_fail (seat != NULL);
- _pk_debug ("PolKitSeat: refcount=%d objpath=%s", seat->refcount, seat->ck_objref);
-}
-
-/**
- * libpolkit_seat_validate:
- * @seat: the object
- *
- * Validate the object
- *
- * Returns: #TRUE iff the object is valid.
- **/
-polkit_bool_t
-libpolkit_seat_validate (PolKitSeat *seat)
-{
- g_return_val_if_fail (seat != NULL, FALSE);
- g_return_val_if_fail (seat->ck_objref != NULL, FALSE);
- return TRUE;
-}
diff --git a/libpolkit/libpolkit-seat.h b/libpolkit/libpolkit-seat.h
deleted file mode 100644
index 7de9fe9..0000000
--- a/libpolkit/libpolkit-seat.h
+++ /dev/null
@@ -1,49 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-seat.h : seats
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <libpolkit/libpolkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef LIBPOLKIT_SEAT_H
-#define LIBPOLKIT_SEAT_H
-
-#include <libpolkit/libpolkit-types.h>
-
-struct PolKitSeat;
-typedef struct PolKitSeat PolKitSeat;
-
-PolKitSeat *libpolkit_seat_new (void);
-PolKitSeat *libpolkit_seat_ref (PolKitSeat *seat);
-void libpolkit_seat_unref (PolKitSeat *seat);
-polkit_bool_t libpolkit_seat_set_ck_objref (PolKitSeat *seat, const char *ck_objref);
-polkit_bool_t libpolkit_seat_get_ck_objref (PolKitSeat *seat, char **out_ck_objref);
-
-void libpolkit_seat_debug (PolKitSeat *seat);
-polkit_bool_t libpolkit_seat_validate (PolKitSeat *seat);
-
-#endif /* LIBPOLKIT_SEAT_H */
-
-
diff --git a/libpolkit/libpolkit-session.c b/libpolkit/libpolkit-session.c
deleted file mode 100644
index c93019c..0000000
--- a/libpolkit/libpolkit-session.c
+++ /dev/null
@@ -1,394 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-session.c : sessions
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <glib.h>
-#include "libpolkit-debug.h"
-#include "libpolkit-session.h"
-#include "libpolkit-utils.h"
-
-/**
- * SECTION:libpolkit-session
- * @short_description: Sessions.
- *
- * This class is used to represent a session. TODO: describe session.
- **/
-
-/**
- * PolKitSession:
- *
- * Objects of this class are used to record information about a
- * session.
- **/
-struct PolKitSession
-{
- int refcount;
- uid_t uid;
- PolKitSeat *seat;
- char *ck_objref;
- polkit_bool_t is_active;
- polkit_bool_t is_local;
- char *remote_host;
-};
-
-/**
- * libpolkit_session_new:
- *
- * Creates a new #PolKitSession object.
- *
- * Returns: the new object
- **/
-PolKitSession *
-libpolkit_session_new (void)
-{
- PolKitSession *session;
- session = g_new0 (PolKitSession, 1);
- session->refcount = 1;
- return session;
-}
-
-/**
- * libpolkit_session_ref:
- * @session: The session object
- *
- * Increase reference count.
- *
- * Returns: the object
- **/
-PolKitSession *
-libpolkit_session_ref (PolKitSession *session)
-{
- g_return_val_if_fail (session != NULL, session);
- session->refcount++;
- return session;
-}
-
-
-/**
- * libpolkit_session_unref:
- * @session: The session object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-libpolkit_session_unref (PolKitSession *session)
-{
- g_return_if_fail (session != NULL);
- session->refcount--;
- if (session->refcount > 0)
- return;
- g_free (session->ck_objref);
- g_free (session->remote_host);
- if (session->seat != NULL)
- libpolkit_seat_unref (session->seat);
- g_free (session);
-}
-
-/**
- * libpolkit_session_set_uid:
- * @session: The session object
- * @uid: UNIX user id
- *
- * Set the UNIX user id of the user owning the session.
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-libpolkit_session_set_uid (PolKitSession *session, uid_t uid)
-{
- g_return_val_if_fail (session != NULL, FALSE);
- session->uid = uid;
- return TRUE;
-}
-
-/**
- * libpolkit_session_set_ck_objref:
- * @session: The session object
- * @ck_objref: D-Bus object path
- *
- * Set the D-Bus object path to the ConsoleKit session object.
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-libpolkit_session_set_ck_objref (PolKitSession *session, const char *ck_objref)
-{
- g_return_val_if_fail (session != NULL, FALSE);
- g_return_val_if_fail (_pk_validate_identifier (ck_objref), FALSE);
- if (session->ck_objref != NULL)
- g_free (session->ck_objref);
- session->ck_objref = g_strdup (ck_objref);
- return TRUE;
-}
-
-/**
- * libpolkit_session_set_ck_is_active:
- * @session: The session object
- * @is_active: whether ConsoleKit reports the session as active
- *
- * Set whether ConsoleKit regard the session as active.
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-libpolkit_session_set_ck_is_active (PolKitSession *session, polkit_bool_t is_active)
-{
- g_return_val_if_fail (session != NULL, FALSE);
- session->is_active = is_active;
- return TRUE;
-}
-
-/**
- * libpolkit_session_set_ck_is_local:
- * @session: The session object
- * @is_local: whether ConsoleKit reports the session as local
- *
- * Set whether ConsoleKit regard the session as local.
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-libpolkit_session_set_ck_is_local (PolKitSession *session, polkit_bool_t is_local)
-{
- g_return_val_if_fail (session != NULL, FALSE);
- session->is_local = is_local;
- return TRUE;
-}
-
-/**
- * libpolkit_session_set_ck_remote_host:
- * @session: The session object
- * @remote_host: hostname of the host/display that ConsoleKit reports
- * the session to occur at
- *
- * Set the remote host/display that ConsoleKit reports the session to
- * occur at.
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-libpolkit_session_set_ck_remote_host (PolKitSession *session, const char *remote_host)
-{
- g_return_val_if_fail (session != NULL, FALSE);
- /* TODO: FIXME: probably need to allow a lot more here */
- g_return_val_if_fail (_pk_validate_identifier (remote_host), FALSE);
- if (session->remote_host != NULL)
- g_free (session->remote_host);
- session->remote_host = g_strdup (remote_host);
- return TRUE;
-}
-
-/**
- * libpolkit_session_set_seat:
- * @session: The session object
- * @seat: a #PolKitSeat object
- *
- * Set the seat that the session belongs to. The reference count on
- * the given object will be increased by one. If an existing seat
- * object was set already, the reference count on that one will be
- * decreased by one.
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-libpolkit_session_set_seat (PolKitSession *session, PolKitSeat *seat)
-{
- g_return_val_if_fail (session != NULL, FALSE);
- g_return_val_if_fail (libpolkit_seat_validate (seat), FALSE);
- if (session->seat != NULL)
- libpolkit_seat_unref (session->seat);
- session->seat = seat != NULL ? libpolkit_seat_ref (seat) : NULL;
- return TRUE;
-}
-
-/**
- * libpolkit_session_get_uid:
- * @session: The session object
- * @out_uid: UNIX user id
- *
- * Get the UNIX user id of the user owning the session.
- *
- * Returns: TRUE iff the value is returned
- **/
-polkit_bool_t
-libpolkit_session_get_uid (PolKitSession *session, uid_t *out_uid)
-{
- g_return_val_if_fail (session != NULL, FALSE);
- g_return_val_if_fail (out_uid != NULL, FALSE);
- *out_uid = session->uid;
- return TRUE;
-}
-
-/**
- * libpolkit_session_get_ck_objref:
- * @session: The session object
- * @out_ck_objref: D-Bus object path. Shall not be freed by the caller.
- *
- * Get the D-Bus object path to the ConsoleKit session object.
- *
- * Returns: TRUE iff the value is returned
- **/
-polkit_bool_t
-libpolkit_session_get_ck_objref (PolKitSession *session, char **out_ck_objref)
-{
- g_return_val_if_fail (session != NULL, FALSE);
- g_return_val_if_fail (out_ck_objref != NULL, FALSE);
- *out_ck_objref = session->ck_objref;
- return TRUE;
-}
-
-/**
- * libpolkit_session_get_ck_is_active:
- * @session: The session object
- * @out_is_active: whether ConsoleKit reports the session as active
- *
- * Get whether ConsoleKit regard the session as active.
- *
- * Returns: TRUE iff the value is returned
- **/
-polkit_bool_t
-libpolkit_session_get_ck_is_active (PolKitSession *session, polkit_bool_t *out_is_active)
-{
- g_return_val_if_fail (session != NULL, FALSE);
- g_return_val_if_fail (out_is_active != NULL, FALSE);
- *out_is_active = session->is_active;
- return TRUE;
-}
-
-/**
- * libpolkit_session_get_ck_is_local:
- * @session: The session object
- * @out_is_local: whether ConsoleKit reports the session as local
- *
- * Set whether ConsoleKit regard the session as local.
- *
- * Returns: TRUE iff the value is returned
- **/
-polkit_bool_t
-libpolkit_session_get_ck_is_local (PolKitSession *session, polkit_bool_t *out_is_local)
-{
- g_return_val_if_fail (session != NULL, FALSE);
- g_return_val_if_fail (out_is_local != NULL, FALSE);
- *out_is_local = session->is_local;
- return TRUE;
-}
-
-/**
- * libpolkit_session_get_ck_remote_host:
- * @session: The session object
- * @out_remote_host: hostname of the host/display that ConsoleKit
- * reports the session to occur at. Shall not be freed by the caller.
- *
- * Get the remote host/display that ConsoleKit reports the session to
- * occur at.
- *
- * Returns: TRUE iff the value is returned
- **/
-polkit_bool_t
-libpolkit_session_get_ck_remote_host (PolKitSession *session, char **out_remote_host)
-{
- g_return_val_if_fail (session != NULL, FALSE);
- g_return_val_if_fail (out_remote_host != NULL, FALSE);
- *out_remote_host = session->remote_host;
- return TRUE;
-}
-
-/**
- * libpolkit_session_get_seat:
- * @session: The session object
- * @out_seat: Returns the seat the session belongs to. Shall not
- * be unreffed by the caller.
- *
- * Get the seat that the session belongs to.
- *
- * Returns: TRUE iff the value is returned
- **/
-polkit_bool_t
-libpolkit_session_get_seat (PolKitSession *session, PolKitSeat **out_seat)
-{
- g_return_val_if_fail (session != NULL, FALSE);
- g_return_val_if_fail (out_seat != NULL, FALSE);
- *out_seat = session->seat;
- return TRUE;
-}
-
-/**
- * libpolkit_session_debug:
- * @session: the object
- *
- * Print debug details
- **/
-void
-libpolkit_session_debug (PolKitSession *session)
-{
- g_return_if_fail (session != NULL);
- _pk_debug ("PolKitSession: refcount=%d uid=%d objpath=%s is_active=%d is_local=%d remote_host=%s",
- session->refcount, session->uid,
- session->ck_objref, session->is_active, session->is_local, session->remote_host);
- if (session->seat != NULL)
- libpolkit_seat_debug (session->seat);
-}
-
-
-/**
- * libpolkit_session_validate:
- * @session: the object
- *
- * Validate the object
- *
- * Returns: #TRUE iff the object is valid.
- **/
-polkit_bool_t
-libpolkit_session_validate (PolKitSession *session)
-{
- polkit_bool_t ret;
- g_return_val_if_fail (session != NULL, FALSE);
-
- ret = FALSE;
- if (session->is_local) {
- if (session->remote_host != NULL)
- goto error;
- } else {
- if (session->remote_host == NULL)
- goto error;
- }
- ret = TRUE;
-error:
- return TRUE;
-}
diff --git a/libpolkit/libpolkit-session.h b/libpolkit/libpolkit-session.h
deleted file mode 100644
index 2ee4bda..0000000
--- a/libpolkit/libpolkit-session.h
+++ /dev/null
@@ -1,60 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-session.h : sessions
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <libpolkit/libpolkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef LIBPOLKIT_SESSION_H
-#define LIBPOLKIT_SESSION_H
-
-#include <libpolkit/libpolkit-types.h>
-#include <libpolkit/libpolkit-seat.h>
-
-#include <sys/types.h>
-
-struct PolKitSession;
-typedef struct PolKitSession PolKitSession;
-
-PolKitSession *libpolkit_session_new (void);
-PolKitSession *libpolkit_session_ref (PolKitSession *session);
-void libpolkit_session_unref (PolKitSession *session);
-polkit_bool_t libpolkit_session_set_uid (PolKitSession *session, uid_t uid);
-polkit_bool_t libpolkit_session_set_seat (PolKitSession *session, PolKitSeat *seat);
-polkit_bool_t libpolkit_session_set_ck_objref (PolKitSession *session, const char *ck_objref);
-polkit_bool_t libpolkit_session_set_ck_is_active (PolKitSession *session, polkit_bool_t is_active);
-polkit_bool_t libpolkit_session_set_ck_is_local (PolKitSession *session, polkit_bool_t is_local);
-polkit_bool_t libpolkit_session_set_ck_remote_host (PolKitSession *session, const char *remote_host);
-polkit_bool_t libpolkit_session_get_uid (PolKitSession *session, uid_t *out_uid);
-polkit_bool_t libpolkit_session_get_seat (PolKitSession *session, PolKitSeat **out_seat);
-polkit_bool_t libpolkit_session_get_ck_objref (PolKitSession *session, char **out_ck_objref);
-polkit_bool_t libpolkit_session_get_ck_is_active (PolKitSession *session, polkit_bool_t *out_is_active);
-polkit_bool_t libpolkit_session_get_ck_is_local (PolKitSession *session, polkit_bool_t *out_is_local);
-polkit_bool_t libpolkit_session_get_ck_remote_host (PolKitSession *session, char **out_remote_host);
-
-void libpolkit_session_debug (PolKitSession *session);
-polkit_bool_t libpolkit_session_validate (PolKitSession *session);
-
-#endif /* LIBPOLKIT_SESSION_H */
diff --git a/libpolkit/libpolkit-types.h b/libpolkit/libpolkit-types.h
deleted file mode 100644
index 75b4679..0000000
--- a/libpolkit/libpolkit-types.h
+++ /dev/null
@@ -1,56 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-types.h : fundamental types such as polkit_bool_t
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <libpolkit/libpolkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef LIBPOLKIT_TYPES_H
-#define LIBPOLKIT_TYPES_H
-
-/**
- * SECTION:libpolkit-types
- * @short_description: Basic types.
- *
- * Typedefs for common primitive types.
- **/
-
-/**
- * polkit_bool_t:
- *
- * A boolean, valid values are #TRUE and #FALSE.
- */
-typedef int polkit_bool_t;
-
-#ifndef TRUE
-# define TRUE 1
-#endif
-#ifndef FALSE
-# define FALSE 0
-#endif
-
-#endif /* LIBPOLKIT_TYPES_H */
-
-
diff --git a/libpolkit/libpolkit-utils.c b/libpolkit/libpolkit-utils.c
deleted file mode 100644
index c0aca7d..0000000
--- a/libpolkit/libpolkit-utils.c
+++ /dev/null
@@ -1,153 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-utils.c : internal utilities used in libpolkit
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <sys/time.h>
-#include <time.h>
-#include <glib.h>
-#include <string.h>
-
-#include "libpolkit-utils.h"
-#include "libpolkit-debug.h"
-
-/**
- * SECTION:libpolkit-utils
- * @short_description: Internal utility functions for libpolkit.
- *
- * Internal utility functions for libpolkit.
- **/
-
-/**
- * _pk_validate_identifier:
- * @identifier: the NUL-terminated string to validate
- *
- * Validates strings used for an identifier; PolicyKit conventions
- * state that identifiers must be NUL-terminated ASCII strings less
- * than 256 bytes and only contain the characters "[a-z][A-Z]0-9]._-:/"
- *
- * Returns: #TRUE iff the identifier validates
- **/
-polkit_bool_t
-_pk_validate_identifier (const char *identifier)
-{
- unsigned int n;
- polkit_bool_t ret;
-
- g_return_val_if_fail (identifier != NULL, FALSE);
-
- ret = FALSE;
- for (n = 0; identifier[n] != '\0'; n++) {
- char c = identifier[n];
-
- if (n >= 255) {
- _pk_debug ("identifier too long");
- goto out;
- }
-
- if ((c >= 'a' && c <= 'z') ||
- (c >= 'A' && c <= 'Z') ||
- (c >= '0' && c <= '9') ||
- c == '.' ||
- c == '_' ||
- c == '-' ||
- c == ':' ||
- c == '/')
- continue;
-
- _pk_debug ("invalid character in identifier");
- goto out;
- }
-
- ret = TRUE;
-out:
- return ret;
-}
-
-
-/* Determine wether the given character is valid as a second or later character in a bus name */
-#define VALID_BUS_NAME_CHARACTER(c) \
- ( ((c) >= '0' && (c) <= '9') || \
- ((c) >= 'A' && (c) <= 'Z') || \
- ((c) >= 'a' && (c) <= 'z') || \
- ((c) == '_') || ((c) == '-'))
-
-polkit_bool_t
-_pk_validate_unique_bus_name (const char *unique_bus_name)
-{
- int len;
- const char *s;
- const char *end;
- const char *last_dot;
- polkit_bool_t ret;
-
- ret = FALSE;
-
- if (unique_bus_name == NULL)
- goto error;
-
- len = strlen (unique_bus_name);
- if (len == 0)
- goto error;
-
- end = unique_bus_name + len;
- last_dot = NULL;
-
- s = unique_bus_name;
-
- /* check special cases of first char so it doesn't have to be done
- * in the loop. Note we know len > 0
- */
- if (*s == ':') {
- /* unique name */
- ++s;
- while (s != end) {
- if (*s == '.') {
- if (G_UNLIKELY ((s + 1) == end))
- goto error;
- if (G_UNLIKELY (!VALID_BUS_NAME_CHARACTER (*(s + 1))))
- goto error;
- ++s; /* we just validated the next char, so skip two */
- } else if (G_UNLIKELY (!VALID_BUS_NAME_CHARACTER (*s))) {
- goto error;
- }
- ++s;
- }
- } else {
- goto error;
- }
-
- ret = TRUE;
-
-error:
- if (!ret)
- _pk_debug ("name '%s' did not validate", unique_bus_name);
- return ret;
-}
diff --git a/libpolkit/libpolkit-utils.h b/libpolkit/libpolkit-utils.h
deleted file mode 100644
index 00512c6..0000000
--- a/libpolkit/libpolkit-utils.h
+++ /dev/null
@@ -1,37 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit-utils.h : internal utilities used in libpolkit
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#ifndef LIBPOLKIT_UTILS_H
-#define LIBPOLKIT_UTILS_H
-
-#include <libpolkit/libpolkit-types.h>
-
-polkit_bool_t _pk_validate_identifier (const char *identifier);
-
-polkit_bool_t _pk_validate_unique_bus_name (const char *unique_bus_name);
-
-#endif /* LIBPOLKIT_UTILS_H */
-
-
diff --git a/libpolkit/libpolkit.h b/libpolkit/libpolkit.h
deleted file mode 100644
index 889b00d..0000000
--- a/libpolkit/libpolkit.h
+++ /dev/null
@@ -1,48 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * libpolkit.h : library for querying system-wide policy
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#ifndef LIBPOLKIT_H
-#define LIBPOLKIT_H
-
-#define _POLKIT_INSIDE_POLKIT_H 1
-#include <libpolkit/libpolkit-types.h>
-#include <libpolkit/libpolkit-error.h>
-#include <libpolkit/libpolkit-result.h>
-#include <libpolkit/libpolkit-context.h>
-#include <libpolkit/libpolkit-action.h>
-#include <libpolkit/libpolkit-resource.h>
-#include <libpolkit/libpolkit-seat.h>
-#include <libpolkit/libpolkit-session.h>
-#include <libpolkit/libpolkit-caller.h>
-#include <libpolkit/libpolkit-policy-file-entry.h>
-#include <libpolkit/libpolkit-policy-file.h>
-#include <libpolkit/libpolkit-policy-cache.h>
-#include <libpolkit/libpolkit-policy-default.h>
-#include <libpolkit/libpolkit-module.h>
-#undef _POLKIT_INSIDE_POLKIT_H
-
-#endif /* LIBPOLKIT_H */
-
-
diff --git a/modules/allow-all/Makefile.am b/modules/allow-all/Makefile.am
index a833468..316f3a6 100644
--- a/modules/allow-all/Makefile.am
+++ b/modules/allow-all/Makefile.am
@@ -19,7 +19,7 @@ polkitmodule_LTLIBRARIES = \
polkit_module_allow_all_la_SOURCES = polkit-module-allow-all.c
polkit_module_allow_all_la_LDFLAGS = -no-undefined -module -avoid-version
-polkit_module_allow_all_la_LIBADD = $(top_builddir)/libpolkit/libpolkit.la
+polkit_module_allow_all_la_LIBADD = $(top_builddir)/polkit/libpolkit.la
clean-local :
rm -f *~
diff --git a/modules/allow-all/polkit-module-allow-all.c b/modules/allow-all/polkit-module-allow-all.c
index 3da56c2..0d32478 100644
--- a/modules/allow-all/polkit-module-allow-all.c
+++ b/modules/allow-all/polkit-module-allow-all.c
@@ -28,10 +28,10 @@
#endif
#include <stddef.h>
-#include <libpolkit/libpolkit.h>
+#include <polkit/polkit.h>
-/* The symbol that libpolkit looks up when loading this module */
-polkit_bool_t libpolkit_module_set_functions (PolKitModuleInterface *module_interface);
+/* The symbol that polkit looks up when loading this module */
+polkit_bool_t polkit_module_set_functions (PolKitModuleInterface *module_interface);
static polkit_bool_t
_module_init (PolKitModuleInterface *module_interface, int argc, char *argv[])
@@ -51,7 +51,7 @@ _module_can_session_access_resource (Pol
PolKitResource *resource,
PolKitSession *session)
{
- return LIBPOLKIT_RESULT_YES;
+ return POLKIT_RESULT_YES;
}
static PolKitResult
@@ -61,11 +61,11 @@ _module_can_caller_access_resource (PolK
PolKitResource *resource,
PolKitCaller *caller)
{
- return LIBPOLKIT_RESULT_YES;
+ return POLKIT_RESULT_YES;
}
polkit_bool_t
-libpolkit_module_set_functions (PolKitModuleInterface *module_interface)
+polkit_module_set_functions (PolKitModuleInterface *module_interface)
{
polkit_bool_t ret;
@@ -73,10 +73,10 @@ libpolkit_module_set_functions (PolKitMo
if (module_interface == NULL)
goto out;
- libpolkit_module_set_func_initialize (module_interface, _module_init);
- libpolkit_module_set_func_shutdown (module_interface, _module_shutdown);
- libpolkit_module_set_func_can_session_access_resource (module_interface, _module_can_session_access_resource);
- libpolkit_module_set_func_can_caller_access_resource (module_interface, _module_can_caller_access_resource);
+ polkit_module_set_func_initialize (module_interface, _module_init);
+ polkit_module_set_func_shutdown (module_interface, _module_shutdown);
+ polkit_module_set_func_can_session_access_resource (module_interface, _module_can_session_access_resource);
+ polkit_module_set_func_can_caller_access_resource (module_interface, _module_can_caller_access_resource);
ret = TRUE;
out:
diff --git a/modules/default/Makefile.am b/modules/default/Makefile.am
index 91f49d4..ec20eed 100644
--- a/modules/default/Makefile.am
+++ b/modules/default/Makefile.am
@@ -19,7 +19,7 @@ polkitmodule_LTLIBRARIES = \
polkit_module_default_la_SOURCES = polkit-module-default.c
polkit_module_default_la_LDFLAGS = -no-undefined -module -avoid-version
-polkit_module_default_la_LIBADD = $(top_builddir)/libpolkit/libpolkit.la
+polkit_module_default_la_LIBADD = $(top_builddir)/polkit/libpolkit.la
clean-local :
rm -f *~
diff --git a/modules/default/polkit-module-default.c b/modules/default/polkit-module-default.c
index 86a0635..7b73388 100644
--- a/modules/default/polkit-module-default.c
+++ b/modules/default/polkit-module-default.c
@@ -28,10 +28,10 @@
#endif
#include <stddef.h>
-#include <libpolkit/libpolkit.h>
+#include <polkit/polkit.h>
-/* The symbol that libpolkit looks up when loading this module */
-polkit_bool_t libpolkit_module_set_functions (PolKitModuleInterface *module_interface);
+/* The symbol that polkit looks up when loading this module */
+polkit_bool_t polkit_module_set_functions (PolKitModuleInterface *module_interface);
static polkit_bool_t
_module_init (PolKitModuleInterface *module_interface,
@@ -57,11 +57,11 @@ _module_can_session_access_resource (Pol
PolKitPolicyCache *cache;
PolKitPolicyFileEntry *pfe;
- result = LIBPOLKIT_RESULT_NO;
- cache = libpolkit_context_get_policy_cache (pk_context);
- pfe = libpolkit_policy_cache_get_entry (cache, action);
- return libpolkit_policy_default_can_session_access_resource (
- libpolkit_policy_file_entry_get_default (pfe),
+ result = POLKIT_RESULT_NO;
+ cache = polkit_context_get_policy_cache (pk_context);
+ pfe = polkit_policy_cache_get_entry (cache, action);
+ return polkit_policy_default_can_session_access_resource (
+ polkit_policy_file_entry_get_default (pfe),
action,
resource,
session);
@@ -78,18 +78,18 @@ _module_can_caller_access_resource (PolK
PolKitPolicyCache *cache;
PolKitPolicyFileEntry *pfe;
- result = LIBPOLKIT_RESULT_NO;
- cache = libpolkit_context_get_policy_cache (pk_context);
- pfe = libpolkit_policy_cache_get_entry (cache, action);
- return libpolkit_policy_default_can_caller_access_resource (
- libpolkit_policy_file_entry_get_default (pfe),
+ result = POLKIT_RESULT_NO;
+ cache = polkit_context_get_policy_cache (pk_context);
+ pfe = polkit_policy_cache_get_entry (cache, action);
+ return polkit_policy_default_can_caller_access_resource (
+ polkit_policy_file_entry_get_default (pfe),
action,
resource,
caller);
}
polkit_bool_t
-libpolkit_module_set_functions (PolKitModuleInterface *module_interface)
+polkit_module_set_functions (PolKitModuleInterface *module_interface)
{
polkit_bool_t ret;
@@ -97,10 +97,10 @@ libpolkit_module_set_functions (PolKitMo
if (module_interface == NULL)
goto out;
- libpolkit_module_set_func_initialize (module_interface, _module_init);
- libpolkit_module_set_func_shutdown (module_interface, _module_shutdown);
- libpolkit_module_set_func_can_session_access_resource (module_interface, _module_can_session_access_resource);
- libpolkit_module_set_func_can_caller_access_resource (module_interface, _module_can_caller_access_resource);
+ polkit_module_set_func_initialize (module_interface, _module_init);
+ polkit_module_set_func_shutdown (module_interface, _module_shutdown);
+ polkit_module_set_func_can_session_access_resource (module_interface, _module_can_session_access_resource);
+ polkit_module_set_func_can_caller_access_resource (module_interface, _module_can_caller_access_resource);
ret = TRUE;
out:
diff --git a/modules/deny-all/Makefile.am b/modules/deny-all/Makefile.am
index 345dcf4..732d929 100644
--- a/modules/deny-all/Makefile.am
+++ b/modules/deny-all/Makefile.am
@@ -19,7 +19,7 @@ polkitmodule_LTLIBRARIES = \
polkit_module_deny_all_la_SOURCES = polkit-module-deny-all.c
polkit_module_deny_all_la_LDFLAGS = -no-undefined -module -avoid-version
-polkit_module_deny_all_la_LIBADD = $(top_builddir)/libpolkit/libpolkit.la
+polkit_module_deny_all_la_LIBADD = $(top_builddir)/polkit/libpolkit.la
clean-local :
rm -f *~
diff --git a/modules/deny-all/polkit-module-deny-all.c b/modules/deny-all/polkit-module-deny-all.c
index e2eb517..0306e19 100644
--- a/modules/deny-all/polkit-module-deny-all.c
+++ b/modules/deny-all/polkit-module-deny-all.c
@@ -28,10 +28,10 @@
#endif
#include <stddef.h>
-#include <libpolkit/libpolkit.h>
+#include <polkit/polkit.h>
-/* The symbol that libpolkit looks up when loading this module */
-polkit_bool_t libpolkit_module_set_functions (PolKitModuleInterface *module_interface);
+/* The symbol that polkit looks up when loading this module */
+polkit_bool_t polkit_module_set_functions (PolKitModuleInterface *module_interface);
static polkit_bool_t
_module_init (PolKitModuleInterface *module_interface, int argc, char *argv[])
@@ -51,7 +51,7 @@ _module_can_session_access_resource (Pol
PolKitResource *resource,
PolKitSession *session)
{
- return LIBPOLKIT_RESULT_NO;
+ return POLKIT_RESULT_NO;
}
static PolKitResult
@@ -61,11 +61,11 @@ _module_can_caller_access_resource (PolK
PolKitResource *resource,
PolKitCaller *caller)
{
- return LIBPOLKIT_RESULT_NO;
+ return POLKIT_RESULT_NO;
}
polkit_bool_t
-libpolkit_module_set_functions (PolKitModuleInterface *module_interface)
+polkit_module_set_functions (PolKitModuleInterface *module_interface)
{
polkit_bool_t ret;
@@ -73,10 +73,10 @@ libpolkit_module_set_functions (PolKitMo
if (module_interface == NULL)
goto out;
- libpolkit_module_set_func_initialize (module_interface, _module_init);
- libpolkit_module_set_func_shutdown (module_interface, _module_shutdown);
- libpolkit_module_set_func_can_session_access_resource (module_interface, _module_can_session_access_resource);
- libpolkit_module_set_func_can_caller_access_resource (module_interface, _module_can_caller_access_resource);
+ polkit_module_set_func_initialize (module_interface, _module_init);
+ polkit_module_set_func_shutdown (module_interface, _module_shutdown);
+ polkit_module_set_func_can_session_access_resource (module_interface, _module_can_session_access_resource);
+ polkit_module_set_func_can_caller_access_resource (module_interface, _module_can_caller_access_resource);
ret = TRUE;
out:
diff --git a/modules/grant/Makefile.am b/modules/grant/Makefile.am
index 0b7c5f1..6306ac5 100644
--- a/modules/grant/Makefile.am
+++ b/modules/grant/Makefile.am
@@ -19,7 +19,7 @@ polkitmodule_LTLIBRARIES = \
polkit_module_grant_la_SOURCES = polkit-module-grant.c
polkit_module_grant_la_LDFLAGS = -no-undefined -module -avoid-version
-polkit_module_grant_la_LIBADD = $(top_builddir)/libpolkit/libpolkit.la @GLIB_LIBS@
+polkit_module_grant_la_LIBADD = $(top_builddir)/polkit/libpolkit.la @GLIB_LIBS@
clean-local :
rm -f *~
diff --git a/modules/grant/polkit-module-grant.c b/modules/grant/polkit-module-grant.c
index 15a06c0..d49c5a6 100644
--- a/modules/grant/polkit-module-grant.c
+++ b/modules/grant/polkit-module-grant.c
@@ -31,11 +31,11 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include <libpolkit/libpolkit.h>
+#include <polkit/polkit.h>
#include <glib.h>
-/* The symbol that libpolkit looks up when loading this module */
-polkit_bool_t libpolkit_module_set_functions (PolKitModuleInterface *module_interface);
+/* The symbol that polkit looks up when loading this module */
+polkit_bool_t polkit_module_set_functions (PolKitModuleInterface *module_interface);
static polkit_bool_t
_module_init (PolKitModuleInterface *module_interface, int argc, char *argv[])
@@ -57,7 +57,7 @@ _module_can_session_access_resource (Pol
PolKitResource *resource,
PolKitSession *session)
{
- return LIBPOLKIT_RESULT_UNKNOWN_ACTION;
+ return POLKIT_RESULT_UNKNOWN_ACTION;
}
static PolKitResult
@@ -71,7 +71,7 @@ _module_can_caller_access_resource (PolK
PolKitSession *session;
PolKitResult result;
- result = LIBPOLKIT_RESULT_UNKNOWN_ACTION;
+ result = POLKIT_RESULT_UNKNOWN_ACTION;
/* file format:
*
@@ -101,24 +101,24 @@ _module_can_caller_access_resource (PolK
char *dbus_name;
guint resource_hash;
- if (!libpolkit_action_get_action_id (action, &action_name))
+ if (!polkit_action_get_action_id (action, &action_name))
goto out;
- if (!libpolkit_caller_get_uid (caller, &invoking_user_id))
+ if (!polkit_caller_get_uid (caller, &invoking_user_id))
goto out;
if (resource == NULL)
goto out;
- if (!libpolkit_resource_get_resource_type (resource, &resource_type))
+ if (!polkit_resource_get_resource_type (resource, &resource_type))
goto out;
- if (!libpolkit_resource_get_resource_id (resource, &resource_id))
+ if (!polkit_resource_get_resource_id (resource, &resource_id))
goto out;
session_name = NULL;
- if (!libpolkit_caller_get_ck_session (caller, &session))
+ if (!polkit_caller_get_ck_session (caller, &session))
goto out;
- if (!libpolkit_caller_get_dbus_name (caller, &dbus_name))
+ if (!polkit_caller_get_dbus_name (caller, &dbus_name))
goto out;
- if (!libpolkit_session_get_ck_objref (session, &session_objpath))
+ if (!polkit_session_get_ck_objref (session, &session_objpath))
goto out;
session_name = g_basename (session_objpath);
@@ -129,7 +129,7 @@ _module_can_caller_access_resource (PolK
/* TODO: FIXME: XXX: this format of storing granted privileges needs be redone
*
* this concerns these two files
- * - libpolkit-grant/polkit-grant-helper.c
+ * - polkit-grant/polkit-grant-helper.c
* - modules/grant/polkit-module-grant.c
*/
@@ -145,7 +145,7 @@ _module_can_caller_access_resource (PolK
grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit/dbus_%s_%d_%s_%u.grant",
dbus_name, invoking_user_id, action_name, resource_hash);
if (g_file_test (grant_file, G_FILE_TEST_EXISTS)) {
- result = LIBPOLKIT_RESULT_YES;
+ result = POLKIT_RESULT_YES;
g_free (grant_file);
goto out;
}
@@ -154,7 +154,7 @@ _module_can_caller_access_resource (PolK
grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit/session_%s_%d_%s_%u.grant",
session_name, invoking_user_id, action_name, resource_hash);
if (g_file_test (grant_file, G_FILE_TEST_EXISTS)) {
- result = LIBPOLKIT_RESULT_YES;
+ result = POLKIT_RESULT_YES;
g_free (grant_file);
goto out;
}
@@ -163,7 +163,7 @@ _module_can_caller_access_resource (PolK
grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit/uid_%d_%s_%u.grant",
invoking_user_id, action_name, resource_hash);
if (g_file_test (grant_file, G_FILE_TEST_EXISTS)) {
- result = LIBPOLKIT_RESULT_YES;
+ result = POLKIT_RESULT_YES;
g_free (grant_file);
goto out;
}
@@ -175,7 +175,7 @@ out:
}
polkit_bool_t
-libpolkit_module_set_functions (PolKitModuleInterface *module_interface)
+polkit_module_set_functions (PolKitModuleInterface *module_interface)
{
polkit_bool_t ret;
@@ -183,10 +183,10 @@ libpolkit_module_set_functions (PolKitMo
if (module_interface == NULL)
goto out;
- libpolkit_module_set_func_initialize (module_interface, _module_init);
- libpolkit_module_set_func_shutdown (module_interface, _module_shutdown);
- libpolkit_module_set_func_can_session_access_resource (module_interface, _module_can_session_access_resource);
- libpolkit_module_set_func_can_caller_access_resource (module_interface, _module_can_caller_access_resource);
+ polkit_module_set_func_initialize (module_interface, _module_init);
+ polkit_module_set_func_shutdown (module_interface, _module_shutdown);
+ polkit_module_set_func_can_session_access_resource (module_interface, _module_can_session_access_resource);
+ polkit_module_set_func_can_caller_access_resource (module_interface, _module_can_caller_access_resource);
ret = TRUE;
out:
diff --git a/modules/run-program/Makefile.am b/modules/run-program/Makefile.am
index 057c996..61d1ad5 100644
--- a/modules/run-program/Makefile.am
+++ b/modules/run-program/Makefile.am
@@ -19,7 +19,7 @@ polkitmodule_LTLIBRARIES = \
polkit_module_run_program_la_SOURCES = polkit-module-run-program.c
polkit_module_run_program_la_LDFLAGS = -no-undefined -module -avoid-version
-polkit_module_run_program_la_LIBADD = $(top_builddir)/libpolkit/libpolkit.la @GLIB_LIBS@
+polkit_module_run_program_la_LIBADD = $(top_builddir)/polkit/libpolkit.la @GLIB_LIBS@
clean-local :
rm -f *~
diff --git a/modules/run-program/polkit-module-run-program.c b/modules/run-program/polkit-module-run-program.c
index f0189f7..e08235f 100644
--- a/modules/run-program/polkit-module-run-program.c
+++ b/modules/run-program/polkit-module-run-program.c
@@ -27,11 +27,11 @@
# include <config.h>
#endif
-#include <libpolkit/libpolkit.h>
+#include <polkit/polkit.h>
#include <glib.h>
-/* The symbol that libpolkit looks up when loading this module */
-polkit_bool_t libpolkit_module_set_functions (PolKitModuleInterface *module_interface);
+/* The symbol that polkit looks up when loading this module */
+polkit_bool_t polkit_module_set_functions (PolKitModuleInterface *module_interface);
typedef struct {
int program_argc;
@@ -75,7 +75,7 @@ _module_init (PolKitModuleInterface *mod
if (user_data->program_argv == NULL)
goto error;
- libpolkit_module_set_user_data (module_interface, user_data);
+ polkit_module_set_user_data (module_interface, user_data);
return TRUE;
error:
@@ -89,7 +89,7 @@ static void
_module_shutdown (PolKitModuleInterface *module_interface)
{
UserData *user_data;
- user_data = libpolkit_module_get_user_data (module_interface);
+ user_data = polkit_module_get_user_data (module_interface);
if (user_data != NULL) {
if (user_data->program_argv != NULL)
g_strfreev (user_data->program_argv);
@@ -101,7 +101,7 @@ static polkit_bool_t
_add_action_to_env (PolKitAction *action, GPtrArray *envp)
{
char *p_id;
- if (!libpolkit_action_get_action_id (action, &p_id))
+ if (!polkit_action_get_action_id (action, &p_id))
goto error;
g_ptr_array_add (envp, g_strdup_printf ("POLKIT_ACTION_ID=%s", p_id));
return TRUE;
@@ -114,9 +114,9 @@ _add_resource_to_env (PolKitResource *re
{
char *r_type;
char *r_id;
- if (!libpolkit_resource_get_resource_type (resource, &r_type))
+ if (!polkit_resource_get_resource_type (resource, &r_type))
goto error;
- if (!libpolkit_resource_get_resource_id (resource, &r_id))
+ if (!polkit_resource_get_resource_id (resource, &r_id))
goto error;
g_ptr_array_add (envp, g_strdup_printf ("POLKIT_RESOURCE_TYPE=%s", r_type));
g_ptr_array_add (envp, g_strdup_printf ("POLKIT_RESOURCE_ID=%s", r_id));
@@ -129,7 +129,7 @@ static polkit_bool_t
_add_seat_to_env (PolKitSeat *seat, GPtrArray *envp)
{
char *s_ck_objref;
- if (!libpolkit_seat_get_ck_objref (seat, &s_ck_objref))
+ if (!polkit_seat_get_ck_objref (seat, &s_ck_objref))
goto error;
g_ptr_array_add (envp, g_strdup_printf ("POLKIT_SEAT_CK_OBJREF=%s", s_ck_objref));
return TRUE;
@@ -147,18 +147,18 @@ _add_session_to_env (PolKitSession *sess
char *s_ck_remote_host;
PolKitSeat *s_seat;
- if (!libpolkit_session_get_uid (session, &s_uid))
+ if (!polkit_session_get_uid (session, &s_uid))
goto error;
- if (!libpolkit_session_get_ck_objref (session, &s_ck_objref))
+ if (!polkit_session_get_ck_objref (session, &s_ck_objref))
goto error;
- if (!libpolkit_session_get_ck_is_active (session, &s_ck_is_active))
+ if (!polkit_session_get_ck_is_active (session, &s_ck_is_active))
goto error;
- if (!libpolkit_session_get_ck_is_local (session, &s_ck_is_local))
+ if (!polkit_session_get_ck_is_local (session, &s_ck_is_local))
goto error;
if (!s_ck_is_local)
- if (!libpolkit_session_get_ck_remote_host (session, &s_ck_remote_host))
+ if (!polkit_session_get_ck_remote_host (session, &s_ck_remote_host))
goto error;
- if (!libpolkit_session_get_seat (session, &s_seat))
+ if (!polkit_session_get_seat (session, &s_seat))
goto error;
if (!_add_seat_to_env (s_seat, envp))
@@ -183,15 +183,15 @@ _add_caller_to_env (PolKitCaller *caller
char *c_dbus_name;
PolKitSession *c_session;
- if (!libpolkit_caller_get_uid (caller, &c_uid))
+ if (!polkit_caller_get_uid (caller, &c_uid))
goto error;
- if (!libpolkit_caller_get_pid (caller, &c_pid))
+ if (!polkit_caller_get_pid (caller, &c_pid))
goto error;
- if (!libpolkit_caller_get_dbus_name (caller, &c_dbus_name))
+ if (!polkit_caller_get_dbus_name (caller, &c_dbus_name))
goto error;
- if (!libpolkit_caller_get_selinux_context (caller, &c_selinux_context)) /* SELinux may not be available */
+ if (!polkit_caller_get_selinux_context (caller, &c_selinux_context)) /* SELinux may not be available */
c_selinux_context = NULL;
- if (!libpolkit_caller_get_ck_session (caller, &c_session)) /* Caller may not originate from a session */
+ if (!polkit_caller_get_ck_session (caller, &c_session)) /* Caller may not originate from a session */
c_session = NULL;
if (c_session != NULL)
@@ -244,7 +244,7 @@ _run_program (UserData *user_data, char
;
prog_stdout[n] = '\0';
- if (!libpolkit_result_from_string_representation (prog_stdout, result)) {
+ if (!polkit_result_from_string_representation (prog_stdout, result)) {
g_warning ("malformed result '%s' from program", prog_stdout);
goto error;
}
@@ -268,9 +268,9 @@ _module_can_session_access_resource (Pol
GPtrArray *envp;
envp = NULL;
- result = LIBPOLKIT_RESULT_UNKNOWN_ACTION;
+ result = POLKIT_RESULT_UNKNOWN_ACTION;
- user_data = libpolkit_module_get_user_data (module_interface);
+ user_data = polkit_module_get_user_data (module_interface);
envp = g_ptr_array_new ();
@@ -308,8 +308,8 @@ _module_can_caller_access_resource (PolK
GPtrArray *envp;
envp = NULL;
- result = LIBPOLKIT_RESULT_NO;
- user_data = libpolkit_module_get_user_data (module_interface);
+ result = POLKIT_RESULT_NO;
+ user_data = polkit_module_get_user_data (module_interface);
envp = g_ptr_array_new ();
if (!_add_action_to_env (action, envp))
@@ -334,7 +334,7 @@ error:
}
polkit_bool_t
-libpolkit_module_set_functions (PolKitModuleInterface *module_interface)
+polkit_module_set_functions (PolKitModuleInterface *module_interface)
{
polkit_bool_t ret;
@@ -342,10 +342,10 @@ libpolkit_module_set_functions (PolKitMo
if (module_interface == NULL)
goto out;
- libpolkit_module_set_func_initialize (module_interface, _module_init);
- libpolkit_module_set_func_shutdown (module_interface, _module_shutdown);
- libpolkit_module_set_func_can_session_access_resource (module_interface, _module_can_session_access_resource);
- libpolkit_module_set_func_can_caller_access_resource (module_interface, _module_can_caller_access_resource);
+ polkit_module_set_func_initialize (module_interface, _module_init);
+ polkit_module_set_func_shutdown (module_interface, _module_shutdown);
+ polkit_module_set_func_can_session_access_resource (module_interface, _module_can_session_access_resource);
+ polkit_module_set_func_can_caller_access_resource (module_interface, _module_can_caller_access_resource);
ret = TRUE;
out:
diff --git a/polkit-dbus/Makefile.am b/polkit-dbus/Makefile.am
new file mode 100644
index 0000000..0cee725
--- /dev/null
+++ b/polkit-dbus/Makefile.am
@@ -0,0 +1,31 @@
+## Process this file with automake to produce Makefile.in
+
+INCLUDES = \
+ -I$(top_builddir) -I$(top_srcdir) \
+ -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
+ -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
+ -DPACKAGE_DATA_DIR=\""$(datadir)"\" \
+ -DPACKAGE_BIN_DIR=\""$(bindir)"\" \
+ -DPACKAGE_LOCALSTATEDIR=\""$(localstatedir)"\" \
+ -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \
+ -DPACKAGE_LIB_DIR=\""$(libdir)"\" \
+ -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \
+ @GLIB_CFLAGS@ @DBUS_CFLAGS@
+
+lib_LTLIBRARIES=libpolkit-dbus.la
+
+libpolkit_dbusincludedir=$(includedir)/PolicyKit/polkit-dbus
+
+libpolkit_dbusinclude_HEADERS = \
+ polkit-dbus.h
+
+libpolkit_dbus_la_SOURCES = \
+ polkit-dbus.h polkit-dbus.c
+
+libpolkit_dbus_la_LIBADD = @DBUS_LIBS@ $(top_builddir)/polkit/libpolkit.la
+
+libpolkit_dbus_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
+
+clean-local :
+ rm -f *~ $(BUILT_SOURCES)
+
diff --git a/polkit-dbus/polkit-dbus.c b/polkit-dbus/polkit-dbus.c
new file mode 100644
index 0000000..8609aac
--- /dev/null
+++ b/polkit-dbus/polkit-dbus.c
@@ -0,0 +1,540 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-dbus.h : helper library for obtaining seat, session and
+ * caller information via D-Bus and ConsoleKit
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+/**
+ * SECTION:polkit-dbus
+ * @short_description: Helper library for obtaining seat, session and caller information via D-Bus and ConsoleKit.
+ *
+ * Helper library for obtaining seat, session and caller information
+ * via D-Bus and ConsoleKit.
+ **/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <sys/time.h>
+#include <time.h>
+#include <glib.h>
+#include <string.h>
+
+#include "polkit-dbus.h"
+
+
+/**
+ * polkit_session_new_from_objpath:
+ * @con: D-Bus system bus connection
+ * @objpath: object path of ConsoleKit session object
+ * @uid: the user owning the session or -1 if unknown
+ * @error: D-Bus error
+ *
+ * This function will construct a #PolKitSession object by querying
+ * the ConsoleKit daemon for information. Note that this will do a lot
+ * of blocking IO so it is best avoided if your process already
+ * tracks/caches all the information. If you pass in @uid as a
+ * non-negative number, a round trip can be saved.
+ *
+ * Returns: the new object or #NULL if an error occured (in which case
+ * @error will be set)
+ **/
+PolKitSession *
+polkit_session_new_from_objpath (DBusConnection *con, const char *objpath, uid_t uid, DBusError *error)
+{
+ PolKitSeat *seat;
+ PolKitSession *session;
+ DBusMessage *message;
+ DBusMessage *reply;
+ char *str;
+ dbus_bool_t is_active;
+ dbus_bool_t is_local;
+ char *remote_host;
+ char *seat_path;
+
+ g_return_val_if_fail (con != NULL, NULL);
+ g_return_val_if_fail (objpath != NULL, NULL);
+ g_return_val_if_fail (error != NULL, NULL);
+ g_return_val_if_fail (! dbus_error_is_set (error), NULL);
+
+ session = NULL;
+ remote_host = NULL;
+ seat_path = NULL;
+
+ message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
+ objpath,
+ "org.freedesktop.ConsoleKit.Session",
+ "IsActive");
+ reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
+ if (reply == NULL || dbus_error_is_set (error)) {
+ g_warning ("Error doing Session.IsActive on ConsoleKit: %s: %s", error->name, error->message);
+ dbus_message_unref (message);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ goto out;
+ }
+ if (!dbus_message_get_args (reply, NULL,
+ DBUS_TYPE_BOOLEAN, &is_active,
+ DBUS_TYPE_INVALID)) {
+ g_warning ("Invalid IsActive reply from CK");
+ goto out;
+ }
+ dbus_message_unref (message);
+ dbus_message_unref (reply);
+
+ message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
+ objpath,
+ "org.freedesktop.ConsoleKit.Session",
+ "IsLocal");
+ reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
+ if (reply == NULL || dbus_error_is_set (error)) {
+ g_warning ("Error doing Session.IsLocal on ConsoleKit: %s: %s", error->name, error->message);
+ dbus_message_unref (message);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ goto out;
+ }
+ if (!dbus_message_get_args (reply, NULL,
+ DBUS_TYPE_BOOLEAN, &is_local,
+ DBUS_TYPE_INVALID)) {
+ g_warning ("Invalid IsLocal reply from CK");
+ goto out;
+ }
+ dbus_message_unref (message);
+ dbus_message_unref (reply);
+
+ if (!is_local) {
+ message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
+ objpath,
+ "org.freedesktop.ConsoleKit.Session",
+ "GetRemoteHostName");
+ reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
+ if (reply == NULL || dbus_error_is_set (error)) {
+ g_warning ("Error doing Session.GetRemoteHostName on ConsoleKit: %s: %s",
+ error->name, error->message);
+ dbus_message_unref (message);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ goto out;
+ }
+ if (!dbus_message_get_args (reply, NULL,
+ DBUS_TYPE_STRING, &str,
+ DBUS_TYPE_INVALID)) {
+ g_warning ("Invalid GetRemoteHostName reply from CK");
+ goto out;
+ }
+ remote_host = g_strdup (str);
+ dbus_message_unref (message);
+ dbus_message_unref (reply);
+ }
+
+ message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
+ objpath,
+ "org.freedesktop.ConsoleKit.Session",
+ "GetSeatId");
+ reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
+ if (reply == NULL || dbus_error_is_set (error)) {
+ g_warning ("Error doing Session.GetSeatId on ConsoleKit: %s: %s",
+ error->name, error->message);
+ dbus_message_unref (message);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ goto out;
+ }
+ if (!dbus_message_get_args (reply, NULL,
+ DBUS_TYPE_OBJECT_PATH, &str,
+ DBUS_TYPE_INVALID)) {
+ g_warning ("Invalid GetSeatId reply from CK");
+ goto out;
+ }
+ seat_path = g_strdup (str);
+ dbus_message_unref (message);
+ dbus_message_unref (reply);
+
+ if ((int) uid == -1) {
+ message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
+ objpath,
+ "org.freedesktop.ConsoleKit.Session",
+ "GetUnixUser");
+ reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
+ if (reply == NULL || dbus_error_is_set (error)) {
+ g_warning ("Error doing Session.GetUnixUser on ConsoleKit: %s: %s",error->name, error->message);
+ dbus_message_unref (message);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ goto out;
+ }
+ if (!dbus_message_get_args (reply, NULL,
+ DBUS_TYPE_INT32, &uid,
+ DBUS_TYPE_INVALID)) {
+ g_warning ("Invalid GetUnixUser reply from CK");
+ goto out;
+ }
+ dbus_message_unref (message);
+ dbus_message_unref (reply);
+ }
+
+ session = polkit_session_new ();
+ if (session == NULL) {
+ goto out;
+ }
+ if (!polkit_session_set_ck_objref (session, objpath)) {
+ polkit_session_unref (session);
+ session = NULL;
+ goto out;
+ }
+ if (!polkit_session_set_ck_is_active (session, is_active)) {
+ polkit_session_unref (session);
+ session = NULL;
+ goto out;
+ }
+ if (!polkit_session_set_ck_is_local (session, is_local)) {
+ polkit_session_unref (session);
+ session = NULL;
+ goto out;
+ }
+ if (!is_local) {
+ if (!polkit_session_set_ck_remote_host (session, remote_host)) {
+ polkit_session_unref (session);
+ session = NULL;
+ goto out;
+ }
+
+ }
+
+ seat = polkit_seat_new ();
+ if (seat == NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ goto out;
+ }
+ if (!polkit_seat_set_ck_objref (seat, seat_path)) {
+ polkit_seat_unref (seat);
+ seat = NULL;
+ polkit_session_unref (session);
+ session = NULL;
+ goto out;
+ }
+ if (!polkit_seat_validate (seat)) {
+ polkit_seat_unref (seat);
+ seat = NULL;
+ polkit_session_unref (session);
+ session = NULL;
+ goto out;
+ }
+
+ if (!polkit_session_set_seat (session, seat)) {
+ polkit_seat_unref (seat);
+ seat = NULL;
+ polkit_session_unref (session);
+ session = NULL;
+ goto out;
+ }
+ polkit_seat_unref (seat); /* session object now owns this object */
+ seat = NULL;
+
+ if (!polkit_session_validate (session)) {
+ polkit_session_unref (session);
+ session = NULL;
+ goto out;
+ }
+
+out:
+ g_free (remote_host);
+ g_free (seat_path);
+ return session;
+}
+
+/**
+ * polkit_session_new_from_cookie:
+ * @con: D-Bus system bus connection
+ * @cookie: a ConsoleKit XDG_SESSION_COOKIE
+ * @error: D-Bus error
+ *
+ * This function will construct a #PolKitSession object by querying
+ * the ConsoleKit daemon for information. Note that this will do a lot
+ * of blocking IO so it is best avoided if your process already
+ * tracks/caches all the information.
+ *
+ * Returns: the new object or #NULL if an error occured (in which case
+ * @error will be set)
+ **/
+PolKitSession *
+polkit_session_new_from_cookie (DBusConnection *con, const char *cookie, DBusError *error)
+{
+ PolKitSession *session;
+ DBusMessage *message;
+ DBusMessage *reply;
+ char *str;
+ char *objpath;
+
+ g_return_val_if_fail (con != NULL, NULL);
+ g_return_val_if_fail (cookie != NULL, NULL);
+ g_return_val_if_fail (error != NULL, NULL);
+ g_return_val_if_fail (! dbus_error_is_set (error), NULL);
+
+ objpath = NULL;
+ session = NULL;
+
+ message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
+ "/org/freedesktop/ConsoleKit/Manager",
+ "org.freedesktop.ConsoleKit.Manager",
+ "GetSessionForCookie");
+ dbus_message_append_args (message, DBUS_TYPE_STRING, &cookie, DBUS_TYPE_INVALID);
+ reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
+ if (reply == NULL || dbus_error_is_set (error)) {
+ g_warning ("Error doing Manager.GetSessionForCookie on ConsoleKit: %s: %s",
+ error->name, error->message);
+ dbus_message_unref (message);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ goto out;
+ }
+ if (!dbus_message_get_args (reply, NULL,
+ DBUS_TYPE_OBJECT_PATH, &str,
+ DBUS_TYPE_INVALID)) {
+ g_warning ("Invalid GetSessionForCookie reply from CK");
+ goto out;
+ }
+ objpath = g_strdup (str);
+ dbus_message_unref (message);
+ dbus_message_unref (reply);
+
+ session = polkit_session_new_from_objpath (con, objpath, -1, error);
+
+out:
+ g_free (objpath);
+ return session;
+}
+
+
+/**
+ * polkit_caller_new_from_dbus_name:
+ * @con: D-Bus system bus connection
+ * @dbus_name: unique system bus connection name
+ * @error: D-Bus error
+ *
+ * This function will construct a #PolKitCaller object by querying
+ * both the system bus daemon and the ConsoleKit daemon for
+ * information. Note that this will do a lot of blocking IO so it is
+ * best avoided if your process already tracks/caches all the
+ * information.
+ *
+ * Returns: the new object or #NULL if an error occured (in which case
+ * @error will be set)
+ **/
+PolKitCaller *
+polkit_caller_new_from_dbus_name (DBusConnection *con, const char *dbus_name, DBusError *error)
+{
+ PolKitCaller *caller;
+ pid_t pid;
+ uid_t uid;
+ char *selinux_context;
+ char *ck_session_objpath;
+ PolKitSession *session;
+ DBusMessage *message;
+ DBusMessage *reply;
+ DBusMessageIter iter;
+ DBusMessageIter sub_iter;
+ char *str;
+ int num_elems;
+
+ g_return_val_if_fail (con != NULL, NULL);
+ g_return_val_if_fail (dbus_name != NULL, NULL);
+ g_return_val_if_fail (error != NULL, NULL);
+ g_return_val_if_fail (! dbus_error_is_set (error), NULL);
+
+ selinux_context = NULL;
+ ck_session_objpath = NULL;
+
+ caller = NULL;
+ session = NULL;
+
+ uid = dbus_bus_get_unix_user (con, dbus_name, error);
+ if (uid == ((unsigned long) -1) || dbus_error_is_set (error)) {
+ g_warning ("Could not get uid for connection: %s %s", error->name, error->message);
+ goto out;
+ }
+
+ message = dbus_message_new_method_call ("org.freedesktop.DBus",
+ "/org/freedesktop/DBus/Bus",
+ "org.freedesktop.DBus",
+ "GetConnectionUnixProcessID");
+ dbus_message_iter_init_append (message, &iter);
+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &dbus_name);
+ reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
+ if (reply == NULL || dbus_error_is_set (error)) {
+ g_warning ("Error doing GetConnectionUnixProcessID on Bus: %s: %s", error->name, error->message);
+ dbus_message_unref (message);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ goto out;
+ }
+ dbus_message_iter_init (reply, &iter);
+ dbus_message_iter_get_basic (&iter, &pid);
+ dbus_message_unref (message);
+ dbus_message_unref (reply);
+
+ message = dbus_message_new_method_call ("org.freedesktop.DBus",
+ "/org/freedesktop/DBus/Bus",
+ "org.freedesktop.DBus",
+ "GetConnectionSELinuxSecurityContext");
+ dbus_message_iter_init_append (message, &iter);
+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &dbus_name);
+ reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
+ /* SELinux might not be enabled */
+ if (dbus_error_is_set (error) &&
+ strcmp (error->name, "org.freedesktop.DBus.Error.SELinuxSecurityContextUnknown") == 0) {
+ dbus_message_unref (message);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ dbus_error_init (error);
+ } else if (reply == NULL || dbus_error_is_set (error)) {
+ g_warning ("Error doing GetConnectionSELinuxSecurityContext on Bus: %s: %s", error->name, error->message);
+ dbus_message_unref (message);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ goto out;
+ } else {
+ /* TODO: verify signature */
+ dbus_message_iter_init (reply, &iter);
+ dbus_message_iter_recurse (&iter, &sub_iter);
+ dbus_message_iter_get_fixed_array (&sub_iter, (void *) &str, &num_elems);
+ if (str != NULL && num_elems > 0)
+ selinux_context = g_strndup (str, num_elems);
+ dbus_message_unref (message);
+ dbus_message_unref (reply);
+ }
+
+ message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
+ "/org/freedesktop/ConsoleKit/Manager",
+ "org.freedesktop.ConsoleKit.Manager",
+ "GetSessionForUnixProcess");
+ dbus_message_iter_init_append (message, &iter);
+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_UINT32, &pid);
+ reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
+ if (reply == NULL || dbus_error_is_set (error)) {
+ g_warning ("Error doing GetSessionForUnixProcess on ConsoleKit: %s: %s", error->name, error->message);
+ dbus_message_unref (message);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ /* OK, this is not a catastrophe; just means the caller is not a
+ * member of any session or that ConsoleKit is not available..
+ */
+ goto not_in_session;
+ }
+ dbus_message_iter_init (reply, &iter);
+ dbus_message_iter_get_basic (&iter, &str);
+ ck_session_objpath = g_strdup (str);
+ dbus_message_unref (message);
+ dbus_message_unref (reply);
+
+ session = polkit_session_new_from_objpath (con, ck_session_objpath, uid, error);
+ if (session == NULL) {
+ g_warning ("Got a session objpath but couldn't construct session object!");
+ goto out;
+ }
+ if (!polkit_session_validate (session)) {
+ polkit_session_unref (session);
+ session = NULL;
+ goto out;
+ }
+
+not_in_session:
+
+ caller = polkit_caller_new ();
+ if (caller == NULL) {
+ if (session != NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ }
+ goto out;
+ }
+
+ if (!polkit_caller_set_dbus_name (caller, dbus_name)) {
+ if (session != NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ }
+ polkit_caller_unref (caller);
+ caller = NULL;
+ goto out;
+ }
+ if (!polkit_caller_set_uid (caller, uid)) {
+ if (session != NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ }
+ polkit_caller_unref (caller);
+ caller = NULL;
+ goto out;
+ }
+ if (!polkit_caller_set_pid (caller, pid)) {
+ if (session != NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ }
+ polkit_caller_unref (caller);
+ caller = NULL;
+ goto out;
+ }
+ if (selinux_context != NULL) {
+ if (!polkit_caller_set_selinux_context (caller, selinux_context)) {
+ if (session != NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ }
+ polkit_caller_unref (caller);
+ caller = NULL;
+ goto out;
+ }
+ }
+ if (session != NULL) {
+ if (!polkit_caller_set_ck_session (caller, session)) {
+ if (session != NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ }
+ polkit_caller_unref (caller);
+ caller = NULL;
+ goto out;
+ }
+ polkit_session_unref (session); /* caller object now own this object */
+ session = NULL;
+ }
+
+ if (!polkit_caller_validate (caller)) {
+ polkit_caller_unref (caller);
+ caller = NULL;
+ goto out;
+ }
+
+out:
+ g_free (selinux_context);
+ g_free (ck_session_objpath);
+ return caller;
+}
diff --git a/polkit-dbus/polkit-dbus.h b/polkit-dbus/polkit-dbus.h
new file mode 100644
index 0000000..39c00cb
--- /dev/null
+++ b/polkit-dbus/polkit-dbus.h
@@ -0,0 +1,41 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-dbus.h : helper library for obtaining seat, session and
+ * caller information via D-Bus and ConsoleKit
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#ifndef POLKIT_DBUS_H
+#define POLKIT_DBUS_H
+
+#include <polkit/polkit.h>
+#include <dbus/dbus.h>
+
+PolKitSession *polkit_session_new_from_objpath (DBusConnection *con, const char *objpath, uid_t uid, DBusError *error);
+PolKitSession *polkit_session_new_from_cookie (DBusConnection *con, const char *cookie, DBusError *error);
+
+PolKitCaller *polkit_caller_new_from_dbus_name (DBusConnection *con, const char *dbus_name, DBusError *error);
+
+
+#endif /* POLKIT_DBUS_H */
+
+
diff --git a/polkit-grant/Makefile.am b/polkit-grant/Makefile.am
new file mode 100644
index 0000000..17f07e5
--- /dev/null
+++ b/polkit-grant/Makefile.am
@@ -0,0 +1,54 @@
+## Process this file with automake to produce Makefile.in
+
+INCLUDES = \
+ -I$(top_builddir) -I$(top_srcdir) \
+ -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
+ -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
+ -DPACKAGE_DATA_DIR=\""$(datadir)"\" \
+ -DPACKAGE_BIN_DIR=\""$(bindir)"\" \
+ -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \
+ -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \
+ -DPACKAGE_LIB_DIR=\""$(libdir)"\" \
+ -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \
+ @GLIB_CFLAGS@ @DBUS_CFLAGS@
+
+lib_LTLIBRARIES=libpolkit-grant.la
+
+libpolkit_grantincludedir=$(includedir)/PolicyKit/polkit-grant
+
+libpolkit_grantinclude_HEADERS = \
+ polkit-grant.h
+
+libpolkit_grant_la_SOURCES = \
+ polkit-grant.h polkit-grant.c
+
+libpolkit_grant_la_LIBADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/polkit/libpolkit.la
+
+libpolkit_grant_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
+
+libexec_PROGRAMS = polkit-grant-helper
+
+polkit_grant_helper_SOURCES = polkit-grant-helper.c
+polkit_grant_helper_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ @AUTH_LIBS@ $(top_builddir)/polkit/libpolkit.la $(top_builddir)/polkit-dbus/libpolkit-dbus.la
+
+polkit_grant_alwaysdir = $(localstatedir)/lib/PolicyKit
+dist_polkit_grant_always_DATA =
+
+polkit_grant_sessiondir = $(localstatedir)/run/PolicyKit
+dist_polkit_grant_session_DATA =
+
+
+clean-local :
+ rm -f *~ $(BUILT_SOURCES)
+
+# Hmm.. we could make the directories 750 and require that all mechanisms using
+# libpolkit (e.g. with a need for polkit-module-grant.so to look there) just
+# be part of $(POLKIT_GROUP)...
+#
+install-data-local:
+ -chown :$(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-grant-helper
+ -chmod 2755 $(DESTDIR)$(libexecdir)/polkit-grant-helper
+ -chown $(POLKIT_USER):$(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/lib/PolicyKit
+ -chown $(POLKIT_USER):$(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/run/PolicyKit
+ -chmod 775 $(DESTDIR)$(localstatedir)/lib/PolicyKit
+ -chmod 775 $(DESTDIR)$(localstatedir)/run/PolicyKit
diff --git a/polkit-grant/polkit-grant-helper.c b/polkit-grant/polkit-grant-helper.c
new file mode 100644
index 0000000..8b90107
--- /dev/null
+++ b/polkit-grant/polkit-grant-helper.c
@@ -0,0 +1,514 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-grant-helper.c : setgid grant helper for PolicyKit
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+/* TODO: FIXME: XXX: this code needs security review before it can be released! */
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <security/pam_appl.h>
+#include <grp.h>
+#include <pwd.h>
+
+#include <glib.h>
+
+#include <polkit-dbus/polkit-dbus.h>
+
+static int
+conversation_function (int n,
+ const struct pam_message **msg,
+ struct pam_response **resp,
+ void *data)
+{
+ struct pam_response *aresp;
+ char buf[PAM_MAX_RESP_SIZE];
+ int i;
+
+ data = data;
+ if (n <= 0 || n > PAM_MAX_NUM_MSG)
+ return PAM_CONV_ERR;
+
+ if ((aresp = calloc(n, sizeof *aresp)) == NULL)
+ return PAM_BUF_ERR;
+
+ for (i = 0; i < n; ++i) {
+ aresp[i].resp_retcode = 0;
+ aresp[i].resp = NULL;
+ switch (msg[i]->msg_style) {
+ case PAM_PROMPT_ECHO_OFF:
+ fprintf (stdout, "PAM_PROMPT_ECHO_OFF ");
+ goto conv1;
+ case PAM_PROMPT_ECHO_ON:
+ fprintf (stdout, "PAM_PROMPT_ECHO_ON ");
+ conv1:
+ fputs (msg[i]->msg, stdout);
+ if (strlen (msg[i]->msg) > 0 &&
+ msg[i]->msg[strlen (msg[i]->msg) - 1] != '\n')
+ fputc ('\n', stdout);
+ fflush (stdout);
+
+ if (fgets (buf, sizeof buf, stdin) == NULL)
+ goto error;
+ if (strlen (buf) > 0 &&
+ buf[strlen (buf) - 1] == '\n')
+ buf[strlen (buf) - 1] = '\0';
+
+ aresp[i].resp = strdup (buf);
+ if (aresp[i].resp == NULL)
+ goto error;
+ break;
+
+ case PAM_ERROR_MSG:
+ fprintf (stdout, "PAM_ERROR_MSG ");
+ goto conv2;
+
+ case PAM_TEXT_INFO:
+ fprintf (stdout, "PAM_TEXT_INFO ");
+ conv2:
+ fputs(msg[i]->msg, stdout);
+ if (strlen(msg[i]->msg) > 0 &&
+ msg[i]->msg[strlen (msg[i]->msg) - 1] != '\n')
+ fputc ('\n', stdout);
+
+ fflush (stdout);
+ break;
+ default:
+ goto error;
+ }
+ }
+ *resp = aresp;
+ return PAM_SUCCESS;
+
+error:
+ for (i = 0; i < n; ++i) {
+ if (aresp[i].resp != NULL) {
+ memset (aresp[i].resp, 0, strlen(aresp[i].resp));
+ free (aresp[i].resp);
+ }
+ }
+ memset (aresp, 0, n * sizeof *aresp);
+ *resp = NULL;
+ return PAM_CONV_ERR;
+}
+
+static polkit_bool_t
+do_auth (const char *user_to_auth)
+{
+ struct pam_conv pam_conversation;
+ pam_handle_t *pam_h;
+ const void *authed_user;
+ int rc;
+
+ pam_conversation.conv = conversation_function;
+ pam_conversation.appdata_ptr = NULL;
+
+ /* start the pam stack */
+ rc = pam_start ("polkit",
+ user_to_auth,
+ &pam_conversation,
+ &pam_h);
+ if (rc != PAM_SUCCESS) {
+ fprintf (stderr, "pam_start failed: %s\n", pam_strerror (pam_h, rc));
+ goto error;
+ }
+
+ /* is user really user? */
+ rc = pam_authenticate (pam_h, 0);
+ if (rc != PAM_SUCCESS) {
+ fprintf (stderr, "pam_authenticated failed: %s\n", pam_strerror (pam_h, rc));
+ goto error;
+ }
+
+ /* permitted access? */
+ rc = pam_acct_mgmt (pam_h, 0);
+ if (rc != PAM_SUCCESS) {
+ fprintf (stderr, "pam_acct_mgmt failed: %s\n", pam_strerror (pam_h, rc));
+ goto error;
+ }
+
+ /* did we auth the right user? */
+ rc = pam_get_item (pam_h, PAM_USER, &authed_user);
+ if (rc != PAM_SUCCESS) {
+ fprintf (stderr, "pam_get_item failed: %s\n", pam_strerror (pam_h, rc));
+ goto error;
+ }
+
+ if (strcmp (authed_user, user_to_auth) != 0) {
+ fprintf (stderr, "Tried to auth user '%s' but we got auth for user '%s' instead",
+ user_to_auth, (const char *) authed_user);
+ goto error;
+ }
+
+ return TRUE;
+ /* TODO: we should probably clean up */
+error:
+ return FALSE;
+}
+
+static polkit_bool_t
+verify_with_polkit (const char *dbus_name,
+ const char *action_name,
+ const char *resource_type,
+ const char *resource_name,
+ PolKitResult *result,
+ char **out_session_objpath)
+{
+ PolKitCaller *caller;
+ PolKitSession *session;
+ char *str;
+ DBusConnection *bus;
+ DBusError error;
+ PolKitContext *pol_ctx;
+ PolKitAction *action;
+ PolKitResource *resource;
+
+ dbus_error_init (&error);
+ bus = dbus_bus_get (DBUS_BUS_SYSTEM, &error);
+ if (bus == NULL) {
+ fprintf (stderr, "cannot connect to system bus: %s: %s\n", error.name, error.message);
+ dbus_error_free (&error);
+ goto out;
+ }
+
+ action = polkit_action_new ();
+ polkit_action_set_action_id (action, action_name);
+
+ if (resource_type != NULL && resource_name != NULL) {
+ resource = polkit_resource_new ();
+ polkit_resource_set_resource_type (resource, resource_type);
+ polkit_resource_set_resource_id (resource, resource_name);
+ } else {
+ resource = NULL;
+ }
+
+ caller = polkit_caller_new_from_dbus_name (bus, dbus_name, &error);
+ if (caller == NULL) {
+ fprintf (stderr, "cannot get caller from dbus name\n");
+ goto out;
+ }
+
+ if (!polkit_caller_get_ck_session (caller, &session)) {
+ fprintf (stderr, "caller is not in a session\n");
+ goto out;
+ }
+ if (!polkit_session_get_ck_objref (session, &str)) {
+ fprintf (stderr, "cannot get session ck objpath\n");
+ goto out;
+ }
+ *out_session_objpath = g_strdup (str);
+ if (*out_session_objpath == NULL)
+ goto out;
+
+ //polkit_caller_debug (caller);
+
+ pol_ctx = polkit_context_new ();
+ if (!polkit_context_init (pol_ctx, NULL)) {
+ fprintf (stderr, "cannot init polkit\n");
+ goto out;
+ }
+
+ *result = polkit_context_can_caller_access_resource (pol_ctx, action, resource, caller);
+
+ if (*result != POLKIT_RESULT_ONLY_VIA_ROOT_AUTH &&
+ *result != POLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_SESSION &&
+ *result != POLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_ALWAYS &&
+ *result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH &&
+ *result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION &&
+ *result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS) {
+ fprintf (stderr, "given auth type is bogus\n");
+ goto out;
+ }
+
+ return TRUE;
+ /* TODO: we should probably clean up */
+out:
+ return FALSE;
+}
+
+static polkit_bool_t
+get_and_validate_override_details (PolKitResult *result)
+{
+ char buf[256];
+ PolKitResult desired_result;
+
+ if (fgets (buf, sizeof buf, stdin) == NULL)
+ goto error;
+ if (strlen (buf) > 0 &&
+ buf[strlen (buf) - 1] == '\n')
+ buf[strlen (buf) - 1] = '\0';
+
+ fprintf (stderr, "User said '%s'\n", buf);
+
+ if (!polkit_result_from_string_representation (buf, &desired_result))
+ goto error;
+
+ fprintf (stderr, "Testing for voluntarily downgrade from '%s' to '%s'\n",
+ polkit_result_to_string_representation (*result),
+ polkit_result_to_string_representation (desired_result));
+
+ /* See the huge comment in main() below...
+ *
+ * it comes down to this... users can only choose a more restricted granting type...
+ *
+ */
+ switch (*result) {
+ case POLKIT_RESULT_ONLY_VIA_ROOT_AUTH:
+ if (desired_result != POLKIT_RESULT_ONLY_VIA_ROOT_AUTH)
+ goto error;
+ break;
+ case POLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_SESSION:
+ if (desired_result != POLKIT_RESULT_ONLY_VIA_ROOT_AUTH &&
+ desired_result != POLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_SESSION)
+ goto error;
+ break;
+ case POLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_ALWAYS:
+ if (desired_result != POLKIT_RESULT_ONLY_VIA_ROOT_AUTH &&
+ desired_result != POLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_SESSION &&
+ desired_result != POLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_ALWAYS)
+ goto error;
+ break;
+
+ case POLKIT_RESULT_ONLY_VIA_SELF_AUTH:
+ if (desired_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH)
+ goto error;
+ break;
+ case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION:
+ if (desired_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH &&
+ desired_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION)
+ goto error;
+ break;
+ case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS:
+ if (desired_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH &&
+ desired_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION &&
+ desired_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS)
+ goto error;
+ break;
+
+ default:
+ /* we should never reach this */
+ goto error;
+ }
+
+ if (*result != desired_result) {
+ fprintf (stderr, "Voluntarily downgrading from '%s' to '%s'\n",
+ polkit_result_to_string_representation (*result),
+ polkit_result_to_string_representation (desired_result));
+ }
+
+ *result = desired_result;
+
+ return TRUE;
+error:
+ return FALSE;
+}
+
+/* synopsis: /usr/libexec/polkit-grant-helper <auth-type> <dbus-name> <action-name> <resource-type> <resource-name>
+ *
+ * <dbus-name> : unique name of caller on the system message bus to grant privilege to
+ * <action-name> : the PolicyKit action
+ * <resource-type> : resource-type
+ * <resource-name> : resource-name
+ *
+ * PAM interaction happens via stdin/stdout.
+ *
+ * If auth fails, we exit with code 1.
+ * If input is not valid we exit with code 2.
+ * If any other error occur we exit with code 3
+ * If privilege was grant, we exit code 0.
+ */
+
+int
+main (int argc, char *argv[])
+{
+ int ret;
+ uid_t invoking_user_id;
+ const char *invoking_user_name;
+ const char *dbus_name;
+ const char *action_name;
+ const char *resource_type;
+ const char *resource_name;
+ PolKitResult result;
+ const char *user_to_auth;
+ char *session_objpath;
+ gid_t egid;
+ struct group *group;
+ struct passwd *pw;
+
+ ret = 3;
+
+ if (argc != 5) {
+ fprintf (stderr, "wrong use\n");
+ goto out;
+ }
+
+ /* check user */
+ invoking_user_id = getuid ();
+ if (invoking_user_id == 0) {
+ fprintf (stderr, "it only makes sense to run polkit-grant-helper as non-root\n");
+ goto out;
+ }
+ pw = getpwuid (invoking_user_id);
+ if (pw == NULL) {
+ fprintf (stderr, "cannot lookup passwd info for uid %d\n", invoking_user_id);
+ goto out;
+ }
+ invoking_user_name = strdup (pw->pw_name);
+ if (invoking_user_name == NULL) {
+ fprintf (stderr, "OOM allocating memory for invoking user name\n");
+ goto out;
+ }
+
+ fprintf (stderr, "invoking user '%s'\n", invoking_user_name);
+
+ /* check group */
+ egid = getegid ();
+ group = getgrgid (egid);
+ if (group == NULL) {
+ fprintf (stderr, "cannot lookup group info for gid %d\n", egid);
+ goto out;
+ }
+ if (strcmp (group->gr_name, POLKIT_GROUP) != 0) {
+ fprintf (stderr, "polkit-grant-helper needs to be setgid " POLKIT_GROUP "\n");
+ goto out;
+ }
+
+ fprintf (stderr, "Hello world %d %d %d %d!\n", getuid(), geteuid(), getgid(), getegid());
+
+ /* clear the entire environment to avoid attacks using with libraries honoring environment variables */
+ if (clearenv () != 0)
+ goto out;
+ /* hmm; seems like some library (libdbus) don't like environ==NULL .. TODO: file bug */
+ setenv ("PATH", "/bin:/usr/bin", 1);
+
+ dbus_name = argv[1];
+ action_name = argv[2];
+ resource_type = argv[3];
+ resource_name = argv[4];
+
+ fprintf (stderr, "dbus_name = %s\n", dbus_name);
+ fprintf (stderr, "action_name = %s\n", action_name);
+ fprintf (stderr, "resource_type = %s\n", resource_type);
+ fprintf (stderr, "resource_name = %s\n", resource_name);
+
+ ret = 2;
+
+ /* we don't trust the user one bit...so..
+ *
+ * verify that the given thing to auth for really supports grant by auth in the requested way
+ */
+ if (!verify_with_polkit (dbus_name, action_name, resource_type, resource_name, &result, &session_objpath))
+ goto out;
+
+ /* tell user about the grant details; e.g. whether it's auth_self_keep_always or auth_self etc. */
+ fprintf (stdout, "POLKIT_GRANT_HELPER_TELL_TYPE %s\n", polkit_result_to_string_representation (result));
+ fflush (stdout);
+
+ /* figure out what user to auth */
+ if (result == POLKIT_RESULT_ONLY_VIA_ROOT_AUTH ||
+ result == POLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_SESSION ||
+ result == POLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_ALWAYS) {
+ user_to_auth = "root";
+ } else {
+ user_to_auth = invoking_user_name;
+ }
+
+ /* OK, start auth! */
+ if (!do_auth (user_to_auth))
+ goto out;
+
+ /* ask user if he want to slim down grant type...
+ * e.g. he might want to go from auth_self_keep_always to auth_self_keep_session..
+ *
+ * See docs for the PolKitGrantOverrideGrantType callback type for use cases.
+ */
+ fprintf (stdout, "POLKIT_GRANT_HELPER_ASK_OVERRIDE_GRANT_TYPE %s\n",
+ polkit_result_to_string_representation (result));
+ fflush (stdout);
+
+ if (!get_and_validate_override_details (&result))
+ goto out;
+
+ /* TODO: FIXME: XXX: this format of storing granted privileges needs be redone
+ *
+ * this concerns these two files
+ * - polkit-grant/polkit-grant-helper.c
+ * - modules/grant/polkit-module-grant.c
+ */
+
+ /*
+ * /var/lib/PolicyKit/uid_<uid>_<action>_<resource-hash>.grant
+ * uid_<uid>_<action>.grant
+ *
+ * /var/run/PolicyKit/session_<session>_<uid>_<action>_<resource-hash>.grant
+ * session_<session>_<uid>_<action>.grant
+ * dbus_<dbusname>_<uid>_<action>_<resource-hash>.grant
+ */
+
+ char *grant_file;
+ const char *session_name;
+ char *resource_str_to_hash;
+ guint resource_hash;
+ session_name = g_basename (session_objpath);
+ resource_str_to_hash = g_strdup_printf ("%s:%s", resource_type, resource_name);
+ resource_hash = g_str_hash (resource_str_to_hash);
+ g_free (resource_str_to_hash);
+
+ switch (result) {
+ case POLKIT_RESULT_ONLY_VIA_ROOT_AUTH:
+ case POLKIT_RESULT_ONLY_VIA_SELF_AUTH:
+ grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit/dbus_%s_%d_%s_%u.grant",
+ dbus_name, invoking_user_id, action_name, resource_hash);
+ break;
+
+ case POLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_SESSION:
+ case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION:
+ grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit/session_%s_%d_%s_%u.grant",
+ session_name, invoking_user_id, action_name, resource_hash);
+ break;
+
+ case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS:
+ case POLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_ALWAYS:
+ grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit/uid_%d_%s_%u.grant",
+ invoking_user_id, action_name, resource_hash);
+ break;
+ default:
+ /* should never happen */
+ goto out;
+ }
+
+ umask (~0464);
+ fprintf (stderr, "file is '%s'\n", grant_file);
+ FILE *f = fopen (grant_file, "w");
+ fclose (f);
+
+ ret = 0;
+out:
+ return ret;
+}
diff --git a/polkit-grant/polkit-grant.c b/polkit-grant/polkit-grant.c
new file mode 100644
index 0000000..0197aa9
--- /dev/null
+++ b/polkit-grant/polkit-grant.c
@@ -0,0 +1,465 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-grant.c : library for obtaining privileges
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include <sys/wait.h>
+
+#include <glib.h>
+#include "polkit-grant.h"
+
+/**
+ * SECTION:polkit-grant
+ * @short_description: Obtain privileges through authentication.
+ *
+ * These functions are used to obtain privileges for a user that is
+ * able to successfully authenticate.
+ **/
+
+/**
+ * PolKitGrant:
+ *
+ * Objects of this class are used to obtain privileges for a user that
+ * is able to successfully authenticate.
+ **/
+struct PolKitGrant
+{
+ int refcount;
+
+ PolKitGrantAddIOWatch func_add_io_watch;
+ PolKitGrantAddChildWatch func_add_child_watch;
+ PolKitGrantRemoveWatch func_remove_watch;
+ PolKitGrantType func_type;
+ PolKitGrantConversationPromptEchoOff func_prompt_echo_off;
+ PolKitGrantConversationPromptEchoOn func_prompt_echo_on;
+ PolKitGrantConversationErrorMessage func_error_message;
+ PolKitGrantConversationTextInfo func_text_info;
+ PolKitGrantOverrideGrantType func_override_grant_type;
+ PolKitGrantDone func_done;
+ void *user_data;
+
+ int child_stdin;
+ int child_stdout;
+ GPid child_pid;
+ FILE *child_stdout_f;
+
+ int child_watch_id;
+ int io_watch_id;
+
+ gboolean success;
+ gboolean auth_in_progress;
+};
+
+/**
+ * polkit_grant_new:
+ * @void:
+ *
+ * Creates a #PolKitGrant object.
+ *
+ * Returns: the new object or #NULL on error.
+ **/
+PolKitGrant *
+polkit_grant_new (void)
+{
+ PolKitGrant *polkit_grant;
+ polkit_grant = g_new0 (PolKitGrant, 1);
+ polkit_grant->refcount = 1;
+ return polkit_grant;
+}
+
+/**
+ * polkit_grant_ref:
+ * @polkit_grant: the object
+ *
+ * Increase reference count.
+ *
+ * Returns: the object.
+ **/
+PolKitGrant *
+polkit_grant_ref (PolKitGrant *polkit_grant)
+{
+ g_return_val_if_fail (polkit_grant != NULL, NULL);
+
+ polkit_grant->refcount++;
+ return polkit_grant;
+}
+
+/**
+ * polkit_grant_unref:
+ * @polkit_grant: the object
+ *
+ * Decreases the reference count of the object. If it becomes zero,
+ * the object is freed. Before freeing, reference counts on embedded
+ * objects are decresed by one.
+ **/
+void
+polkit_grant_unref (PolKitGrant *polkit_grant)
+{
+ g_return_if_fail (polkit_grant != NULL);
+
+ polkit_grant->refcount--;
+ if (polkit_grant->refcount > 0)
+ return;
+
+ if (polkit_grant->io_watch_id > 0) {
+ polkit_grant->func_remove_watch (polkit_grant, polkit_grant->io_watch_id);
+ }
+ if (polkit_grant->child_watch_id > 0) {
+ polkit_grant->func_remove_watch (polkit_grant, polkit_grant->child_watch_id);
+ }
+ if (polkit_grant->child_pid > 0) {
+ kill (polkit_grant->child_pid, SIGTERM);
+ }
+ if (polkit_grant->child_stdout_f != NULL) {
+ fclose (polkit_grant->child_stdout_f);
+ }
+ if (polkit_grant->child_stdout >= 0) {
+ close (polkit_grant->child_stdout);
+ }
+ if (polkit_grant->child_stdin >= 0) {
+ close (polkit_grant->child_stdin);
+ }
+
+ g_free (polkit_grant);
+}
+
+/**
+ * polkit_grant_set_functions:
+ * @polkit_grant: the object
+ * @func_add_io_watch: Callback function
+ * @func_add_child_watch: Callback function
+ * @func_remove_watch: Callback function
+ * @func_type: Callback function
+ * @func_prompt_echo_off: Callback function
+ * @func_prompt_echo_on: Callback function
+ * @func_error_message: Callback function
+ * @func_text_info: Callback function
+ * @func_override_grant_type: Callback function
+ * @func_done: Callback function
+ * @user_data: User data that will be passed to the callback functions.
+ *
+ * Set callback functions used for authentication.
+ **/
+void
+polkit_grant_set_functions (PolKitGrant *polkit_grant,
+ PolKitGrantAddIOWatch func_add_io_watch,
+ PolKitGrantAddChildWatch func_add_child_watch,
+ PolKitGrantRemoveWatch func_remove_watch,
+ PolKitGrantType func_type,
+ PolKitGrantConversationPromptEchoOff func_prompt_echo_off,
+ PolKitGrantConversationPromptEchoOn func_prompt_echo_on,
+ PolKitGrantConversationErrorMessage func_error_message,
+ PolKitGrantConversationTextInfo func_text_info,
+ PolKitGrantOverrideGrantType func_override_grant_type,
+ PolKitGrantDone func_done,
+ void *user_data)
+{
+ g_return_if_fail (polkit_grant != NULL);
+ g_return_if_fail (func_add_io_watch != NULL);
+ g_return_if_fail (func_add_child_watch != NULL);
+ g_return_if_fail (func_remove_watch != NULL);
+ g_return_if_fail (func_type != NULL);
+ g_return_if_fail (func_prompt_echo_off != NULL);
+ g_return_if_fail (func_prompt_echo_on != NULL);
+ g_return_if_fail (func_error_message != NULL);
+ g_return_if_fail (func_text_info != NULL);
+ g_return_if_fail (func_override_grant_type != NULL);
+ polkit_grant->func_add_io_watch = func_add_io_watch;
+ polkit_grant->func_add_child_watch = func_add_child_watch;
+ polkit_grant->func_remove_watch = func_remove_watch;
+ polkit_grant->func_type = func_type;
+ polkit_grant->func_prompt_echo_off = func_prompt_echo_off;
+ polkit_grant->func_prompt_echo_on = func_prompt_echo_on;
+ polkit_grant->func_error_message = func_error_message;
+ polkit_grant->func_text_info = func_text_info;
+ polkit_grant->func_override_grant_type = func_override_grant_type;
+ polkit_grant->func_done = func_done;
+ polkit_grant->user_data = user_data;
+}
+
+
+/**
+ * polkit_grant_child_func:
+ * @polkit_grant: the object
+ * @pid: pid of the child
+ * @exit_code: exit code of the child
+ *
+ * Method that the application must call when a child process
+ * registered with the supplied function of type
+ * #PolKitGrantAddChildWatch terminates.
+ **/
+void
+polkit_grant_child_func (PolKitGrant *polkit_grant, pid_t pid, int exit_code)
+{
+ g_return_if_fail (polkit_grant != NULL);
+ g_return_if_fail (polkit_grant->auth_in_progress);
+
+ polkit_grant->success = (exit_code == 0);
+ polkit_grant->func_done (polkit_grant, polkit_grant->success, polkit_grant->user_data);
+}
+
+
+/**
+ * polkit_grant_io_func:
+ * @polkit_grant: the object
+ * @fd: the file descriptor passed to the supplied function of type #PolKitGrantAddIOWatch.
+ *
+ * Method that the application must call when there is data to read
+ * from a file descriptor registered with the supplied function of
+ * type #PolKitGrantAddIOWatch.
+ **/
+void
+polkit_grant_io_func (PolKitGrant *polkit_grant, int fd)
+{
+ char *line = NULL;
+ size_t line_len = 0;
+ char *id;
+ size_t id_len;
+ char *response;
+
+ g_return_if_fail (polkit_grant != NULL);
+ g_return_if_fail (polkit_grant->auth_in_progress);
+
+ while (getline (&line, &line_len, polkit_grant->child_stdout_f) != -1) {
+ if (strlen (line) > 0 &&
+ line[strlen (line) - 1] == '\n')
+ line[strlen (line) - 1] = '\0';
+
+ //printf ("from child '%s'\n", line);
+
+ response = NULL;
+
+ id = "PAM_PROMPT_ECHO_OFF ";
+ if (g_str_has_prefix (line, id)) {
+ id_len = strlen (id);
+ response = polkit_grant->func_prompt_echo_off (polkit_grant,
+ line + id_len,
+ polkit_grant->user_data);
+ goto processed;
+ }
+
+ id = "PAM_PROMPT_ECHO_ON ";
+ if (g_str_has_prefix (line, id)) {
+ id_len = strlen (id);
+ response = polkit_grant->func_prompt_echo_on (polkit_grant,
+ line + id_len,
+ polkit_grant->user_data);
+ goto processed;
+ }
+
+ id = "PAM_ERROR_MSG ";
+ if (g_str_has_prefix (line, id)) {
+ id_len = strlen (id);
+ polkit_grant->func_error_message (polkit_grant,
+ line + id_len,
+ polkit_grant->user_data);
+ goto processed;
+ }
+
+ id = "PAM_TEXT_INFO ";
+ if (g_str_has_prefix (line, id)) {
+ id_len = strlen (id);
+ polkit_grant->func_text_info (polkit_grant,
+ line + id_len,
+ polkit_grant->user_data);
+ goto processed;
+ }
+
+ id = "POLKIT_GRANT_HELPER_TELL_TYPE ";
+ if (g_str_has_prefix (line, id)) {
+ PolKitResult result;
+ id_len = strlen (id);
+ if (!polkit_result_from_string_representation (line + id_len, &result)) {
+ /* TODO: danger will robinson */
+ }
+ polkit_grant->func_type (polkit_grant,
+ result,
+ polkit_grant->user_data);
+ goto processed;
+ }
+
+ id = "POLKIT_GRANT_HELPER_ASK_OVERRIDE_GRANT_TYPE ";
+ if (g_str_has_prefix (line, id)) {
+ PolKitResult override;
+ PolKitResult result;
+ id_len = strlen (id);
+ if (!polkit_result_from_string_representation (line + id_len, &result)) {
+ /* TODO: danger will robinson */
+ }
+ override = polkit_grant->func_override_grant_type (polkit_grant,
+ result,
+ polkit_grant->user_data);
+ response = g_strdup (polkit_result_to_string_representation (override));
+ goto processed;
+ }
+
+ processed:
+ if (response != NULL) {
+ /* add a newline if there isn't one already... */
+ if (response[strlen (response) - 1] != '\n') {
+ char *old = response;
+ response = g_strdup_printf ("%s\n", response);
+ g_free (old);
+ }
+ write (polkit_grant->child_stdin, response, strlen (response));
+ free (response);
+ }
+ }
+
+ if (line != NULL)
+ free (line);
+}
+
+/**
+ * polkit_grant_cancel_auth:
+ * @polkit_grant: the object
+ *
+ * Cancel an authentication in progress
+ **/
+void
+polkit_grant_cancel_auth (PolKitGrant *polkit_grant)
+{
+ GPid pid;
+ g_return_if_fail (polkit_grant != NULL);
+ g_return_if_fail (polkit_grant->auth_in_progress);
+
+ pid = polkit_grant->child_pid;
+ polkit_grant->child_pid = 0;
+ kill (pid, SIGTERM);
+ polkit_grant->func_done (polkit_grant, FALSE, polkit_grant->user_data);
+}
+
+/**
+ * polkit_grant_initiate_auth:
+ * @polkit_grant: the object
+ * @action: Action requested by caller
+ * @resource: Resource in question
+ * @caller: Caller in question
+ *
+ * Initiate authentication to obtain the privilege for the given
+ * @caller to perform the specified @action on the given
+ * @resource. The caller of this method must have setup callback
+ * functions using the method polkit_grant_set_functions() prior to
+ * calling this method.
+ *
+ * Implementation-wise, this class uses a secure (e.g. as in that it
+ * checks all information and fundamenally don't trust the caller;
+ * e.g. the #PolKitGrant class) setgid helper that does all the heavy
+ * lifting.
+ *
+ * The caller of this method must iterate the mainloop context in
+ * order for authentication to make progress.
+ *
+ * Returns: #TRUE only if authentication have been initiated.
+ **/
+polkit_bool_t
+polkit_grant_initiate_auth (PolKitGrant *polkit_grant,
+ PolKitAction *action,
+ PolKitResource *resource,
+ PolKitCaller *caller)
+{
+ char *dbus_name;
+ char *action_id;
+ char *resource_type;
+ char *resource_id;
+ GError *g_error;
+ const char *helper_argv[6];
+
+ g_return_val_if_fail (polkit_grant != NULL, FALSE);
+ /* check that callback functions have been properly set up */
+ g_return_val_if_fail (polkit_grant->func_done != NULL, FALSE);
+
+ if (!polkit_caller_get_dbus_name (caller, &dbus_name))
+ goto error;
+
+ if (!polkit_action_get_action_id (action, &action_id))
+ goto error;
+
+ if (!polkit_resource_get_resource_type (resource, &resource_type))
+ goto error;
+
+ if (!polkit_resource_get_resource_id (resource, &resource_id))
+ goto error;
+
+ /* TODO: verify incoming args */
+
+ //helper_argv[0] = "/home/davidz/Hacking/PolicyKit/polkit-grant/.libs/polkit-grant-helper";
+ helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-grant-helper";
+ helper_argv[1] = dbus_name;
+ helper_argv[2] = action_id;
+ helper_argv[3] = resource_type;
+ helper_argv[4] = resource_id;
+ helper_argv[5] = NULL;
+
+ polkit_grant->child_stdin = -1;
+ polkit_grant->child_stdout = -1;
+
+ g_error = NULL;
+ if (!g_spawn_async_with_pipes (NULL,
+ (char **) helper_argv,
+ NULL,
+ G_SPAWN_DO_NOT_REAP_CHILD |
+ 0,//G_SPAWN_STDERR_TO_DEV_NULL,
+ NULL,
+ NULL,
+ &polkit_grant->child_pid,
+ &polkit_grant->child_stdin,
+ &polkit_grant->child_stdout,
+ NULL,
+ &g_error)) {
+ fprintf (stderr, "Cannot spawn helper: %s.\n", g_error->message);
+ g_error_free (g_error);
+ goto error;
+ }
+
+ polkit_grant->child_watch_id = polkit_grant->func_add_child_watch (polkit_grant, polkit_grant->child_pid);
+ if (polkit_grant->child_watch_id == 0)
+ goto error;
+
+ polkit_grant->io_watch_id = polkit_grant->func_add_io_watch (polkit_grant, polkit_grant->child_stdout);
+ if (polkit_grant->io_watch_id == 0)
+ goto error;
+
+ /* so we can use getline... */
+ polkit_grant->child_stdout_f = fdopen (polkit_grant->child_stdout, "r");
+ if (polkit_grant->child_stdout_f == NULL)
+ goto error;
+
+ polkit_grant->success = FALSE;
+
+ polkit_grant->auth_in_progress = TRUE;
+
+ return TRUE;
+error:
+ return FALSE;
+}
diff --git a/polkit-grant/polkit-grant.h b/polkit-grant/polkit-grant.h
new file mode 100644
index 0000000..0339f3d
--- /dev/null
+++ b/polkit-grant/polkit-grant.h
@@ -0,0 +1,344 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-grant.h : library for obtaining privileges
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#ifndef POLKIT_GRANT_H
+#define POLKIT_GRANT_H
+
+#include <polkit/polkit.h>
+
+struct PolKitGrant;
+typedef struct PolKitGrant PolKitGrant;
+
+/**
+ * PolKitGrantType:
+ * @polkit_grant: the grant object
+ * @grant_type: the current type of what privilege to obtain
+ * @user_data: user data pointed as passed into polkit_grant_set_functions()
+ *
+ * Type for callback function that describes to what extent the
+ * privilege can be obtained; e.g. whether the user can keep it
+ * (e.g. forever, for the session or not keep it at all).
+ *
+ * See also #PolKitGrantOverrideGrantType for discussion on the type
+ * of user interfaces one should put up depending on the value of
+ * @grant_type.
+ **/
+typedef void (*PolKitGrantType) (PolKitGrant *polkit_grant,
+ PolKitResult grant_type,
+ void *user_data);
+
+/**
+ * PolKitGrantConversationPromptEchoOff:
+ * @polkit_grant: the grant object
+ * @prompt: prompt passed by the authentication layer; do not free this string
+ * @user_data: user data pointed as passed into polkit_grant_set_functions()
+ *
+ * Type for callback function that is invoked when the authentication
+ * layer needs to ask the user a secret and the UI should NOT echo what
+ * the user types on the screen.
+ *
+ * Returns: the answer obtained from the user; must be allocated with
+ * malloc(3) and will be freed by the #PolKitGrant class.
+ **/
+typedef char* (*PolKitGrantConversationPromptEchoOff) (PolKitGrant *polkit_grant,
+ const char *prompt,
+ void *user_data);
+
+/**
+ * PolKitGrantConversationPromptEchoOn:
+ * @polkit_grant: the grant object
+ * @prompt: prompt passed by the authentication layer; do not free this string
+ * @user_data: user data pointed as passed into polkit_grant_set_functions()
+ *
+ * Type for callback function that is invoked when the authentication
+ * layer needs to ask the user a secret and the UI should echo what
+ * the user types on the screen.
+ *
+ * Returns: the answer obtained from the user; must be allocated with
+ * malloc(3) and will be freed by the #PolKitGrant class.
+ **/
+typedef char* (*PolKitGrantConversationPromptEchoOn) (PolKitGrant *polkit_grant,
+ const char *prompt,
+ void *user_data);
+
+/**
+ * PolKitGrantConversationErrorMessage:
+ * @polkit_grant: the grant object
+ * @error_message: error message passed by the authentication layer; do not free this string
+ * @user_data: user data pointed as passed into polkit_grant_set_functions()
+ *
+ * Type for callback function that is invoked when the authentication
+ * layer produces an error message that should be displayed in the UI.
+ **/
+typedef void (*PolKitGrantConversationErrorMessage) (PolKitGrant *polkit_grant,
+ const char *error_message,
+ void *user_data);
+
+/**
+ * PolKitGrantConversationTextInfo:
+ * @polkit_grant: the grant object
+ * @text_info: information passed by the authentication layer; do not free this string
+ * @user_data: user data pointed as passed into polkit_grant_set_functions()
+ *
+ * Type for callback function that is invoked when the authentication
+ * layer produces an informational message that should be displayed in
+ * the UI.
+ **/
+typedef void (*PolKitGrantConversationTextInfo) (PolKitGrant *polkit_grant,
+ const char *text_info,
+ void *user_data);
+
+/**
+ * PolKitGrantOverrideGrantType:
+ * @polkit_grant: the grant object
+ * @grant_type: the current type of what privilege to obtain; this is
+ * the same value as passed to the callback of type #PolKitGrantType.
+ * @user_data: user data pointed as passed into polkit_grant_set_functions()
+ *
+ * Type for callback function that enables the UI to request a lesser
+ * privilege than is obtainable. This callback is invoked when the
+ * user have successfully authenticated but before the privilege is
+ * granted.
+ *
+ * Basically, this callback enables a program to provide an user
+ * interface like this:
+ *
+ * <programlisting>
+ * +------------------------------------------------------------+
+ * | You need to authenticate to access the volume 'Frobnicator |
+ * | Adventures Vol 2' |
+ * | |
+ * | Password: [_________________] |
+ * | |
+ * [ [x] Remember this decision |
+ * | [ ] for this session |
+ * | [*] for this and future sessions |
+ * | |
+ * | [Cancel] [Authenticate] |
+ * +------------------------------------------------------------+
+ * </programlisting>
+ *
+ * This dialog assumes that @grant_type passed was
+ * #POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS. By ticking the
+ * check boxes in the dialog, the user can override this to either
+ * #POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION or
+ * #POLKIT_RESULT_ONLY_VIA_SELF_AUTH. Thus, the user can
+ * voluntarily choose to obtain a lesser privilege.
+ *
+ * Another example, would be that the @grant_type passed was
+ * #POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION. Then the dialog
+ * should look like this:
+ *
+ * <programlisting>
+ * +------------------------------------------------------------+
+ * | You need to authenticate to access the volume 'Frobnicator |
+ * | Adventures Vol 2' |
+ * | |
+ * | Password: [_________________] |
+ * | |
+ * [ [x] Remember this decision for the rest of the session |
+ * | |
+ * | [Cancel] [Authenticate] |
+ * +------------------------------------------------------------+
+ * </programlisting>
+ *
+ * Finally, if the @grant_type value passed is
+ * e.g. #POLKIT_RESULT_ONLY_VIA_SELF_AUTH, there are no options to
+ * click.:
+ *
+ * <programlisting>
+ * +------------------------------------------------------------+
+ * | You need to authenticate to access the volume 'Frobnicator |
+ * | Adventures Vol 2' |
+ * | |
+ * | Password: [_________________] |
+ * | |
+ * | [Cancel] [Authenticate] |
+ * +------------------------------------------------------------+
+ * </programlisting>
+ *
+ * Of course, these examples also applies to
+ * #POLKIT_RESULT_ONLY_VIA_ROOT_AUTH and friends.
+ *
+ * Returns: the desired type of what privilege to obtain; note that it
+ * won't work asking for more privileges than what @grant_type
+ * specifies; the passed value is properly checked in the secure
+ * setgid granting helper mentioned in
+ * polkit_grant_initiate_auth().
+ **/
+typedef PolKitResult (*PolKitGrantOverrideGrantType) (PolKitGrant *polkit_grant,
+ PolKitResult grant_type,
+ void *user_data);
+
+/**
+ * PolKitGrantDone:
+ * @polkit_grant: the grant object
+ * @gained_privilege: whether the privilege was obtained
+ * @user_data: user data pointed as passed into polkit_grant_set_functions()
+ *
+ * This function is called when the granting process ends; either if
+ * successful or if it was canceled using
+ * e.g. polkit_grant_cancel_auth().
+ **/
+typedef void (*PolKitGrantDone) (PolKitGrant *polkit_grant,
+ polkit_bool_t gained_privilege,
+ void *user_data);
+
+/**
+ * PolKitGrantAddChildWatch:
+ * @polkit_grant: the grant object
+ * @pid: the child pid to watch
+ *
+ * Type for function supplied by the application to integrate a watch
+ * on a child process into the applications main loop. The
+ * application must call polkit_grant_child_func() when the
+ * child dies
+ *
+ * For glib mainloop, the function will typically look like this:
+ *
+ * <programlisting>
+ * static void
+ * child_watch_func (GPid pid,
+ * gint status,
+ * gpointer user_data)
+ * {
+ * PolKitGrant *polkit_grant = user_data;
+ * polkit_grant_child_func (polkit_grant, pid, WEXITSTATUS (status));
+ * }
+ *
+ * static int
+ * add_child_watch (PolKitGrant *polkit_grant, pid_t pid)
+ * {
+ * return g_child_watch_add (pid, child_watch_func, polkit_grant);
+ * }
+ * </programlisting>
+ *
+ * Returns: 0 if the watch couldn't be set up; otherwise an unique
+ * identifier for the watch.
+ **/
+typedef int (*PolKitGrantAddChildWatch) (PolKitGrant *polkit_grant,
+ pid_t pid);
+
+/**
+ * PolKitGrantAddIOWatch:
+ * @polkit_grant: the grant object
+ * @fd: the file descriptor to watch
+ *
+ * Type for function supplied by the application to integrate a watch
+ * on a file descriptor into the applications main loop. The
+ * application must call polkit_grant_io_func() when there is data
+ * to read from the file descriptor.
+ *
+ * For glib mainloop, the function will typically look like this:
+ *
+ * <programlisting>
+ * static gboolean
+ * io_watch_have_data (GIOChannel *channel, GIOCondition condition, gpointer user_data)
+ * {
+ * int fd;
+ * PolKitGrant *polkit_grant = user_data;
+ * fd = g_io_channel_unix_get_fd (channel);
+ * polkit_grant_io_func (polkit_grant, fd);
+ * return TRUE;
+ * }
+ *
+ * static int
+ * add_io_watch (PolKitGrant *polkit_grant, int fd)
+ * {
+ * guint id = 0;
+ * GIOChannel *channel;
+ * channel = g_io_channel_unix_new (fd);
+ * if (channel == NULL)
+ * goto out;
+ * id = g_io_add_watch (channel, G_IO_IN, io_watch_have_data, polkit_grant);
+ * if (id == 0) {
+ * g_io_channel_unref (channel);
+ * goto out;
+ * }
+ * g_io_channel_unref (channel);
+ * out:
+ * return id;
+ * }
+ * </programlisting>
+ *
+ * Returns: 0 if the watch couldn't be set up; otherwise an unique
+ * identifier for the watch.
+ **/
+typedef int (*PolKitGrantAddIOWatch) (PolKitGrant *polkit_grant,
+ int fd);
+
+/**
+ * PolKitGrantRemoveWatch:
+ * @polkit_grant: the grant object
+ * @watch_id: the id obtained from using the supplied function
+ * of type #PolKitGrantAddIOWatch or #PolKitGrantAddChildWatch.
+ *
+ * Type for function supplied by the application to remove a watch set
+ * up via the supplied function of type #PolKitGrantAddIOWatch or type
+ * #PolKitGrantAddChildWatch.
+ *
+ * For glib mainloop, the function will typically look like this:
+ *
+ * <programlisting>
+ * static void
+ * remove_watch (PolKitGrant *polkit_auth, int watch_id)
+ * {
+ * g_source_remove (watch_id);
+ * }
+ * </programlisting>
+ *
+ **/
+typedef void (*PolKitGrantRemoveWatch) (PolKitGrant *polkit_grant,
+ int watch_id);
+
+PolKitGrant *polkit_grant_new (void);
+PolKitGrant *polkit_grant_ref (PolKitGrant *polkit_grant);
+void polkit_grant_unref (PolKitGrant *polkit_grant);
+void polkit_grant_set_functions (PolKitGrant *polkit_grant,
+ PolKitGrantAddIOWatch func_add_io_watch,
+ PolKitGrantAddChildWatch func_add_child_watch,
+ PolKitGrantRemoveWatch func_remove_watch,
+ PolKitGrantType func_type,
+ PolKitGrantConversationPromptEchoOff func_prompt_echo_off,
+ PolKitGrantConversationPromptEchoOn func_prompt_echo_on,
+ PolKitGrantConversationErrorMessage func_error_message,
+ PolKitGrantConversationTextInfo func_text_info,
+ PolKitGrantOverrideGrantType func_override_grant_type,
+ PolKitGrantDone func_done,
+ void *user_data);
+polkit_bool_t polkit_grant_initiate_auth (PolKitGrant *polkit_grant,
+ PolKitAction *action,
+ PolKitResource *resource,
+ PolKitCaller *caller);
+
+void polkit_grant_cancel_auth (PolKitGrant *polkit_grant);
+
+void polkit_grant_io_func (PolKitGrant *polkit_grant, int fd);
+void polkit_grant_child_func (PolKitGrant *polkit_grant, pid_t pid, int exit_code);
+
+
+#endif /* POLKIT_GRANT_H */
+
+
diff --git a/polkit.in b/polkit.in
deleted file mode 100644
index 142dadd..0000000
--- a/polkit.in
+++ /dev/null
@@ -1,6 +0,0 @@
-#%PAM-1.0
-
-auth include @PAM_FILE_INCLUDE_AUTH@
-account include @PAM_FILE_INCLUDE_ACCOUNT@
-password include @PAM_FILE_INCLUDE_PASSWORD@
-session include @PAM_FILE_INCLUDE_SESSION@
diff --git a/polkit/.gitignore b/polkit/.gitignore
new file mode 100644
index 0000000..764d994
--- /dev/null
+++ b/polkit/.gitignore
@@ -0,0 +1,9 @@
+.deps
+.libs
+*.la
+*.lo
+*.o
+Makefile
+Makefile.in
+polkit-interface-manager-glue.h
+polkit-interface-session-glue.h
diff --git a/polkit/Makefile.am b/polkit/Makefile.am
new file mode 100644
index 0000000..0b3bbb1
--- /dev/null
+++ b/polkit/Makefile.am
@@ -0,0 +1,61 @@
+## Process this file with automake to produce Makefile.in
+
+INCLUDES = \
+ -I$(top_builddir) -I$(top_srcdir) \
+ -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
+ -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
+ -DPACKAGE_DATA_DIR=\""$(datadir)"\" \
+ -DPACKAGE_BIN_DIR=\""$(bindir)"\" \
+ -DPACKAGE_LOCALSTATEDIR=\""$(localstatedir)"\" \
+ -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \
+ -DPACKAGE_LIB_DIR=\""$(libdir)"\" \
+ -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \
+ -DPOLKIT_COMPILATION \
+ @GLIB_CFLAGS@
+
+lib_LTLIBRARIES=libpolkit.la
+
+libpolkitincludedir=$(includedir)/PolicyKit/polkit
+
+libpolkitinclude_HEADERS = \
+ polkit.h \
+ polkit-types.h \
+ polkit-error.h \
+ polkit-result.h \
+ polkit-context.h \
+ polkit-action.h \
+ polkit-resource.h \
+ polkit-seat.h \
+ polkit-session.h \
+ polkit-caller.h \
+ polkit-policy-file-entry.h \
+ polkit-policy-file.h \
+ polkit-policy-cache.h \
+ polkit-policy-default.h \
+ polkit-module.h
+
+libpolkit_la_SOURCES = \
+ polkit.h \
+ polkit-types.h \
+ polkit-error.h polkit-error.c \
+ polkit-result.h polkit-result.c \
+ polkit-context.h polkit-context.c \
+ polkit-action.h polkit-action.c \
+ polkit-resource.h polkit-resource.c \
+ polkit-seat.h polkit-seat.c \
+ polkit-session.h polkit-session.c \
+ polkit-caller.h polkit-caller.c \
+ polkit-policy-file-entry.h polkit-policy-file-entry.c \
+ polkit-policy-file.h polkit-policy-file.c \
+ polkit-policy-cache.h polkit-policy-cache.c \
+ polkit-policy-default.h polkit-policy-default.c \
+ polkit-debug.h polkit-debug.c \
+ polkit-utils.h polkit-utils.c \
+ polkit-module.h polkit-module.c
+
+libpolkit_la_LIBADD = @GLIB_LIBS@ -ldl
+
+libpolkit_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
+
+clean-local :
+ rm -f *~ $(BUILT_SOURCES)
diff --git a/polkit/polkit-action.c b/polkit/polkit-action.c
new file mode 100644
index 0000000..d9ad78a
--- /dev/null
+++ b/polkit/polkit-action.c
@@ -0,0 +1,186 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-action.c : action
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <glib.h>
+#include "polkit-debug.h"
+#include "polkit-action.h"
+#include "polkit-utils.h"
+
+/**
+ * SECTION:polkit-action
+ * @short_description: Actions.
+ *
+ * This class is used to represent an action. TODO: describe what a action really is.
+ **/
+
+/**
+ * PolKitAction:
+ *
+ * Objects of this class are used to record information about an action.
+ **/
+struct PolKitAction
+{
+ int refcount;
+ char *id;
+ GHashTable *params;
+};
+
+/**
+ * polkit_action_new:
+ *
+ * Create a new #PolKitAction object.
+ *
+ * Returns: the new object
+ **/
+PolKitAction *
+polkit_action_new (void)
+{
+ PolKitAction *action;
+ action = g_new0 (PolKitAction, 1);
+ action->refcount = 1;
+ action->params = g_hash_table_new_full (g_str_hash,
+ g_str_equal,
+ g_free,
+ g_free);
+ return action;
+}
+
+/**
+ * polkit_action_ref:
+ * @action: the action object
+ *
+ * Increase reference count.
+ *
+ * Returns: the object
+ **/
+PolKitAction *
+polkit_action_ref (PolKitAction *action)
+{
+ g_return_val_if_fail (action != NULL, action);
+ action->refcount++;
+ return action;
+}
+
+/**
+ * polkit_action_unref:
+ * @action: the action object
+ *
+ * Decreases the reference count of the object. If it becomes zero,
+ * the object is freed. Before freeing, reference counts on embedded
+ * objects are decresed by one.
+ **/
+void
+polkit_action_unref (PolKitAction *action)
+{
+ g_return_if_fail (action != NULL);
+ action->refcount--;
+ if (action->refcount > 0)
+ return;
+ g_free (action->id);
+ g_hash_table_destroy (action->params);
+ g_free (action);
+}
+
+/**
+ * polkit_action_set_action_id:
+ * @action: the action object
+ * @action_id: action identifier
+ *
+ * Set the action identifier
+ *
+ * Returns: #TRUE only if the value validated and was set
+ **/
+polkit_bool_t
+polkit_action_set_action_id (PolKitAction *action, const char *action_id)
+{
+ g_return_val_if_fail (action != NULL, FALSE);
+ g_return_val_if_fail (_pk_validate_identifier (action_id), FALSE);
+ if (action->id != NULL)
+ g_free (action->id);
+ action->id = g_strdup (action_id);
+ return TRUE;
+}
+
+/**
+ * polkit_action_get_action_id:
+ * @action: the action object
+ * @out_action_id: Returns the action identifier. The caller shall not free this string.
+ *
+ * Get the action identifier.
+ *
+ * Returns: TRUE iff the value was returned.
+ **/
+polkit_bool_t
+polkit_action_get_action_id (PolKitAction *action, char **out_action_id)
+{
+ g_return_val_if_fail (action != NULL, FALSE);
+ g_return_val_if_fail (out_action_id != NULL, FALSE);
+ if (action->id == NULL)
+ return FALSE;
+ *out_action_id = action->id;
+ return TRUE;
+}
+
+/**
+ * polkit_action_debug:
+ * @action: the object
+ *
+ * Print debug details
+ **/
+void
+polkit_action_debug (PolKitAction *action)
+{
+ g_return_if_fail (action != NULL);
+ _pk_debug ("PolKitAction: refcount=%d id=%s", action->refcount, action->id);
+}
+
+/**
+ * polkit_action_validate:
+ * @action: the object
+ *
+ * Validate the object
+ *
+ * Returns: #TRUE iff the object is valid.
+ **/
+polkit_bool_t
+polkit_action_validate (PolKitAction *action)
+{
+ g_return_val_if_fail (action != NULL, FALSE);
+ g_return_val_if_fail (action->id != NULL, FALSE);
+ return TRUE;
+}
diff --git a/polkit/polkit-action.h b/polkit/polkit-action.h
new file mode 100644
index 0000000..af89f81
--- /dev/null
+++ b/polkit/polkit-action.h
@@ -0,0 +1,49 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-action.h : actions
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_ACTION_H
+#define POLKIT_ACTION_H
+
+#include <polkit/polkit-types.h>
+
+struct PolKitAction;
+typedef struct PolKitAction PolKitAction;
+
+PolKitAction *polkit_action_new (void);
+PolKitAction *polkit_action_ref (PolKitAction *action);
+void polkit_action_unref (PolKitAction *action);
+polkit_bool_t polkit_action_set_action_id (PolKitAction *action, const char *action_id);
+polkit_bool_t polkit_action_get_action_id (PolKitAction *action, char **out_action_id);
+
+void polkit_action_debug (PolKitAction *action);
+polkit_bool_t polkit_action_validate (PolKitAction *action);
+
+#endif /* POLKIT_ACTION_H */
+
+
diff --git a/polkit/polkit-caller.c b/polkit/polkit-caller.c
new file mode 100644
index 0000000..e096d0b
--- /dev/null
+++ b/polkit/polkit-caller.c
@@ -0,0 +1,345 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-caller.c : callers
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+/**
+ * SECTION:polkit-caller
+ * @short_description: Callers on the system message bus.
+ *
+ * This class is used to represent a caller in another process connected to the system message bus.
+ **/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <glib.h>
+#include "polkit-debug.h"
+#include "polkit-caller.h"
+#include "polkit-utils.h"
+
+/**
+ * PolKitCaller:
+ *
+ * Objects of this class are used to record information about a caller
+ * on the system bus.
+ **/
+struct PolKitCaller
+{
+ int refcount;
+ char *dbus_name;
+ uid_t uid;
+ pid_t pid;
+ char *selinux_context;
+ PolKitSession *session;
+};
+
+/**
+ * polkit_caller_new:
+ *
+ * Creates a new #PolKitCaller object.
+ *
+ * Returns: the new object
+ **/
+PolKitCaller *
+polkit_caller_new (void)
+{
+ PolKitCaller *caller;
+ caller = g_new0 (PolKitCaller, 1);
+ caller->refcount = 1;
+ return caller;
+}
+
+/**
+ * polkit_caller_ref:
+ * @caller: The caller object
+ *
+ * Increase reference count.
+ *
+ * Returns: the object
+ **/
+PolKitCaller *
+polkit_caller_ref (PolKitCaller *caller)
+{
+ g_return_val_if_fail (caller != NULL, caller);
+ caller->refcount++;
+ return caller;
+}
+
+
+/**
+ * polkit_caller_unref:
+ * @caller: The caller object
+ *
+ * Decreases the reference count of the object. If it becomes zero,
+ * the object is freed. Before freeing, reference counts on embedded
+ * objects are decresed by one.
+ **/
+void
+polkit_caller_unref (PolKitCaller *caller)
+{
+ g_return_if_fail (caller != NULL);
+ caller->refcount--;
+ if (caller->refcount > 0)
+ return;
+ g_free (caller->dbus_name);
+ g_free (caller->selinux_context);
+ if (caller->session != NULL)
+ polkit_session_unref (caller->session);
+ g_free (caller);
+}
+
+/**
+ * polkit_caller_set_dbus_name:
+ * @caller: The caller object
+ * @dbus_name: unique system bus connection name
+ *
+ * Set the callers unique system bus connection name.
+ *
+ * Returns: #TRUE only if the value validated and was set
+ **/
+polkit_bool_t
+polkit_caller_set_dbus_name (PolKitCaller *caller, const char *dbus_name)
+{
+ g_return_val_if_fail (caller != NULL, FALSE);
+ g_return_val_if_fail (_pk_validate_unique_bus_name (dbus_name), FALSE);
+ if (caller->dbus_name != NULL)
+ g_free (caller->dbus_name);
+ caller->dbus_name = g_strdup (dbus_name);
+ return TRUE;
+}
+
+/**
+ * polkit_caller_set_uid:
+ * @caller: The caller object
+ * @uid: UNIX user id
+ *
+ * Set the callers UNIX user id.
+ *
+ * Returns: #TRUE only if the value validated and was set
+ **/
+polkit_bool_t
+polkit_caller_set_uid (PolKitCaller *caller, uid_t uid)
+{
+ g_return_val_if_fail (caller != NULL, FALSE);
+ caller->uid = uid;
+ return TRUE;
+}
+
+/**
+ * polkit_caller_set_pid:
+ * @caller: The caller object
+ * @pid: UNIX process id
+ *
+ * Set the callers UNIX process id.
+ *
+ * Returns: #TRUE only if the value validated and was set
+ **/
+polkit_bool_t
+polkit_caller_set_pid (PolKitCaller *caller, pid_t pid)
+{
+ g_return_val_if_fail (caller != NULL, FALSE);
+ caller->pid = pid;
+ return TRUE;
+}
+
+/**
+ * polkit_caller_set_selinux_context:
+ * @caller: The caller object
+ * @selinux_context: SELinux security context
+ *
+ * Set the callers SELinux security context.
+ *
+ * Returns: #TRUE only if the value validated and was set
+ **/
+polkit_bool_t
+polkit_caller_set_selinux_context (PolKitCaller *caller, const char *selinux_context)
+{
+ g_return_val_if_fail (caller != NULL, FALSE);
+ /* TODO: probably should have a separate validation function for SELinux contexts */
+ g_return_val_if_fail (_pk_validate_identifier (selinux_context), FALSE);
+
+ if (caller->selinux_context != NULL)
+ g_free (caller->selinux_context);
+ caller->selinux_context = g_strdup (selinux_context);
+ return TRUE;
+}
+
+/**
+ * polkit_caller_set_ck_session:
+ * @caller: The caller object
+ * @session: a session object
+ *
+ * Set the callers session. The reference count on the given object
+ * will be increased by one. If an existing session object was set
+ * already, the reference count on that one will be decreased by one.
+ *
+ * Returns: #TRUE only if the value validated and was set
+ **/
+polkit_bool_t
+polkit_caller_set_ck_session (PolKitCaller *caller, PolKitSession *session)
+{
+ g_return_val_if_fail (caller != NULL, FALSE);
+ g_return_val_if_fail (polkit_session_validate (session), FALSE);
+ if (caller->session != NULL)
+ polkit_session_unref (caller->session);
+ caller->session = session != NULL ? polkit_session_ref (session) : NULL;
+ return TRUE;
+}
+
+/**
+ * polkit_caller_get_dbus_name:
+ * @caller: The caller object
+ * @out_dbus_name: Returns the unique system bus connection name. The caller shall not free this string.
+ *
+ * Get the callers unique system bus connection name.
+ *
+ * Returns: TRUE iff the value is returned
+ **/
+polkit_bool_t
+polkit_caller_get_dbus_name (PolKitCaller *caller, char **out_dbus_name)
+{
+ g_return_val_if_fail (caller != NULL, FALSE);
+ g_return_val_if_fail (out_dbus_name != NULL, FALSE);
+ *out_dbus_name = caller->dbus_name;
+ return TRUE;
+}
+
+/**
+ * polkit_caller_get_uid:
+ * @caller: The caller object
+ * @out_uid: Returns the UNIX user id
+ *
+ * Get the callers UNIX user id.
+ *
+ * Returns: TRUE iff the value is returned
+ **/
+polkit_bool_t
+polkit_caller_get_uid (PolKitCaller *caller, uid_t *out_uid)
+{
+ g_return_val_if_fail (caller != NULL, FALSE);
+ g_return_val_if_fail (out_uid != NULL, FALSE);
+ *out_uid = caller->uid;
+ return TRUE;
+}
+
+/**
+ * polkit_caller_get_pid:
+ * @caller: The caller object
+ * @out_pid: Returns the UNIX process id
+ *
+ * Get the callers UNIX process id.
+ *
+ * Returns: TRUE iff the value is returned
+ **/
+polkit_bool_t
+polkit_caller_get_pid (PolKitCaller *caller, pid_t *out_pid)
+{
+ g_return_val_if_fail (caller != NULL, FALSE);
+ g_return_val_if_fail (out_pid != NULL, FALSE);
+ *out_pid = caller->pid;
+ return TRUE;
+}
+
+/**
+ * polkit_caller_get_selinux_context:
+ * @caller: The caller object
+ * @out_selinux_context: Returns the SELinux security context. The caller shall not free this string.
+ *
+ * Get the callers SELinux security context. Note that this may be
+ * #NULL if SELinux is not available on the system.
+ *
+ * Returns: TRUE iff the value is returned
+ **/
+polkit_bool_t
+polkit_caller_get_selinux_context (PolKitCaller *caller, char **out_selinux_context)
+{
+ g_return_val_if_fail (caller != NULL, FALSE);
+ g_return_val_if_fail (out_selinux_context != NULL, FALSE);
+ *out_selinux_context = caller->selinux_context;
+ return TRUE;
+}
+
+/**
+ * polkit_caller_get_ck_session:
+ * @caller: The caller object
+ * @out_session: Returns the session object. Caller shall not unref it.
+ *
+ * Get the callers session. Note that this may be #NULL if the caller
+ * is not in any session.
+ *
+ * Returns: TRUE iff the value is returned
+ **/
+polkit_bool_t
+polkit_caller_get_ck_session (PolKitCaller *caller, PolKitSession **out_session)
+{
+ g_return_val_if_fail (caller != NULL, FALSE);
+ g_return_val_if_fail (out_session != NULL, FALSE);
+ *out_session = caller->session;
+ return TRUE;
+}
+
+/**
+ * polkit_caller_debug:
+ * @caller: the object
+ *
+ * Print debug details
+ **/
+void
+polkit_caller_debug (PolKitCaller *caller)
+{
+ g_return_if_fail (caller != NULL);
+ _pk_debug ("PolKitCaller: refcount=%d dbus_name=%s uid=%d pid=%d selinux_context=%s",
+ caller->refcount, caller->dbus_name, caller->uid, caller->pid, caller->selinux_context);
+ if (caller->session != NULL)
+ polkit_session_debug (caller->session);
+}
+
+
+/**
+ * polkit_caller_validate:
+ * @caller: the object
+ *
+ * Validate the object
+ *
+ * Returns: #TRUE iff the object is valid.
+ **/
+polkit_bool_t
+polkit_caller_validate (PolKitCaller *caller)
+{
+ g_return_val_if_fail (caller != NULL, FALSE);
+ g_return_val_if_fail (caller->pid > 0, FALSE);
+ g_return_val_if_fail (caller->dbus_name != NULL, FALSE);
+ /* NOTE TODO FIXME: remove need to have a dbus name set */
+ return TRUE;
+}
diff --git a/polkit/polkit-caller.h b/polkit/polkit-caller.h
new file mode 100644
index 0000000..86643d9
--- /dev/null
+++ b/polkit/polkit-caller.h
@@ -0,0 +1,57 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-caller.h : callers
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_CALLER_H
+#define POLKIT_CALLER_H
+
+#include <polkit/polkit-types.h>
+#include <polkit/polkit-session.h>
+#include <sys/types.h>
+
+struct PolKitCaller;
+typedef struct PolKitCaller PolKitCaller;
+
+PolKitCaller *polkit_caller_new (void);
+PolKitCaller *polkit_caller_ref (PolKitCaller *caller);
+void polkit_caller_unref (PolKitCaller *caller);
+polkit_bool_t polkit_caller_set_dbus_name (PolKitCaller *caller, const char *dbus_name);
+polkit_bool_t polkit_caller_set_uid (PolKitCaller *caller, uid_t uid);
+polkit_bool_t polkit_caller_set_pid (PolKitCaller *caller, pid_t pid);
+polkit_bool_t polkit_caller_set_selinux_context (PolKitCaller *caller, const char *selinux_context);
+polkit_bool_t polkit_caller_set_ck_session (PolKitCaller *caller, PolKitSession *session);
+polkit_bool_t polkit_caller_get_dbus_name (PolKitCaller *caller, char **out_dbus_name);
+polkit_bool_t polkit_caller_get_uid (PolKitCaller *caller, uid_t *out_uid);
+polkit_bool_t polkit_caller_get_pid (PolKitCaller *caller, pid_t *out_pid);
+polkit_bool_t polkit_caller_get_selinux_context (PolKitCaller *caller, char **out_selinux_context);
+polkit_bool_t polkit_caller_get_ck_session (PolKitCaller *caller, PolKitSession **out_session);
+
+void polkit_caller_debug (PolKitCaller *caller);
+polkit_bool_t polkit_caller_validate (PolKitCaller *caller);
+
+#endif /* POLKIT_H */
diff --git a/polkit/polkit-context.c b/polkit/polkit-context.c
new file mode 100644
index 0000000..a1248fd
--- /dev/null
+++ b/polkit/polkit-context.c
@@ -0,0 +1,767 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-context.c : context for PolicyKit
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <glib.h>
+#include "polkit-debug.h"
+#include "polkit-context.h"
+#include "polkit-policy-cache.h"
+#include "polkit-module.h"
+
+/**
+ * SECTION:polkit
+ * @short_description: Centralized policy management.
+ *
+ * polkit is a C library for centralized policy management.
+ **/
+
+/**
+ * SECTION:polkit-context
+ * @short_description: Context.
+ *
+ * This class is used to represent the interface to PolicyKit.
+ **/
+
+/**
+ * PolKitContext:
+ *
+ * Context object for users of PolicyKit.
+ **/
+struct PolKitContext
+{
+ int refcount;
+
+ PolKitContextConfigChangedCB config_changed_cb;
+ void *config_changed_user_data;
+
+ PolKitContextFileMonitorAddWatch file_monitor_add_watch_func;
+ PolKitContextFileMonitorRemoveWatch file_monitor_remove_watch_func;
+
+ char *policy_dir;
+
+ PolKitPolicyCache *priv_cache;
+
+ GSList *modules;
+};
+
+/**
+ * polkit_context_new:
+ *
+ * Create a new context
+ *
+ * Returns: the object
+ **/
+PolKitContext *
+polkit_context_new (void)
+{
+ PolKitContext *pk_context;
+ pk_context = g_new0 (PolKitContext, 1);
+ pk_context->refcount = 1;
+ return pk_context;
+}
+
+static polkit_bool_t
+unload_modules (PolKitContext *pk_context)
+{
+ GSList *i;
+ for (i = pk_context->modules; i != NULL; i = g_slist_next (i)) {
+ PolKitModuleInterface *module_interface = i->data;
+ polkit_module_interface_unref (module_interface);
+ }
+ g_slist_free (pk_context->modules);
+ pk_context->modules = NULL;
+ _pk_debug ("Unloaded modules");
+
+ return TRUE;
+}
+
+static polkit_bool_t
+load_modules (PolKitContext *pk_context, PolKitError **error)
+{
+ const char *config_file;
+ polkit_bool_t ret;
+ char *buf;
+ char *end;
+ char line[256];
+ char *p;
+ char *q;
+ gsize len;
+ int line_number;
+ int mod_number;
+ GError *g_error;
+
+ ret = FALSE;
+ buf = NULL;
+ mod_number = 0;
+
+ config_file = PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf";
+ g_error = NULL;
+ if (!g_file_get_contents (config_file,
+ &buf,
+ &len,
+ &g_error)) {
+ _pk_debug ("Cannot load PolicyKit configuration file at '%s'", config_file);
+ polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID,
+ "Cannot load PolicyKit configuration file at '%s': %s",
+ config_file,
+ g_error->message);
+ g_error_free (g_error);
+ goto out;
+ }
+
+ end = buf + len;
+
+ /* parse the config file; one line at a time (yes, this is super ugly code) */
+ p = buf;
+ line_number = -1;
+ while (TRUE) {
+ int argc;
+ char **tokens;
+ char *module_name;
+ char *module_path;
+ PolKitModuleControl module_control;
+ PolKitModuleInterface *module_interface;
+
+ line_number++;
+
+ q = p;
+ while (*q != '\n' && q != '\0' && q < end)
+ q++;
+ if (*q == '\0' || q >= end) {
+ /* skip last line if it's not terminated by whitespace */
+ break;
+ }
+ if ((unsigned int) (q - p) > sizeof(line) - 1) {
+ _pk_debug ("Line is too long; skipping it");
+ continue;
+ }
+ strncpy (line, p, q - p);
+ line[q - p] = '\0';
+ p = q + 1;
+
+ /* remove leading and trailing white space */
+ g_strstrip (line);
+
+ /* comments, blank lines are fine; just skip them */
+ if (line[0] == '#' || strlen (line) == 0) {
+ continue;
+ }
+
+ /*_pk_debug ("Looking at line: '%s'", line);*/
+
+ if (!g_shell_parse_argv (line, &argc, &tokens, NULL)) {
+ _pk_debug ("Cannot parse line %d - skipping", line_number);
+ continue;
+ }
+ if (argc < 2) {
+ _pk_debug ("Line %d is malformed - skipping line", line_number);
+ g_strfreev (tokens);
+ continue;
+ }
+ if (!polkit_module_control_from_string_representation (tokens[0], &module_control)) {
+ _pk_debug ("Unknown module_control '%s' at line %d - skipping line", tokens[0], line_number);
+ g_strfreev (tokens);
+ continue;
+ }
+ module_name = tokens[1];
+
+ module_path = g_strdup_printf (PACKAGE_LIB_DIR "/PolicyKit/modules/%s", module_name);
+ _pk_debug ("MODULE: number=%d control=%d name=%s argc=%d",
+ mod_number, module_control, module_name, argc - 1);
+ module_interface = polkit_module_interface_load_module (module_path,
+ module_control,
+ argc - 1,
+ tokens + 1);
+ g_free (module_path);
+
+ if (module_interface != NULL) {
+ pk_context->modules = g_slist_append (pk_context->modules, module_interface);
+ mod_number++;
+ }
+ g_strfreev (tokens);
+
+ }
+
+ ret = TRUE;
+
+out:
+ if (buf != NULL)
+ g_free (buf);
+
+ _pk_debug ("Loaded %d modules in total", mod_number);
+ return ret;
+}
+
+static void
+_config_file_events (PolKitContext *pk_context,
+ PolKitContextFileMonitorEvent event_mask,
+ const char *path,
+ void *user_data)
+{
+ _pk_debug ("Config file changed");
+ unload_modules (pk_context);
+ load_modules (pk_context, NULL);
+
+ /* signal that our configuration (may have) changed */
+ if (pk_context->config_changed_cb) {
+ pk_context->config_changed_cb (pk_context, pk_context->config_changed_user_data);
+ }
+}
+
+static void
+_policy_dir_events (PolKitContext *pk_context,
+ PolKitContextFileMonitorEvent event_mask,
+ const char *path,
+ void *user_data)
+{
+ /* mark cache of policy files as stale.. (will be populated on-demand, see _get_cache()) */
+ if (pk_context->priv_cache != NULL) {
+ _pk_debug ("Something happened in %s - invalidating cache", pk_context->policy_dir);
+ polkit_policy_cache_unref (pk_context->priv_cache);
+ pk_context->priv_cache = NULL;
+ }
+
+ /* signal that our configuration (may have) changed */
+ if (pk_context->config_changed_cb) {
+ pk_context->config_changed_cb (pk_context, pk_context->config_changed_user_data);
+ }
+}
+
+/**
+ * polkit_context_init:
+ * @pk_context: the context object
+ * @error: return location for error
+ *
+ * Initializes a new context; loads PolicyKit files from
+ * /etc/PolicyKit/policy unless the environment variable
+ * $POLKIT_POLICY_DIR points to a location.
+ *
+ * Returns: #FALSE if @error was set, otherwise #TRUE
+ **/
+polkit_bool_t
+polkit_context_init (PolKitContext *pk_context, PolKitError **error)
+{
+ const char *dirname;
+
+ dirname = getenv ("POLKIT_POLICY_DIR");
+ if (dirname != NULL) {
+ pk_context->policy_dir = g_strdup (dirname);
+ } else {
+ pk_context->policy_dir = g_strdup (PACKAGE_SYSCONF_DIR "/PolicyKit/policy");
+ }
+ _pk_debug ("Using policy files from directory %s", pk_context->policy_dir);
+
+ /* Load modules */
+ if (!load_modules (pk_context, error))
+ goto error;
+
+ /* don't populate the cache until it's needed.. */
+
+ if (pk_context->file_monitor_add_watch_func == NULL) {
+ _pk_debug ("No file monitor; cannot monitor '%s' for .policy file changes", pk_context->policy_dir);
+ } else {
+ /* Watch when policy definitions file change */
+ pk_context->file_monitor_add_watch_func (pk_context,
+ pk_context->policy_dir,
+ POLKIT_CONTEXT_FILE_MONITOR_EVENT_CREATE|
+ POLKIT_CONTEXT_FILE_MONITOR_EVENT_DELETE|
+ POLKIT_CONTEXT_FILE_MONITOR_EVENT_CHANGE,
+ _policy_dir_events,
+ NULL);
+
+ /* Config file changes */
+ pk_context->file_monitor_add_watch_func (pk_context,
+ PACKAGE_SYSCONF_DIR "/PolicyKit",
+ POLKIT_CONTEXT_FILE_MONITOR_EVENT_CREATE|
+ POLKIT_CONTEXT_FILE_MONITOR_EVENT_DELETE|
+ POLKIT_CONTEXT_FILE_MONITOR_EVENT_CHANGE,
+ _config_file_events,
+ NULL);
+ }
+
+ return TRUE;
+error:
+ if (pk_context != NULL)
+ polkit_context_unref (pk_context);
+
+ return FALSE;
+}
+
+/**
+ * polkit_context_ref:
+ * @pk_context: the context object
+ *
+ * Increase reference count.
+ *
+ * Returns: the object
+ **/
+PolKitContext *
+polkit_context_ref (PolKitContext *pk_context)
+{
+ g_return_val_if_fail (pk_context != NULL, pk_context);
+ pk_context->refcount++;
+ return pk_context;
+}
+
+/**
+ * polkit_context_unref:
+ * @pk_context: the context object
+ *
+ * Decreases the reference count of the object. If it becomes zero,
+ * the object is freed. Before freeing, reference counts on embedded
+ * objects are decresed by one.
+ **/
+void
+polkit_context_unref (PolKitContext *pk_context)
+{
+
+ g_return_if_fail (pk_context != NULL);
+ pk_context->refcount--;
+ if (pk_context->refcount > 0)
+ return;
+
+ unload_modules (pk_context);
+
+ g_free (pk_context);
+}
+
+/**
+ * polkit_context_set_config_changed:
+ * @pk_context: the context object
+ * @cb: the callback to invoke
+ * @user_data: user data to pass to the callback
+ *
+ * Register the callback function for when configuration changes.
+ * Mechanisms should use this callback to e.g. reconfigure all
+ * permissions / acl's they have set in response to policy decisions
+ * made from information provided by PolicyKit.
+ *
+ * Note that this function may be called many times within a short
+ * interval due to how file monitoring works if e.g. the user is
+ * editing a configuration file (editors typically create back-up
+ * files). Mechanisms should use a "cool-off" timer (of, say, one
+ * second) to avoid doing many expensive operations (such as
+ * reconfiguring all ACL's for all devices) within a very short
+ * timeframe.
+ **/
+void
+polkit_context_set_config_changed (PolKitContext *pk_context,
+ PolKitContextConfigChangedCB cb,
+ void *user_data)
+{
+ g_return_if_fail (pk_context != NULL);
+ pk_context->config_changed_cb = cb;
+ pk_context->config_changed_user_data = user_data;
+}
+
+/**
+ * polkit_context_set_file_monitor:
+ * @pk_context: the context object
+ * @add_watch_func: the function that the PolicyKit library can invoke to start watching a file
+ * @remove_watch_func: the function that the PolicyKit library can invoke to stop watching a file
+ *
+ * Register a functions that PolicyKit can use for watching files.
+ **/
+void
+polkit_context_set_file_monitor (PolKitContext *pk_context,
+ PolKitContextFileMonitorAddWatch add_watch_func,
+ PolKitContextFileMonitorRemoveWatch remove_watch_func)
+{
+ g_return_if_fail (pk_context != NULL);
+ pk_context->file_monitor_add_watch_func = add_watch_func;
+ pk_context->file_monitor_remove_watch_func = remove_watch_func;
+}
+
+
+/**
+ * polkit_context_get_policy_cache:
+ * @pk_context: the context
+ *
+ * Get the #PolKitPolicyCache object that holds all the defined policies as well as their defaults.
+ *
+ * Returns: the #PolKitPolicyCache object. Caller shall not unref it.
+ **/
+PolKitPolicyCache *
+polkit_context_get_policy_cache (PolKitContext *pk_context)
+{
+ g_return_val_if_fail (pk_context != NULL, NULL);
+
+ if (pk_context->priv_cache == NULL) {
+ PolKitError *error;
+
+ _pk_debug ("Populating cache from directory %s", pk_context->policy_dir);
+
+ error = NULL;
+ pk_context->priv_cache = polkit_policy_cache_new (pk_context->policy_dir, &error);
+ if (pk_context->priv_cache == NULL) {
+ g_warning ("Error loading policy files from %s: %s",
+ pk_context->policy_dir, polkit_error_get_error_message (error));
+ polkit_error_free (error);
+ } else {
+ polkit_policy_cache_debug (pk_context->priv_cache);
+ }
+ }
+
+ return pk_context->priv_cache;
+}
+
+
+/**
+ * polkit_context_get_seat_resource_association:
+ * @pk_context: the PolicyKit context
+ * @visitor: visitor function
+ * @user_data: user data
+ *
+ * Retrieve information about what resources are associated to what
+ * seats. Note that a resource may be associated to more than one
+ * seat. This information stems from user configuration and consumers
+ * of this information that know better (e.g. HAL) may choose to
+ * override it.
+ *
+ * Typically, this information is used to e.g. bootstrap the system
+ * insofar that it can be used to start login greeters on the given
+ * video hardware (e.g. resources) on the given user-configured seats.
+ *
+ * If a resource is not associated with any seat, it is assumed to be
+ * available to any local seat.
+ *
+ * Returns: A #PolKitResult - can only be one of
+ * #POLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW or
+ * #POLKIT_RESULT_YES (if the callback was invoked)
+ */
+PolKitResult
+polkit_context_get_seat_resource_association (PolKitContext *pk_context,
+ PolKitSeatVisitorCB visitor,
+ void *user_data)
+{
+ return POLKIT_RESULT_YES;
+}
+
+/**
+ * polkit_context_is_resource_associated_with_seat:
+ * @pk_context: the PolicyKit context
+ * @resource: the resource in question
+ * @seat: the seat
+ *
+ * Determine if a given resource is associated with a given seat. The
+ * same comments noted in polkit_get_seat_resource_association() about the
+ * source purely being user configuration applies here as well.
+ *
+ * Returns: A #PolKitResult - can only be one of
+ * #POLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW,
+ * #POLKIT_RESULT_YES, #POLKIT_RESULT_NO.
+ */
+PolKitResult
+polkit_context_is_resource_associated_with_seat (PolKitContext *pk_context,
+ PolKitResource *resource,
+ PolKitSeat *seat)
+{
+ return POLKIT_RESULT_NO;
+}
+
+/**
+ * polkit_context_can_session_access_resource:
+ * @pk_context: the PolicyKit context
+ * @action: the type of access to check for
+ * @resource: the resource in question or #NULL to test for all resources
+ * @session: the session in question
+ *
+ * Determine if a given session can access a given resource in a given way.
+ *
+ * Returns: A #PolKitResult - can only be one of
+ * #POLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW,
+ * #POLKIT_RESULT_YES, #POLKIT_RESULT_NO.
+ */
+PolKitResult
+polkit_context_can_session_access_resource (PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitResource *resource,
+ PolKitSession *session)
+{
+ PolKitPolicyCache *cache;
+ PolKitPolicyFileEntry *pfe;
+ PolKitResult current_result;
+ PolKitModuleControl current_control;
+ GSList *i;
+
+ current_result = POLKIT_RESULT_NO;
+ g_return_val_if_fail (pk_context != NULL, current_result);
+
+ /* resource may actually by NULL */
+ if (action == NULL || session == NULL)
+ goto out;
+
+
+ /* now validate the incoming objects */
+ if (!polkit_action_validate (action))
+ goto out;
+ if (resource == NULL)
+ if (!polkit_resource_validate (resource))
+ goto out;
+ if (!polkit_session_validate (session))
+ goto out;
+
+ cache = polkit_context_get_policy_cache (pk_context);
+ if (cache == NULL)
+ goto out;
+
+ _pk_debug ("entering polkit_can_session_access_resource()");
+ polkit_action_debug (action);
+ if (resource != NULL)
+ polkit_resource_debug (resource);
+ polkit_session_debug (session);
+
+ pfe = polkit_policy_cache_get_entry (cache, action);
+ if (pfe == NULL) {
+ char *action_name;
+ if (!polkit_action_get_action_id (action, &action_name)) {
+ g_warning ("given action has no name");
+ } else {
+ g_warning ("no action with name '%s'", action_name);
+ }
+ current_result = POLKIT_RESULT_UNKNOWN_ACTION;
+ goto out;
+ }
+
+ polkit_policy_file_entry_debug (pfe);
+
+ current_result = POLKIT_RESULT_UNKNOWN_ACTION;
+ current_control = POLKIT_MODULE_CONTROL_ADVISE; /* start with advise */
+
+ /* visit modules */
+ for (i = pk_context->modules; i != NULL; i = g_slist_next (i)) {
+ PolKitModuleInterface *module_interface = i->data;
+ PolKitModuleCanSessionAccessResource func;
+
+ func = polkit_module_get_func_can_session_access_resource (module_interface);
+ if (func != NULL) {
+ PolKitModuleControl module_control;
+ PolKitResult module_result;
+
+ _pk_debug ("Asking module '%s'", polkit_module_get_name (module_interface));
+
+ module_control = polkit_module_interface_get_control (module_interface);
+
+ if (polkit_module_interface_check_builtin_confinement_for_session (
+ module_interface,
+ pk_context,
+ action,
+ resource,
+ session)) {
+ /* module is confined by built-in options */
+ module_result = POLKIT_RESULT_UNKNOWN_ACTION;
+ _pk_debug ("Module '%s' confined by built-in's",
+ polkit_module_get_name (module_interface));
+ } else {
+ module_result = func (module_interface,
+ pk_context,
+ action,
+ resource,
+ session);
+ }
+
+ /* if a module returns _UNKNOWN_ACTION, it means that it doesn't
+ * have an opinion about the query; e.g. polkit-module-allow-all(8)
+ * will return this if it's confined to only consider certain actions
+ * or certain users.
+ */
+ if (module_result != POLKIT_RESULT_UNKNOWN_ACTION) {
+
+ if (current_control == POLKIT_MODULE_CONTROL_ADVISE &&
+ module_control == POLKIT_MODULE_CONTROL_ADVISE) {
+
+ /* take the less strict result */
+ if (current_result < module_result) {
+ current_result = module_result;
+ }
+
+ } else if (current_control == POLKIT_MODULE_CONTROL_ADVISE &&
+ module_control == POLKIT_MODULE_CONTROL_MANDATORY) {
+
+ /* here we just override */
+ current_result = module_result;
+
+ /* we are now in mandatory mode */
+ current_control = POLKIT_MODULE_CONTROL_MANDATORY;
+ }
+ }
+ }
+ }
+
+ /* Never return UNKNOWN_ACTION to user */
+ if (current_result == POLKIT_RESULT_UNKNOWN_ACTION)
+ current_result = POLKIT_RESULT_NO;
+
+out:
+ _pk_debug ("... result was %s", polkit_result_to_string_representation (current_result));
+ return current_result;
+}
+
+/**
+ * polkit_context_can_caller_access_resource:
+ * @pk_context: the PolicyKit context
+ * @action: the type of access to check for
+ * @resource: the resource in question or #NULL to test for all resources
+ * @caller: the resource in question
+ *
+ * Determine if a given caller can access a given resource in a given way.
+ *
+ * Returns: A #PolKitResult specifying if, and how, the caller can
+ * access the resource in the given way
+ */
+PolKitResult
+polkit_context_can_caller_access_resource (PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitResource *resource,
+ PolKitCaller *caller)
+{
+ PolKitPolicyCache *cache;
+ PolKitPolicyFileEntry *pfe;
+ PolKitResult current_result;
+ PolKitModuleControl current_control;
+ GSList *i;
+
+ current_result = POLKIT_RESULT_NO;
+ g_return_val_if_fail (pk_context != NULL, current_result);
+
+ /* resource may actually by NULL */
+ if (action == NULL || caller == NULL)
+ goto out;
+
+ cache = polkit_context_get_policy_cache (pk_context);
+ if (cache == NULL)
+ goto out;
+
+ /* now validate the incoming objects */
+ if (!polkit_action_validate (action))
+ goto out;
+ if (resource == NULL)
+ if (!polkit_resource_validate (resource))
+ goto out;
+ if (!polkit_caller_validate (caller))
+ goto out;
+
+ _pk_debug ("entering polkit_can_caller_access_resource()");
+ polkit_action_debug (action);
+ if (resource != NULL)
+ polkit_resource_debug (resource);
+ polkit_caller_debug (caller);
+
+ pfe = polkit_policy_cache_get_entry (cache, action);
+ if (pfe == NULL) {
+ char *action_name;
+ if (!polkit_action_get_action_id (action, &action_name)) {
+ g_warning ("given action has no name");
+ } else {
+ g_warning ("no action with name '%s'", action_name);
+ }
+ current_result = POLKIT_RESULT_UNKNOWN_ACTION;
+ goto out;
+ }
+
+ polkit_policy_file_entry_debug (pfe);
+
+ current_result = POLKIT_RESULT_UNKNOWN_ACTION;
+ current_control = POLKIT_MODULE_CONTROL_ADVISE; /* start with advise */
+
+ /* visit modules */
+ for (i = pk_context->modules; i != NULL; i = g_slist_next (i)) {
+ PolKitModuleInterface *module_interface = i->data;
+ PolKitModuleCanCallerAccessResource func;
+
+ func = polkit_module_get_func_can_caller_access_resource (module_interface);
+ if (func != NULL) {
+ PolKitModuleControl module_control;
+ PolKitResult module_result;
+
+ _pk_debug ("Asking module '%s'", polkit_module_get_name (module_interface));
+
+ module_control = polkit_module_interface_get_control (module_interface);
+
+ if (polkit_module_interface_check_builtin_confinement_for_caller (
+ module_interface,
+ pk_context,
+ action,
+ resource,
+ caller)) {
+ /* module is confined by built-in options */
+ module_result = POLKIT_RESULT_UNKNOWN_ACTION;
+ _pk_debug ("Module '%s' confined by built-in's",
+ polkit_module_get_name (module_interface));
+ } else {
+ module_result = func (module_interface,
+ pk_context,
+ action,
+ resource,
+ caller);
+ }
+
+ /* if a module returns _UNKNOWN_ACTION, it means that it doesn't
+ * have an opinion about the query; e.g. polkit-module-allow-all(8)
+ * will return this if it's confined to only consider certain actions
+ * or certain users.
+ */
+ if (module_result != POLKIT_RESULT_UNKNOWN_ACTION) {
+
+ if (current_control == POLKIT_MODULE_CONTROL_ADVISE &&
+ module_control == POLKIT_MODULE_CONTROL_ADVISE) {
+
+ /* take the less strict result */
+ if (current_result < module_result) {
+ current_result = module_result;
+ }
+
+ } else if (current_control == POLKIT_MODULE_CONTROL_ADVISE &&
+ module_control == POLKIT_MODULE_CONTROL_MANDATORY) {
+
+ /* here we just override */
+ current_result = module_result;
+
+ /* we are now in mandatory mode */
+ current_control = POLKIT_MODULE_CONTROL_MANDATORY;
+ }
+ }
+ }
+ }
+
+ /* Never return UNKNOWN_ACTION to user */
+ if (current_result == POLKIT_RESULT_UNKNOWN_ACTION)
+ current_result = POLKIT_RESULT_NO;
+out:
+ _pk_debug ("... result was %s", polkit_result_to_string_representation (current_result));
+ return current_result;
+}
diff --git a/polkit/polkit-context.h b/polkit/polkit-context.h
new file mode 100644
index 0000000..5963abe
--- /dev/null
+++ b/polkit/polkit-context.h
@@ -0,0 +1,186 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-context.h : PolicyKit context
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_CONTEXT_H
+#define POLKIT_CONTEXT_H
+
+#include <polkit/polkit-types.h>
+#include <polkit/polkit-error.h>
+#include <polkit/polkit-result.h>
+#include <polkit/polkit-context.h>
+#include <polkit/polkit-action.h>
+#include <polkit/polkit-resource.h>
+#include <polkit/polkit-seat.h>
+#include <polkit/polkit-session.h>
+#include <polkit/polkit-caller.h>
+#include <polkit/polkit-policy-cache.h>
+
+struct PolKitContext;
+typedef struct PolKitContext PolKitContext;
+
+/**
+ * PolKitContextConfigChangedCB:
+ * @pk_context: PolicyKit context
+ * @user_data: user data
+ *
+ * The type of the callback function for when configuration changes.
+ * Mechanisms should use this callback to e.g. reconfigure all
+ * permissions / acl's they have set in response to policy decisions
+ * made from information provided by PolicyKit.
+ *
+ * Note that this function may be called many times within a short
+ * interval due to how file monitoring works if e.g. the user is
+ * editing a configuration file (editors typically create back-up
+ * files). Mechanisms should use a "cool-off" timer (of, say, one
+ * second) to avoid doing many expensive operations (such as
+ * reconfiguring all ACL's for all devices) within a very short
+ * timeframe.
+ */
+typedef void (*PolKitContextConfigChangedCB) (PolKitContext *pk_context,
+ void *user_data);
+
+/**
+ * PolKitContextFileMonitorEvent:
+ * @POLKIT_CONTEXT_FILE_MONITOR_EVENT_NONE: TODO
+ * @POLKIT_CONTEXT_FILE_MONITOR_EVENT_ACCESS: watch when a file is accessed
+ * @POLKIT_CONTEXT_FILE_MONITOR_EVENT_CREATE: watch when a file is created
+ * @POLKIT_CONTEXT_FILE_MONITOR_EVENT_DELETE: watch when a file is deleted
+ * @POLKIT_CONTEXT_FILE_MONITOR_EVENT_CHANGE: watch when a file changes
+ *
+ * File monitoring events.
+ **/
+typedef enum
+{
+ POLKIT_CONTEXT_FILE_MONITOR_EVENT_NONE = 1 << 0,
+ POLKIT_CONTEXT_FILE_MONITOR_EVENT_ACCESS = 1 << 1,
+ POLKIT_CONTEXT_FILE_MONITOR_EVENT_CREATE = 1 << 2,
+ POLKIT_CONTEXT_FILE_MONITOR_EVENT_DELETE = 1 << 3,
+ POLKIT_CONTEXT_FILE_MONITOR_EVENT_CHANGE = 1 << 4,
+} PolKitContextFileMonitorEvent;
+
+/**
+ * PolKitContextFileMonitorNotifyFunc:
+ * @pk_context: PolicyKit context
+ * @event_mask: event that happened
+ * @path: the path to the monitored file
+ * @user_data: the user data supplied to the function of type #PolKitContextFileMonitorAddWatch
+ *
+ * Callback when an event happens on a file that is monitored.
+ **/
+typedef void (*PolKitContextFileMonitorNotifyFunc) (PolKitContext *pk_context,
+ PolKitContextFileMonitorEvent event_mask,
+ const char *path,
+ void *user_data);
+
+/**
+ * PolKitContextFileMonitorAddWatch:
+ * @pk_context: PolicyKit context
+ * @path: path to file/directory to monitor for events
+ * @event_mask: events to look for
+ * @notify_cb: function to call on events
+ * @user_data: user data
+ *
+ * The type of a function that PolicyKit can use to watch file
+ * events. This function must call the supplied @notify_cb function
+ * (and pass @path and @user_data) on events
+ *
+ * Returns: A handle for the watch. If zero it means the file cannot
+ * be watched. Caller can remove the watch using the supplied function
+ * of type #PolKitContextFileMonitorRemoveWatch and the handle.
+ */
+typedef int (*PolKitContextFileMonitorAddWatch) (PolKitContext *pk_context,
+ const char *path,
+ PolKitContextFileMonitorEvent event_mask,
+ PolKitContextFileMonitorNotifyFunc notify_cb,
+ void *user_data);
+
+/**
+ * PolKitContextFileMonitorRemoveWatch:
+ * @pk_context: PolicyKit context
+ * @watch_id: the watch id
+ *
+ * The type of a function that PolicyKit can use to stop monitoring
+ * file events. Pass the handle obtained from the supplied function of
+ * type #PolKitContextFileMonitorAddWatch.
+ */
+typedef void (*PolKitContextFileMonitorRemoveWatch) (PolKitContext *pk_context,
+ int watch_id);
+
+
+PolKitContext *polkit_context_new (void);
+void polkit_context_set_config_changed (PolKitContext *pk_context,
+ PolKitContextConfigChangedCB cb,
+ void *user_data);
+void polkit_context_set_file_monitor (PolKitContext *pk_context,
+ PolKitContextFileMonitorAddWatch add_watch_func,
+ PolKitContextFileMonitorRemoveWatch remove_watch_func);
+polkit_bool_t polkit_context_init (PolKitContext *pk_context,
+ PolKitError **error);
+PolKitContext *polkit_context_ref (PolKitContext *pk_context);
+void polkit_context_unref (PolKitContext *pk_context);
+
+PolKitPolicyCache *polkit_context_get_policy_cache (PolKitContext *pk_context);
+
+/**
+ * PolKitSeatVisitorCB:
+ * @seat: the seat
+ * @resources_associated_with_seat: A NULL terminated array of resources associated with the seat
+ * @user_data: user data
+ *
+ * Visitor function for polkit_get_seat_resource_association(). The caller should _not_ unref the passed objects.
+ */
+typedef void (*PolKitSeatVisitorCB) (PolKitSeat *seat,
+ PolKitResource **resources_associated_with_seat,
+ void *user_data);
+
+PolKitResult
+polkit_context_get_seat_resource_association (PolKitContext *pk_context,
+ PolKitSeatVisitorCB visitor,
+ void *user_data);
+
+PolKitResult
+polkit_context_is_resource_associated_with_seat (PolKitContext *pk_context,
+ PolKitResource *resource,
+ PolKitSeat *seat);
+
+PolKitResult
+polkit_context_can_session_access_resource (PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitResource *resource,
+ PolKitSession *session);
+
+PolKitResult
+polkit_context_can_caller_access_resource (PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitResource *resource,
+ PolKitCaller *caller);
+
+#endif /* POLKIT_CONTEXT_H */
+
+
diff --git a/polkit/polkit-debug.c b/polkit/polkit-debug.c
new file mode 100644
index 0000000..50c1491
--- /dev/null
+++ b/polkit/polkit-debug.c
@@ -0,0 +1,81 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit.c : library for querying system-wide policy
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+/**
+ * SECTION:polkit-debug
+ * @short_description: Internal debug functions for polkit.
+ *
+ * These functions are used for debug purposes
+ **/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <sys/time.h>
+#include <time.h>
+
+#include "polkit-types.h"
+#include "polkit-debug.h"
+
+/**
+ * pk_debug:
+ * @format: format
+ *
+ * Print debug message
+ **/
+void
+_pk_debug (const char *format, ...)
+{
+ va_list args;
+ static polkit_bool_t show_debug = FALSE;
+ static polkit_bool_t init = FALSE;
+
+ if (!init) {
+ init = TRUE;
+ if (getenv ("POLKIT_DEBUG") != NULL) {
+ show_debug = TRUE;
+ }
+ }
+
+ if (show_debug) {
+ struct timeval tnow;
+ struct tm *tlocaltime;
+ struct timezone tzone;
+ char tbuf[256];
+ gettimeofday (&tnow, &tzone);
+ tlocaltime = localtime ((time_t *) &tnow.tv_sec);
+ strftime (tbuf, sizeof (tbuf), "%H:%M:%S", tlocaltime);
+ fprintf (stdout, "%s.%03d: ", tbuf, (int)(tnow.tv_usec/1000));
+
+ va_start (args, format);
+ vfprintf (stdout, format, args);
+ va_end (args);
+ fprintf (stdout, "\n");
+ }
+}
diff --git a/polkit/polkit-debug.h b/polkit/polkit-debug.h
new file mode 100644
index 0000000..7177e7e
--- /dev/null
+++ b/polkit/polkit-debug.h
@@ -0,0 +1,33 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-debug.h : debug infrastructure for polkit
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#ifndef POLKIT_DEBUG_H
+#define POLKIT_DEBUG_H
+
+void _pk_debug (const char *format, ...) __attribute__((__format__ (__printf__, 1, 2)));
+
+#endif /* POLKIT_DEBUG_H */
+
+
diff --git a/polkit/polkit-error.c b/polkit/polkit-error.c
new file mode 100644
index 0000000..cec8cc4
--- /dev/null
+++ b/polkit/polkit-error.c
@@ -0,0 +1,140 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-error.c : GError error codes from PolicyKit
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+/**
+ * SECTION:polkit-error
+ * @short_description: Error codes from PolicyKit.
+ *
+ * Error codes from PolicyKit.
+ **/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <glib.h>
+
+#include "polkit-types.h"
+#include "polkit-error.h"
+
+/**
+ * PolKitError:
+ *
+ * Objects of this class are used for error reporting.
+ **/
+struct PolKitError
+{
+ polkit_bool_t is_static;
+ PolKitErrorCode error_code;
+ char *error_message;
+};
+
+//static PolKitError _oom_error = {true, POLKIT_ERROR_OUT_OF_MEMORY, "Out of memory"};
+
+/**
+ * polkit_error_get_error_code:
+ * @error: the error object
+ *
+ * Returns the error code.
+ *
+ * Returns: A value from the #PolKitErrorCode enumeration.
+ **/
+PolKitErrorCode
+polkit_error_get_error_code (PolKitError *error)
+{
+ g_return_val_if_fail (error != NULL, -1);
+ return error->error_code;
+}
+
+/**
+ * polkit_error_get_error_message:
+ * @error: the error object
+ *
+ * Get the error message.
+ *
+ * Returns: A string describing the error. Caller shall not free this string.
+ **/
+const char *
+polkit_error_get_error_message (PolKitError *error)
+{
+ g_return_val_if_fail (error != NULL, NULL);
+ return error->error_message;
+}
+
+/**
+ * polkit_error_free:
+ * @error: the error
+ *
+ * Free an error.
+ **/
+void
+polkit_error_free (PolKitError *error)
+{
+ g_return_if_fail (error != NULL);
+ if (!error->is_static) {
+ g_free (error->error_message);
+ g_free (error);
+ }
+}
+
+/**
+ * polkit_error_set_error:
+ * @error: the error object
+ * @error_code: A value from the #PolKitErrorCode enumeration.
+ * @format: printf style formatting string
+ * @Varargs: printf style arguments
+ *
+ * Sets an error. If OOM, the error will be set to a pre-allocated OOM error.
+ **/
+void
+polkit_error_set_error (PolKitError **error, PolKitErrorCode error_code, const char *format, ...)
+{
+ va_list args;
+ PolKitError *e;
+
+ if (*error == NULL)
+ return;
+
+ e = g_new0 (PolKitError, 1);
+ e->is_static = FALSE;
+ e->error_code = error_code;
+ va_start (args, format);
+ e->error_message = g_strdup_vprintf (format, args);
+ va_end (args);
+
+ *error = e;
+}
+
+
+
diff --git a/polkit/polkit-error.h b/polkit/polkit-error.h
new file mode 100644
index 0000000..ec0f19a
--- /dev/null
+++ b/polkit/polkit-error.h
@@ -0,0 +1,54 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-error.h : error reporting from PolicyKit
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_ERROR_H
+#define POLKIT_ERROR_H
+
+/**
+ * PolKitErrorCode:
+ * @POLKIT_ERROR_OUT_OF_MEMORY: Out of memory
+ * @POLKIT_ERROR_POLICY_FILE_INVALID: There was an error parsing the given policy file
+ *
+ * Error codes returned by PolicyKit
+ */
+typedef enum
+{
+ POLKIT_ERROR_OUT_OF_MEMORY,
+ POLKIT_ERROR_POLICY_FILE_INVALID
+} PolKitErrorCode;
+
+struct PolKitError;
+typedef struct PolKitError PolKitError;
+
+PolKitErrorCode polkit_error_get_error_code (PolKitError *error);
+const char *polkit_error_get_error_message (PolKitError *error);
+void polkit_error_free (PolKitError *error);
+void polkit_error_set_error (PolKitError **error, PolKitErrorCode error_code, const char *format, ...) __attribute__((__format__ (__printf__, 3, 4)));
+
+#endif /* POLKIT_ERROR_H */
diff --git a/polkit/polkit-module.c b/polkit/polkit-module.c
new file mode 100644
index 0000000..aab1fc4
--- /dev/null
+++ b/polkit/polkit-module.c
@@ -0,0 +1,748 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-module.c : PolicyKit loadable module interface
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+/**
+ * SECTION:polkit-module
+ * @short_description: PolicyKit loadable module interface
+ *
+ * These functions are used by loadable PolicyKit modules.
+ **/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+#include <dlfcn.h>
+#include <regex.h>
+#include <pwd.h>
+#include <grp.h>
+#include <glib.h>
+#include <unistd.h>
+
+#include "polkit-debug.h"
+#include "polkit-module.h"
+
+/**
+ * PolKitModuleInterface:
+ *
+ * Objects of this class are used to interface with PolicyKit modules
+ **/
+struct PolKitModuleInterface
+{
+ int refcount;
+ void *dlopen_handle;
+ char *name;
+
+ void *module_user_data;
+ PolKitModuleControl module_control;
+
+ PolKitModuleInitialize func_initialize;
+ PolKitModuleShutdown func_shutdown;
+ PolKitModuleGetSeatResourceAssociation func_get_seat_resource_association;
+ PolKitModuleIsResourceAssociatedWithSeat func_is_resource_associated_with_seat;
+ PolKitModuleCanSessionAccessResource func_can_session_access_resource;
+ PolKitModuleCanCallerAccessResource func_can_caller_access_resource;
+
+ polkit_bool_t builtin_have_action_regex;
+ regex_t builtin_action_regex_compiled;
+
+ GSList *builtin_users;
+};
+
+static uid_t
+_util_name_to_uid (const char *username, gid_t *default_gid)
+{
+ int rc;
+ uid_t res;
+ char *buf = NULL;
+ unsigned int bufsize;
+ struct passwd pwd;
+ struct passwd *pwdp;
+
+ res = (uid_t) -1;
+
+ bufsize = sysconf (_SC_GETPW_R_SIZE_MAX);
+ buf = g_new0 (char, bufsize);
+
+ rc = getpwnam_r (username, &pwd, buf, bufsize, &pwdp);
+ if (rc != 0 || pwdp == NULL) {
+ /*g_warning ("getpwnam_r() returned %d", rc);*/
+ goto out;
+ }
+
+ res = pwdp->pw_uid;
+ if (default_gid != NULL)
+ *default_gid = pwdp->pw_gid;
+
+out:
+ g_free (buf);
+ return res;
+}
+
+static void
+_parse_builtin_remove_option (int *argc, char *argv[], int position)
+{
+ int n;
+ for (n = position; n < *argc; n++)
+ argv[n] = argv[n+1];
+ (*argc)--;
+}
+
+static polkit_bool_t
+_parse_builtin (PolKitModuleInterface *mi, int *argc, char *argv[])
+{
+ int n;
+ polkit_bool_t ret;
+
+ ret = FALSE;
+
+ for (n = 1; n < *argc; ) {
+ if (g_str_has_prefix (argv[n], "action=")) {
+ const char *regex;
+
+ if (mi->builtin_have_action_regex) {
+ _pk_debug ("Already have option 'action='");
+ goto error;
+ }
+
+ regex = argv[n] + 10;
+ if (regcomp (&(mi->builtin_action_regex_compiled), regex, REG_EXTENDED) != 0) {
+ _pk_debug ("Regex '%s' didn't compile", regex);
+ goto error;
+ }
+ mi->builtin_have_action_regex = TRUE;
+
+ _pk_debug ("Compiled regex '%s' for option 'action=' OK", regex);
+
+ _parse_builtin_remove_option (argc, argv, n);
+ } else if (g_str_has_prefix (argv[n], "user=")) {
+ const char *user;
+ uid_t uid;
+ GSList *i;
+
+ user = argv[n] + 5;
+ uid = _util_name_to_uid (user, NULL);
+ if ((int) uid == -1) {
+ _pk_debug ("Unknown user name '%s'", user);
+ goto error;
+ }
+
+ for (i = mi->builtin_users; i != NULL; i = g_slist_next (i)) {
+ uid_t uid_in_list = GPOINTER_TO_INT (i->data);
+ if (uid_in_list == uid) {
+ _pk_debug ("Already have user '%s'", user);
+ goto error;
+ }
+ }
+
+ _pk_debug ("adding uid %d", uid);
+ mi->builtin_users = g_slist_prepend (mi->builtin_users, GINT_TO_POINTER (uid));
+
+ _parse_builtin_remove_option (argc, argv, n);
+ } else {
+ n++;
+ }
+ }
+
+ ret = TRUE;
+
+error:
+ return ret;
+}
+
+/**
+ * polkit_module_interface_load_module:
+ * @name: name of module, e.g. "polkit-module-default.so"
+ * @module_control: the module control; from the configuration file
+ * @argc: number arguments to pass
+ * @argv: argument vector, the first argument must be the filename/path to the module
+ *
+ * Load and initialize a PolicyKit module
+ *
+ * Returns: A #PolKitModuleInterface object on success; #NULL on failure.
+ **/
+PolKitModuleInterface *
+polkit_module_interface_load_module (const char *name, PolKitModuleControl module_control, int argc, char *argv[])
+{
+ void *handle;
+ PolKitModuleInterface *mi;
+ polkit_bool_t (*func) (PolKitModuleInterface *);
+
+ mi = NULL;
+
+ _pk_debug ("loading %s", name);
+
+ handle = dlopen (name, RTLD_NOW | RTLD_LOCAL);
+ if (handle == NULL) {
+ _pk_debug ("Cannot load module '%s'", name);
+ goto error;
+ }
+
+ func = dlsym (handle, "polkit_module_set_functions");
+ if (func == NULL) {
+ _pk_debug ("Cannot get symbol 'polkit_module_set_functions' in module '%s'", name);
+ goto error;
+ }
+
+ _pk_debug ("func = %p", func);
+
+ mi = polkit_module_interface_new ();
+ if (!func (mi)) {
+ _pk_debug ("Module '%s' returned FALSE when asked to set functions", name);
+ goto error;
+ }
+
+ if (mi->func_initialize == NULL) {
+ _pk_debug ("Module '%s' didn't set initialize function", name);
+ goto error;
+ }
+
+ if (mi->func_shutdown == NULL) {
+ _pk_debug ("Module '%s' didn't set shutdown function", name);
+ goto error;
+ }
+
+ if (!_parse_builtin (mi, &argc, argv)) {
+ _pk_debug ("Error parsing built-in module options for '%s'", name);
+ goto error;
+ }
+
+ if (!mi->func_initialize (mi, argc, argv)) {
+ _pk_debug ("Module '%s' returned FALSE in initialization function", name);
+ goto error;
+ }
+
+ mi->dlopen_handle = handle;
+ mi->name = g_strdup (name);
+ mi->module_control = module_control;
+ return mi;
+error:
+ if (mi != NULL)
+ polkit_module_interface_unref (mi);
+ if (handle != NULL)
+ dlclose (handle);
+ return NULL;
+}
+
+/**
+ * polkit_module_get_name:
+ * @module_interface: the module interface
+ *
+ * Get the name of the module
+ *
+ * Returns: name or #NULL if an error occured
+ **/
+const char *
+polkit_module_get_name (PolKitModuleInterface *module_interface)
+{
+ g_return_val_if_fail (module_interface != NULL, NULL);
+ return module_interface->name;
+}
+
+
+/**
+ * polkit_module_interface_new:
+ *
+ * Create a new #PolKitModuleInterface object.
+ *
+ * Returns: the new object
+ **/
+PolKitModuleInterface *
+polkit_module_interface_new (void)
+{
+ PolKitModuleInterface *module_interface;
+ module_interface = g_new0 (PolKitModuleInterface, 1);
+ module_interface->refcount = 1;
+ return module_interface;
+}
+
+/**
+ * polkit_module_interface_ref:
+ * @module_interface: the module_interface object
+ *
+ * Increase reference count.
+ *
+ * Returns: the object
+ **/
+PolKitModuleInterface *
+polkit_module_interface_ref (PolKitModuleInterface *module_interface)
+{
+ g_return_val_if_fail (module_interface != NULL, module_interface);
+ module_interface->refcount++;
+ return module_interface;
+}
+
+/**
+ * polkit_module_interface_unref:
+ * @module_interface: the module_interface object
+ *
+ * Decreases the reference count of the object. If it becomes zero,
+ * the object is freed. Before freeing, reference counts on embedded
+ * objects are decresed by one.
+ **/
+void
+polkit_module_interface_unref (PolKitModuleInterface *module_interface)
+{
+ g_return_if_fail (module_interface != NULL);
+ module_interface->refcount--;
+ if (module_interface->refcount > 0)
+ return;
+
+ /* builtins */
+ if (module_interface->builtin_have_action_regex)
+ regfree (&module_interface->builtin_action_regex_compiled);
+ g_slist_free (module_interface->builtin_users);
+
+ /* shutdown the module and unload it */
+ if (module_interface->func_shutdown != NULL)
+ module_interface->func_shutdown (module_interface);
+ if (module_interface->dlopen_handle != NULL)
+ dlclose (module_interface->dlopen_handle);
+
+ g_free (module_interface->name);
+ g_free (module_interface);
+}
+
+/**
+ * polkit_module_set_func_initialize:
+ * @module_interface: the module interface
+ * @func: the function pointer
+ *
+ * Set the function pointer.
+ **/
+void
+polkit_module_set_func_initialize (PolKitModuleInterface *module_interface,
+ PolKitModuleInitialize func)
+{
+ g_return_if_fail (module_interface != NULL);
+ module_interface->func_initialize = func;
+}
+
+/**
+ * polkit_module_set_func_shutdown:
+ * @module_interface: the module interface
+ * @func: the function pointer
+ *
+ * Set the function pointer.
+ **/
+void
+polkit_module_set_func_shutdown (PolKitModuleInterface *module_interface,
+ PolKitModuleShutdown func)
+{
+ g_return_if_fail (module_interface != NULL);
+ module_interface->func_shutdown = func;
+}
+
+/**
+ * polkit_module_set_func_get_seat_resource_association:
+ * @module_interface: the module interface
+ * @func: the function pointer
+ *
+ * Set the function pointer.
+ **/
+void
+polkit_module_set_func_get_seat_resource_association (PolKitModuleInterface *module_interface,
+ PolKitModuleGetSeatResourceAssociation func)
+{
+ g_return_if_fail (module_interface != NULL);
+ module_interface->func_get_seat_resource_association = func;
+}
+
+/**
+ * polkit_module_set_func_is_resource_associated_with_seat:
+ * @module_interface: the module interface
+ * @func: the function pointer
+ *
+ * Set the function pointer.
+ **/
+void polkit_module_set_func_is_resource_associated_with_seat (PolKitModuleInterface *module_interface,
+ PolKitModuleIsResourceAssociatedWithSeat func)
+{
+ g_return_if_fail (module_interface != NULL);
+ module_interface->func_is_resource_associated_with_seat = func;
+}
+
+/**
+ * polkit_module_set_func_can_session_access_resource:
+ * @module_interface: the module interface
+ * @func: the function pointer
+ *
+ * Set the function pointer.
+ **/
+void polkit_module_set_func_can_session_access_resource (PolKitModuleInterface *module_interface,
+ PolKitModuleCanSessionAccessResource func)
+{
+ g_return_if_fail (module_interface != NULL);
+ module_interface->func_can_session_access_resource = func;
+}
+
+/**
+ * polkit_module_set_func_can_caller_access_resource:
+ * @module_interface: the module interface
+ * @func: the function pointer
+ *
+ * Set the function pointer.
+ **/
+void polkit_module_set_func_can_caller_access_resource (PolKitModuleInterface *module_interface,
+ PolKitModuleCanCallerAccessResource func)
+{
+ g_return_if_fail (module_interface != NULL);
+ module_interface->func_can_caller_access_resource = func;
+}
+
+/**
+ * polkit_module_get_func_initialize:
+ * @module_interface: the module interface
+ *
+ * Get the function pointer.
+ *
+ * Returns: Function pointer or #NULL if it's unavailable or an error occured
+ **/
+PolKitModuleInitialize
+polkit_module_get_func_initialize (PolKitModuleInterface *module_interface)
+{
+ g_return_val_if_fail (module_interface != NULL, NULL);
+ return module_interface->func_initialize;
+}
+
+/**
+ * polkit_module_get_func_shutdown:
+ * @module_interface: the module interface
+ *
+ * Get the function pointer.
+ *
+ * Returns: Function pointer or #NULL if it's unavailable or an error occured
+ **/
+PolKitModuleShutdown
+polkit_module_get_func_shutdown (PolKitModuleInterface *module_interface)
+{
+ g_return_val_if_fail (module_interface != NULL, NULL);
+ return module_interface->func_shutdown;
+}
+
+/**
+ * polkit_module_get_func_get_seat_resource_association:
+ * @module_interface: the module interface
+ *
+ * Get the function pointer.
+ *
+ * Returns: Function pointer or #NULL if it's unavailable or an error occured
+ **/
+PolKitModuleGetSeatResourceAssociation
+polkit_module_get_func_get_seat_resource_association (PolKitModuleInterface *module_interface)
+{
+ g_return_val_if_fail (module_interface != NULL, NULL);
+ return module_interface->func_get_seat_resource_association;
+}
+
+/**
+ * polkit_module_get_func_is_resource_associated_with_seat:
+ * @module_interface: the module interface
+ *
+ * Get the function pointer.
+ *
+ * Returns: Function pointer or #NULL if it's unavailable or an error occured
+ **/
+PolKitModuleIsResourceAssociatedWithSeat
+polkit_module_get_func_is_resource_associated_with_seat (PolKitModuleInterface *module_interface)
+{
+ g_return_val_if_fail (module_interface != NULL, NULL);
+ return module_interface->func_is_resource_associated_with_seat;
+}
+
+/**
+ * polkit_module_get_func_can_session_access_resource:
+ * @module_interface: the module interface
+ *
+ * Get the function pointer.
+ *
+ * Returns: Function pointer or #NULL if it's unavailable or an error occured
+ **/
+PolKitModuleCanSessionAccessResource
+polkit_module_get_func_can_session_access_resource (PolKitModuleInterface *module_interface)
+{
+ g_return_val_if_fail (module_interface != NULL, NULL);
+ return module_interface->func_can_session_access_resource;
+}
+
+/**
+ * polkit_module_get_func_can_caller_access_resource:
+ * @module_interface: the module interface
+ *
+ * Get the function pointer.
+ *
+ * Returns: Function pointer or #NULL if it's unavailable or an error occured
+ **/
+PolKitModuleCanCallerAccessResource
+polkit_module_get_func_can_caller_access_resource (PolKitModuleInterface *module_interface)
+{
+ g_return_val_if_fail (module_interface != NULL, NULL);
+ return module_interface->func_can_caller_access_resource;
+}
+
+
+/**
+ * polkit_module_interface_get_control:
+ * @module_interface: the module interface
+ *
+ * Get the control for this module.
+ *
+ * Returns: A #PolKitModuleControl value.
+ **/
+PolKitModuleControl
+polkit_module_interface_get_control (PolKitModuleInterface *module_interface)
+{
+ /* hmm, should we have UNKNOWN? */
+ g_return_val_if_fail (module_interface != NULL, POLKIT_MODULE_CONTROL_MANDATORY);
+ return module_interface->module_control;
+}
+
+static const struct {
+ PolKitModuleControl module_control;
+ const char *str;
+} mapping[] =
+{
+ {POLKIT_MODULE_CONTROL_ADVISE, "advise"},
+ {POLKIT_MODULE_CONTROL_MANDATORY, "mandatory"},
+ {0, NULL}
+};
+
+/**
+ * polkit_module_control_to_string_representation:
+ * @module_control: the given value
+ *
+ * Gives a textual representation of a #PolKitModuleControl object.
+ *
+ * Returns: The textual representation or #NULL if the value passed is invalid
+ **/
+const char *
+polkit_module_control_to_string_representation (PolKitModuleControl module_control)
+{
+ if (module_control < 0 || module_control >= POLKIT_MODULE_CONTROL_N_CONTROLS) {
+ g_warning ("The passed module control identifier, %d, is not valid", module_control);
+ return NULL;
+ }
+
+ return mapping[module_control].str;
+}
+
+/**
+ * polkit_module_control_from_string_representation:
+ * @string: the textual representation
+ * @out_module_control: return location for the value
+ *
+ * Given a textual representation of a #PolKitModuleControl object, find the #PolKitModuleControl value.
+ *
+ * Returns: TRUE if the textual representation was valid, otherwise FALSE
+ **/
+polkit_bool_t
+polkit_module_control_from_string_representation (const char *string, PolKitModuleControl *out_module_control)
+{
+ int n;
+
+ g_return_val_if_fail (out_module_control != NULL, FALSE);
+
+ for (n = 0; n < POLKIT_MODULE_CONTROL_N_CONTROLS; n++) {
+ if (mapping[n].str == NULL)
+ break;
+ if (g_ascii_strcasecmp (mapping[n].str, string) == 0) {
+ *out_module_control = mapping[n].module_control;
+ goto found;
+ }
+ }
+
+ return FALSE;
+found:
+ return TRUE;
+}
+
+
+/**
+ * polkit_module_set_user_data:
+ * @module_interface: module interface
+ * @user_data: user data to set
+ *
+ * Set user data. A PolicyKit module should use these instead of
+ * global variables as multiple instances of the module may be
+ * instantiated at the same time.
+ **/
+void
+polkit_module_set_user_data (PolKitModuleInterface *module_interface, void *user_data)
+{
+ g_return_if_fail (module_interface != NULL);
+ module_interface->module_user_data = user_data;
+}
+
+/**
+ * polkit_module_get_user_data:
+ * @module_interface: module interface
+ *
+ * Get user data.
+ *
+ * Returns: The user data set with polkit_module_set_user_data()
+ **/
+void *
+polkit_module_get_user_data (PolKitModuleInterface *module_interface)
+{
+ g_return_val_if_fail (module_interface != NULL, NULL);
+ return module_interface->module_user_data;
+}
+
+static polkit_bool_t
+_check_action (PolKitModuleInterface *module_interface, PolKitAction *action)
+{
+ polkit_bool_t ret;
+
+ ret = FALSE;
+
+ if (module_interface->builtin_have_action_regex) {
+ char *action_name;
+ if (polkit_action_get_action_id (action, &action_name)) {
+ if (regexec (&module_interface->builtin_action_regex_compiled,
+ action_name, 0, NULL, 0) == 0) {
+ ret = TRUE;
+ }
+ }
+ } else {
+ ret = TRUE;
+ }
+
+ return ret;
+}
+
+/*----*/
+
+static polkit_bool_t
+_check_uid_in_list (GSList *list, uid_t given_uid)
+{
+ GSList *i;
+
+ for (i = list; i != NULL; i = g_slist_next (i)) {
+ uid_t uid = GPOINTER_TO_INT (i->data);
+ if (given_uid == uid)
+ return TRUE;
+ }
+ return FALSE;
+}
+
+static polkit_bool_t
+_check_users_for_session (PolKitModuleInterface *module_interface, PolKitSession *session)
+{
+ uid_t uid;
+ GSList *list;
+ if ((list = module_interface->builtin_users) == NULL)
+ return TRUE;
+ if (session == NULL)
+ return FALSE;
+ if (!polkit_session_get_uid (session, &uid))
+ return FALSE;
+ return _check_uid_in_list (list, uid);
+}
+
+static polkit_bool_t
+_check_users_for_caller (PolKitModuleInterface *module_interface, PolKitCaller *caller)
+{
+ uid_t uid;
+ GSList *list;
+ if ((list = module_interface->builtin_users) == NULL)
+ return TRUE;
+ if (caller == NULL)
+ return FALSE;
+ if (!polkit_caller_get_uid (caller, &uid))
+ return FALSE;
+ return _check_uid_in_list (list, uid);
+}
+
+
+/**
+ * polkit_module_interface_check_builtin_confinement_for_session:
+ * @module_interface: the given module
+ * @pk_context: the PolicyKit context
+ * @action: the type of access to check for
+ * @resource: the resource in question
+ * @session: the session in question
+ *
+ * Check whether some of the built-in module options (e.g. action="hal-storage-*",
+ * user=davidz) confines the given module, e.g. whether it should be skipped.
+ *
+ * Returns: TRUE if, and only if, the module is confined from handling the request
+ **/
+polkit_bool_t
+polkit_module_interface_check_builtin_confinement_for_session (PolKitModuleInterface *module_interface,
+ PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitResource *resource,
+ PolKitSession *session)
+{
+ polkit_bool_t ret;
+ ret = TRUE;
+
+ g_return_val_if_fail (module_interface != NULL, ret);
+
+ if (!_check_action (module_interface, action))
+ goto out;
+ if (!_check_users_for_session (module_interface, session))
+ goto out;
+
+ /* not confined */
+ ret = FALSE;
+out:
+ return ret;
+}
+
+/**
+ * polkit_module_interface_check_builtin_confinement_for_caller:
+ * @module_interface: the given module
+ * @pk_context: the PolicyKit context
+ * @action: the type of access to check for
+ * @resource: the resource in question
+ * @caller: the resource in question
+ *
+ * Check whether some of the built-in module options (e.g. action="hal-storage-*",
+ * user=davidz) confines the given module, e.g. whether it should be skipped.
+ *
+ * Returns: TRUE if, and only if, the module is confined from handling the request
+ **/
+polkit_bool_t
+polkit_module_interface_check_builtin_confinement_for_caller (PolKitModuleInterface *module_interface,
+ PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitResource *resource,
+ PolKitCaller *caller)
+{
+ polkit_bool_t ret;
+ ret = TRUE;
+
+ g_return_val_if_fail (module_interface != NULL, ret);
+
+ if (!_check_action (module_interface, action))
+ goto out;
+ if (!_check_users_for_caller (module_interface, caller))
+ goto out;
+
+ /* not confined */
+ ret = FALSE;
+out:
+ return ret;
+}
diff --git a/polkit/polkit-module.h b/polkit/polkit-module.h
new file mode 100644
index 0000000..3e6fed7
--- /dev/null
+++ b/polkit/polkit-module.h
@@ -0,0 +1,207 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-module.h : PolicyKit loadable module interface
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_MODULE_H
+#define POLKIT_MODULE_H
+
+#include <polkit/polkit-types.h>
+#include <polkit/polkit.h>
+
+struct PolKitModuleInterface;
+typedef struct PolKitModuleInterface PolKitModuleInterface;
+
+/**
+ * PolKitModuleInitialize:
+ * @module_interface: the module interface
+ * @argc: number of arguments to pass to module
+ * @argv: arguments passed to module; the first argument is the filename/path to the module
+ *
+ * Type of PolicyKit module function to initialize the module.
+ *
+ * Returns: Whether the module was initialized.
+ **/
+typedef polkit_bool_t (*PolKitModuleInitialize) (PolKitModuleInterface *module_interface,
+ int argc,
+ char *argv[]);
+
+/**
+ * PolKitModuleShutdown:
+ * @module_interface: the module interface
+ *
+ * Type of PolicyKit module function to shutdown the module.
+ **/
+typedef void (*PolKitModuleShutdown) (PolKitModuleInterface *module_interface);
+
+/**
+ * PolKitModuleGetSeatResourceAssociation:
+ * @module_interface: the module interface
+ * @pk_context: the PolicyKit context
+ * @visitor: visitor function
+ * @user_data: user data
+ *
+ * Type of PolicyKit module function to implement polkit_get_seat_resource_association().
+ *
+ * Returns: the #PolKitResult
+ **/
+typedef PolKitResult (*PolKitModuleGetSeatResourceAssociation) (PolKitModuleInterface *module_interface,
+ PolKitContext *pk_context,
+ PolKitSeatVisitorCB visitor,
+ void *user_data);
+
+/**
+ * PolKitModuleIsResourceAssociatedWithSeat:
+ * @module_interface: the module interface
+ * @pk_context: the PolicyKit context
+ * @resource: the resource in question
+ * @seat: the seat
+ *
+ * Type of PolicyKit module function to implement polkit_is_resource_associated_with_seat().
+ *
+ * Returns: the #PolKitResult
+ **/
+typedef PolKitResult (*PolKitModuleIsResourceAssociatedWithSeat) (PolKitModuleInterface *module_interface,
+ PolKitContext *pk_context,
+ PolKitResource *resource,
+ PolKitSeat *seat);
+
+/**
+ * PolKitModuleCanSessionAccessResource:
+ * @module_interface: the module interface
+ * @pk_context: the PolicyKit context
+ * @action: the type of access to check for
+ * @resource: the resource in question
+ * @session: the session in question
+ *
+ * Type of PolicyKit module function to implement polkit_can_session_access_resource().
+ *
+ * Returns: the #PolKitResult
+ **/
+typedef PolKitResult (*PolKitModuleCanSessionAccessResource) (PolKitModuleInterface *module_interface,
+ PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitResource *resource,
+ PolKitSession *session);
+
+/**
+ * PolKitModuleCanCallerAccessResource:
+ * @module_interface: the module interface
+ * @pk_context: the PolicyKit context
+ * @action: the type of access to check for
+ * @resource: the resource in question
+ * @caller: the resource in question
+ *
+ * Type of PolicyKit module function to implement polkit_can_caller_access_resource().
+ *
+ * Returns: the #PolKitResult
+ **/
+typedef PolKitResult (*PolKitModuleCanCallerAccessResource) (PolKitModuleInterface *module_interface,
+ PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitResource *resource,
+ PolKitCaller *caller);
+
+PolKitModuleInterface *polkit_module_interface_new (void);
+PolKitModuleInterface *polkit_module_interface_ref (PolKitModuleInterface *module_interface);
+void polkit_module_interface_unref (PolKitModuleInterface *module_interface);
+const char *polkit_module_get_name (PolKitModuleInterface *module_interface);
+
+void polkit_module_set_user_data (PolKitModuleInterface *module_interface, void *user_data);
+void *polkit_module_get_user_data (PolKitModuleInterface *module_interface);
+
+void polkit_module_set_func_initialize (PolKitModuleInterface *module_interface,
+ PolKitModuleInitialize func);
+void polkit_module_set_func_shutdown (PolKitModuleInterface *module_interface,
+ PolKitModuleShutdown func);
+void polkit_module_set_func_get_seat_resource_association (PolKitModuleInterface *module_interface,
+ PolKitModuleGetSeatResourceAssociation func);
+void polkit_module_set_func_is_resource_associated_with_seat (PolKitModuleInterface *module_interface,
+ PolKitModuleIsResourceAssociatedWithSeat func);
+void polkit_module_set_func_can_session_access_resource (PolKitModuleInterface *module_interface,
+ PolKitModuleCanSessionAccessResource func);
+void polkit_module_set_func_can_caller_access_resource (PolKitModuleInterface *module_interface,
+ PolKitModuleCanCallerAccessResource func);
+
+PolKitModuleInitialize polkit_module_get_func_initialize (PolKitModuleInterface *module_interface);
+PolKitModuleShutdown polkit_module_get_func_shutdown (PolKitModuleInterface *module_interface);
+PolKitModuleGetSeatResourceAssociation polkit_module_get_func_get_seat_resource_association (PolKitModuleInterface *module_interface);
+PolKitModuleIsResourceAssociatedWithSeat polkit_module_get_func_is_resource_associated_with_seat (PolKitModuleInterface *module_interface);
+PolKitModuleCanSessionAccessResource polkit_module_get_func_can_session_access_resource (PolKitModuleInterface *module_interface);
+PolKitModuleCanCallerAccessResource polkit_module_get_func_can_caller_access_resource (PolKitModuleInterface *module_interface);
+
+/**
+ * PolKitModuleControl:
+ * @POLKIT_MODULE_CONTROL_ADVISE: Allow modules, marked with #POLKIT_MODULE_CONTROL_MANDATORY, down the
+ * stack to override results from this module. Modules down the stack that are also marked with
+ * the #POLKIT_MODULE_CONTROL_ADVISE control will only take effect it they change the result to be "less strict".
+ * @POLKIT_MODULE_CONTROL_MANDATORY: Always use results (unless it returns
+ * #POLKIT_RESULT_UNKNOWN_ACTION for a given request) from this module, even if it changes whether the
+ * result to be "more strict". . If a later module also uses this control, results from that module will override it.
+ * @POLKIT_MODULE_CONTROL_N_CONTROLS: Number of control stanzas
+ *
+ * The control stanza for a PolicyKit module. This is read from the
+ * PolicyKit configuration file (/etc/PolicyKit/PolicyKit.conf) that
+ * defines the stacked order of the modules and is chosen by the
+ * system administrator. See the definition of #PolKitResult for
+ * the definition of "strict" with respect to result values.
+ **/
+typedef enum
+{
+ POLKIT_MODULE_CONTROL_ADVISE,
+ POLKIT_MODULE_CONTROL_MANDATORY,
+ POLKIT_MODULE_CONTROL_N_CONTROLS
+} PolKitModuleControl;
+
+const char *
+polkit_module_control_to_string_representation (PolKitModuleControl module_control);
+
+polkit_bool_t
+polkit_module_control_from_string_representation (const char *string, PolKitModuleControl *out_module_control);
+
+PolKitModuleInterface *polkit_module_interface_load_module (const char *name,
+ PolKitModuleControl module_control,
+ int argc, char *argv[]);
+
+PolKitModuleControl polkit_module_interface_get_control (PolKitModuleInterface *module_interface);
+
+
+polkit_bool_t
+polkit_module_interface_check_builtin_confinement_for_session (PolKitModuleInterface *module_interface,
+ PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitResource *resource,
+ PolKitSession *session);
+
+polkit_bool_t
+polkit_module_interface_check_builtin_confinement_for_caller (PolKitModuleInterface *module_interface,
+ PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitResource *resource,
+ PolKitCaller *caller);
+
+#endif /* POLKIT_MODULE_H */
diff --git a/polkit/polkit-policy-cache.c b/polkit/polkit-policy-cache.c
new file mode 100644
index 0000000..dc9a93a
--- /dev/null
+++ b/polkit/polkit-policy-cache.c
@@ -0,0 +1,248 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-policy-cache.c : policy cache
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <glib.h>
+#include "polkit-debug.h"
+#include "polkit-policy-file.h"
+#include "polkit-policy-cache.h"
+
+/**
+ * SECTION:polkit-policy-cache
+ * @short_description: Class for holding all policy objects.
+ *
+ * This class is used to hold all policy objects (stemming from policy
+ * files) and provide look-up functions.
+ **/
+
+/**
+ * PolKitPolicyCache:
+ *
+ * Instances of this class are used to hold all policy objects
+ * (stemming from policy files) and provide look-up functions.
+ **/
+struct PolKitPolicyCache
+{
+ int refcount;
+
+ GSList *priv_entries;
+};
+
+
+static void
+_append_entry (PolKitPolicyFile *policy_file,
+ PolKitPolicyFileEntry *policy_file_entry,
+ void *user_data)
+{
+ PolKitPolicyCache *policy_cache = user_data;
+
+ polkit_policy_file_entry_ref (policy_file_entry);
+ policy_cache->priv_entries = g_slist_append (policy_cache->priv_entries, policy_file_entry);
+}
+
+/**
+ * polkit_policy_cache_new:
+ * @dirname: directory containing policy files
+ * @error: location to return error
+ *
+ * Create a new #PolKitPolicyCache object and load information from policy files.
+ *
+ * Returns: #NULL if @error was set, otherwise the #PolKitPolicyCache object
+ **/
+PolKitPolicyCache *
+polkit_policy_cache_new (const char *dirname, PolKitError **error)
+{
+ const char *file;
+ GDir *dir;
+ PolKitPolicyCache *pc;
+ GError *g_error;
+
+ pc = g_new0 (PolKitPolicyCache, 1);
+ pc->refcount = 1;
+
+ g_error = NULL;
+ dir = g_dir_open (dirname, 0, &g_error);
+ if (dir == NULL) {
+ polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID,
+ "Cannot load policy files from directory %s: %s",
+ dirname,
+ g_error->message);
+ g_error_free (g_error);
+ goto out;
+ }
+ while ((file = g_dir_read_name (dir)) != NULL) {
+ char *path;
+ PolKitPolicyFile *pf;
+
+ if (!g_str_has_suffix (file, ".policy"))
+ continue;
+
+ if (g_str_has_prefix (file, "."))
+ continue;
+
+ path = g_strdup_printf ("%s/%s", dirname, file);
+
+ _pk_debug ("Loading %s", path);
+ pf = polkit_policy_file_new (path, error);
+ g_free (path);
+
+ if (pf == NULL) {
+ goto out;
+ }
+
+ /* steal entries */
+ polkit_policy_file_entry_foreach (pf, _append_entry, pc);
+ polkit_policy_file_unref (pf);
+ }
+ g_dir_close (dir);
+
+ return pc;
+out:
+ if (pc != NULL)
+ polkit_policy_cache_ref (pc);
+ return NULL;
+}
+
+/**
+ * polkit_policy_cache_ref:
+ * @policy_cache: the policy cache object
+ *
+ * Increase reference count.
+ *
+ * Returns: the object
+ **/
+PolKitPolicyCache *
+polkit_policy_cache_ref (PolKitPolicyCache *policy_cache)
+{
+ g_return_val_if_fail (policy_cache != NULL, policy_cache);
+ policy_cache->refcount++;
+ return policy_cache;
+}
+
+/**
+ * polkit_policy_cache_unref:
+ * @policy_cache: the policy cache object
+ *
+ * Decreases the reference count of the object. If it becomes zero,
+ * the object is freed. Before freeing, reference counts on embedded
+ * objects are decresed by one.
+ **/
+void
+polkit_policy_cache_unref (PolKitPolicyCache *policy_cache)
+{
+ GSList *i;
+
+ g_return_if_fail (policy_cache != NULL);
+ policy_cache->refcount--;
+ if (policy_cache->refcount > 0)
+ return;
+
+ for (i = policy_cache->priv_entries; i != NULL; i = g_slist_next (i)) {
+ PolKitPolicyFileEntry *pfe = i->data;
+ polkit_policy_file_entry_unref (pfe);
+ }
+ if (policy_cache->priv_entries != NULL)
+ g_slist_free (policy_cache->priv_entries);
+
+ g_free (policy_cache);
+}
+
+/**
+ * polkit_policy_cache_debug:
+ * @policy_cache: the cache
+ *
+ * Print debug information about object
+ **/
+void
+polkit_policy_cache_debug (PolKitPolicyCache *policy_cache)
+{
+ GSList *i;
+ g_return_if_fail (policy_cache != NULL);
+
+ _pk_debug ("PolKitPolicyCache: refcount=%d num_entries=%d ...",
+ policy_cache->refcount,
+ policy_cache->priv_entries == NULL ? 0 : g_slist_length (policy_cache->priv_entries));
+
+ for (i = policy_cache->priv_entries; i != NULL; i = g_slist_next (i)) {
+ PolKitPolicyFileEntry *pfe = i->data;
+ polkit_policy_file_entry_debug (pfe);
+ }
+}
+
+/**
+ * polkit_policy_cache_get_entry:
+ * @policy_cache: the cache
+ * @action: the action
+ *
+ * Given a action, find the object describing the definition of the
+ * policy; e.g. data stemming from files in
+ * /etc/PolicyKit/policy.
+ *
+ * Returns: A #PolKitPolicyFileEntry entry on sucess; otherwise
+ * #NULL if the action wasn't identified. Caller shall not unref
+ * this object.
+ **/
+PolKitPolicyFileEntry*
+polkit_policy_cache_get_entry (PolKitPolicyCache *policy_cache,
+ PolKitAction *action)
+{
+ char *priv_id;
+ GSList *i;
+ PolKitPolicyFileEntry *pfe;
+
+ pfe = NULL;
+
+ /* I'm sure it would be easy to make this O(1)... */
+
+ g_return_val_if_fail (policy_cache != NULL, NULL);
+ g_return_val_if_fail (action != NULL, NULL);
+
+ if (!polkit_action_get_action_id (action, &priv_id))
+ goto out;
+
+ for (i = policy_cache->priv_entries; i != NULL; i = g_slist_next (i)) {
+ pfe = i->data;
+ if (strcmp (polkit_policy_file_entry_get_id (pfe), priv_id) == 0) {
+ goto out;
+ }
+ }
+
+ pfe = NULL;
+
+out:
+ return pfe;
+}
diff --git a/polkit/polkit-policy-cache.h b/polkit/polkit-policy-cache.h
new file mode 100644
index 0000000..7ed7e4d
--- /dev/null
+++ b/polkit/polkit-policy-cache.h
@@ -0,0 +1,50 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-policy-cache.h : policy cache
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_POLICY_CACHE_H
+#define POLKIT_POLICY_CACHE_H
+
+#include <polkit/polkit-error.h>
+#include <polkit/polkit-action.h>
+#include <polkit/polkit-policy-file-entry.h>
+
+struct PolKitPolicyCache;
+typedef struct PolKitPolicyCache PolKitPolicyCache;
+
+PolKitPolicyCache *polkit_policy_cache_new (const char *dirname, PolKitError **error);
+PolKitPolicyCache *polkit_policy_cache_ref (PolKitPolicyCache *policy_cache);
+void polkit_policy_cache_unref (PolKitPolicyCache *policy_cache);
+void polkit_policy_cache_debug (PolKitPolicyCache *policy_cache);
+
+PolKitPolicyFileEntry* polkit_policy_cache_get_entry (PolKitPolicyCache *policy_cache,
+ PolKitAction *action);
+
+#endif /* POLKIT_POLICY_CACHE_H */
+
+
diff --git a/polkit/polkit-policy-default.c b/polkit/polkit-policy-default.c
new file mode 100644
index 0000000..8ab2110
--- /dev/null
+++ b/polkit/polkit-policy-default.c
@@ -0,0 +1,322 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-policy-default.c : policy definition for the defaults
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <glib.h>
+#include "polkit-debug.h"
+#include "polkit-error.h"
+#include "polkit-policy-default.h"
+
+/**
+ * SECTION:polkit-policy-default
+ * @short_description: Defaults policy.
+ *
+ * This class records the default policy of an action.
+ **/
+
+/**
+ * PolKitPolicyDefault:
+ *
+ * Objects of this class are used to record information about a
+ * default policy for an action.
+ **/
+struct PolKitPolicyDefault
+{
+ int refcount;
+ PolKitResult default_remote_inactive;
+ PolKitResult default_remote_active;
+ PolKitResult default_local_inactive;
+ PolKitResult default_local_active;
+};
+
+static gboolean
+parse_default (const char *key, char *s, const char *group, PolKitResult* target, PolKitError **error)
+{
+ gboolean ret;
+
+ ret = polkit_result_from_string_representation (s, target);
+ if (!ret) {
+ int n;
+ char *s2;
+ GString *str;
+
+ str = g_string_new (NULL);
+ for (n = 0; n < POLKIT_RESULT_N_RESULTS; n++) {
+ if (n == POLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW)
+ continue;
+
+ if (str->len > 0) {
+ g_string_append (str, ", ");
+ }
+ g_string_append (str, polkit_result_to_string_representation (n));
+ }
+ s2 = g_string_free (str, FALSE);
+
+ polkit_error_set_error (error,
+ POLKIT_ERROR_POLICY_FILE_INVALID,
+ "Value '%s' is not allowed for key '%s' in group '%s'; "
+ "supported values are: %s",
+ s,
+ key,
+ group,
+ s2);
+ g_free (s2);
+ }
+
+ g_free (s);
+ return ret;
+}
+
+extern PolKitPolicyDefault *_polkit_policy_default_new (GKeyFile *key_file, const char *action, PolKitError **error);
+
+PolKitPolicyDefault *
+_polkit_policy_default_new (GKeyFile *key_file, const char *action, PolKitError **error)
+{
+ const char *key;
+ const char *group;
+ char *s;
+ char buf[256];
+ PolKitPolicyDefault *pd;
+ GError *g_error;
+
+ pd = g_new0 (PolKitPolicyDefault, 1);
+ pd->refcount = 1;
+
+ g_snprintf (buf, sizeof (buf), "Action %s", action);
+ group = buf;
+
+ g_error = NULL;
+ key = "AllowRemoteInactive";
+ if ((s = g_key_file_get_string (key_file, group, key, &g_error)) == NULL)
+ goto error;
+ if (!parse_default (key, s, group, &pd->default_remote_inactive, error))
+ goto error;
+ key = "AllowRemoteActive";
+ if ((s = g_key_file_get_string (key_file, group, key, &g_error)) == NULL)
+ goto error;
+ if (!parse_default (key, s, group, &pd->default_remote_active, error))
+ goto error;
+ key = "AllowLocalInactive";
+ if ((s = g_key_file_get_string (key_file, group, key, &g_error)) == NULL)
+ goto error;
+ if (!parse_default (key, s, group, &pd->default_local_inactive, error))
+ goto error;
+ key = "AllowLocalActive";
+ if ((s = g_key_file_get_string (key_file, group, key, &g_error)) == NULL)
+ goto error;
+ if (!parse_default (key, s, group, &pd->default_local_active, error))
+ goto error;
+
+ return pd;
+error:
+ if (g_error != NULL) {
+ polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID,
+ "Missing key in policy file: %s",
+ g_error->message);
+ g_error_free (g_error);
+ }
+
+ if (pd != NULL)
+ polkit_policy_default_ref (pd);
+ return NULL;
+}
+
+/**
+ * polkit_policy_default_ref:
+ * @policy_default: the policy object
+ *
+ * Increase reference count.
+ *
+ * Returns: the object
+ **/
+PolKitPolicyDefault *
+polkit_policy_default_ref (PolKitPolicyDefault *policy_default)
+{
+ g_return_val_if_fail (policy_default != NULL, policy_default);
+ policy_default->refcount++;
+ return policy_default;
+}
+
+/**
+ * polkit_policy_default_unref:
+ * @policy_default: the object
+ *
+ * Decreases the reference count of the object. If it becomes zero,
+ * the object is freed. Before freeing, reference counts on embedded
+ * objects are decresed by one.
+ **/
+void
+polkit_policy_default_unref (PolKitPolicyDefault *policy_default)
+{
+ g_return_if_fail (policy_default != NULL);
+ policy_default->refcount--;
+ if (policy_default->refcount > 0)
+ return;
+ g_free (policy_default);
+}
+
+/**
+ * polkit_policy_default_debug:
+ * @policy_default: the object
+ *
+ * Print debug details
+ **/
+void
+polkit_policy_default_debug (PolKitPolicyDefault *policy_default)
+{
+ g_return_if_fail (policy_default != NULL);
+ _pk_debug ("PolKitPolicyDefault: refcount=%d\n"
+ " default_remote_inactive=%s\n"
+ " default_remote_active=%s\n"
+ " default_local_inactive=%s\n"
+ " default_local_active=%s",
+ policy_default->refcount,
+ polkit_result_to_string_representation (policy_default->default_remote_inactive),
+ polkit_result_to_string_representation (policy_default->default_remote_active),
+ polkit_result_to_string_representation (policy_default->default_local_inactive),
+ polkit_result_to_string_representation (policy_default->default_local_active));
+}
+
+
+/**
+ * polkit_policy_default_can_session_access_resource:
+ * @policy_default: the object
+ * @action: the type of access to check for
+ * @resource: the resource in question
+ * @session: the session in question
+ *
+ * Using the default policy for an action, determine if a given
+ * session can access a given resource in a given way.
+ *
+ * Returns: A #PolKitResult - can only be one of
+ * #POLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW,
+ * #POLKIT_RESULT_YES, #POLKIT_RESULT_NO.
+ **/
+PolKitResult
+polkit_policy_default_can_session_access_resource (PolKitPolicyDefault *policy_default,
+ PolKitAction *action,
+ PolKitResource *resource,
+ PolKitSession *session)
+{
+ polkit_bool_t is_local;
+ polkit_bool_t is_active;
+ PolKitResult ret;
+
+ ret = POLKIT_RESULT_NO;
+
+ g_return_val_if_fail (policy_default != NULL, ret);
+ g_return_val_if_fail (action != NULL, ret);
+ g_return_val_if_fail (session != NULL, ret);
+
+ if (!polkit_session_get_ck_is_local (session, &is_local))
+ goto out;
+ if (!polkit_session_get_ck_is_active (session, &is_active))
+ goto out;
+
+ if (is_local) {
+ if (is_active) {
+ ret = policy_default->default_local_active;
+ } else {
+ ret = policy_default->default_local_inactive;
+ }
+ } else {
+ if (is_active) {
+ ret = policy_default->default_remote_active;
+ } else {
+ ret = policy_default->default_remote_inactive;
+ }
+ }
+out:
+ return ret;
+}
+
+/**
+ * polkit_policy_default_can_caller_access_resource:
+ * @policy_default: the object
+ * @action: the type of access to check for
+ * @resource: the resource in question
+ * @caller: the resource in question
+ *
+ * Using the default policy for an action, determine if a given
+ * caller can access a given resource in a given way.
+ *
+ * Returns: A #PolKitResult specifying if, and how, the caller can
+ * access the resource in the given way
+ **/
+PolKitResult
+polkit_policy_default_can_caller_access_resource (PolKitPolicyDefault *policy_default,
+ PolKitAction *action,
+ PolKitResource *resource,
+ PolKitCaller *caller)
+{
+ polkit_bool_t is_local;
+ polkit_bool_t is_active;
+ PolKitSession *session;
+ PolKitResult ret;
+
+ ret = POLKIT_RESULT_NO;
+
+ g_return_val_if_fail (policy_default != NULL, ret);
+ g_return_val_if_fail (action != NULL, ret);
+ g_return_val_if_fail (caller != NULL, ret);
+
+ if (!polkit_caller_get_ck_session (caller, &session))
+ goto out;
+ if (session == NULL)
+ goto out;
+
+ if (!polkit_session_get_ck_is_local (session, &is_local))
+ goto out;
+ if (!polkit_session_get_ck_is_active (session, &is_active))
+ goto out;
+
+ if (is_local) {
+ if (is_active) {
+ ret = policy_default->default_local_active;
+ } else {
+ ret = policy_default->default_local_inactive;
+ }
+ } else {
+ if (is_active) {
+ ret = policy_default->default_remote_active;
+ } else {
+ ret = policy_default->default_remote_inactive;
+ }
+ }
+out:
+ return ret;
+}
diff --git a/polkit/polkit-policy-default.h b/polkit/polkit-policy-default.h
new file mode 100644
index 0000000..2dda732
--- /dev/null
+++ b/polkit/polkit-policy-default.h
@@ -0,0 +1,60 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-policy-default.h : policy definition for the defaults
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_POLICY_DEFAULT_H
+#define POLKIT_POLICY_DEFAULT_H
+
+#include <polkit/polkit-result.h>
+#include <polkit/polkit-action.h>
+#include <polkit/polkit-resource.h>
+#include <polkit/polkit-session.h>
+#include <polkit/polkit-caller.h>
+#include <polkit/polkit-error.h>
+
+struct PolKitPolicyDefault;
+typedef struct PolKitPolicyDefault PolKitPolicyDefault;
+
+PolKitPolicyDefault *polkit_policy_default_ref (PolKitPolicyDefault *policy_default);
+void polkit_policy_default_unref (PolKitPolicyDefault *policy_default);
+void polkit_policy_default_debug (PolKitPolicyDefault *policy_default);
+
+PolKitResult polkit_policy_default_can_session_access_resource (PolKitPolicyDefault *policy_default,
+ PolKitAction *action,
+ PolKitResource *resource,
+ PolKitSession *session);
+PolKitResult polkit_policy_default_can_caller_access_resource (PolKitPolicyDefault *policy_default,
+ PolKitAction *action,
+ PolKitResource *resource,
+ PolKitCaller *caller);
+
+/* TODO: export knobs for "default policy" */
+
+#endif /* POLKIT_POLICY_DEFAULT_H */
+
+
diff --git a/polkit/polkit-policy-file-entry.c b/polkit/polkit-policy-file-entry.c
new file mode 100644
index 0000000..8e5c172
--- /dev/null
+++ b/polkit/polkit-policy-file-entry.c
@@ -0,0 +1,171 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-policy-file-entry.c : entries in policy files
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <glib.h>
+#include "polkit-debug.h"
+#include "polkit-error.h"
+#include "polkit-result.h"
+#include "polkit-policy-file-entry.h"
+
+/**
+ * SECTION:polkit-policy-file-entry
+ * @short_description: Policy files entries.
+ *
+ * This class is used to represent a entries in policy files.
+ **/
+
+/**
+ * PolKitPolicyFileEntry:
+ *
+ * Objects of this class are used to record information about a
+ * policy.
+ **/
+struct PolKitPolicyFileEntry
+{
+ int refcount;
+ char *action;
+ PolKitPolicyDefault *defaults;
+};
+
+PolKitPolicyFileEntry *
+_polkit_policy_file_entry_new (GKeyFile *key_file, const char *action, PolKitError **error);
+
+extern PolKitPolicyDefault *_polkit_policy_default_new (GKeyFile *key_file, const char *action, PolKitError **error);
+
+extern PolKitPolicyFileEntry *
+_polkit_policy_file_entry_new (GKeyFile *key_file, const char *action, PolKitError **error)
+{
+ PolKitPolicyFileEntry *pfe;
+
+ pfe = g_new0 (PolKitPolicyFileEntry, 1);
+ pfe->refcount = 1;
+ pfe->action = g_strdup (action);
+
+ pfe->defaults = _polkit_policy_default_new (key_file, action, error);
+ if (pfe->defaults == NULL)
+ goto error;
+
+ return pfe;
+error:
+ if (pfe != NULL)
+ polkit_policy_file_entry_unref (pfe);
+ return NULL;
+}
+
+/**
+ * polkit_policy_file_entry_ref:
+ * @policy_file_entry: the policy file object
+ *
+ * Increase reference count.
+ *
+ * Returns: the object
+ **/
+PolKitPolicyFileEntry *
+polkit_policy_file_entry_ref (PolKitPolicyFileEntry *policy_file_entry)
+{
+ g_return_val_if_fail (policy_file_entry != NULL, policy_file_entry);
+ policy_file_entry->refcount++;
+ return policy_file_entry;
+}
+
+/**
+ * polkit_policy_file_entry_unref:
+ * @policy_file_entry: the policy file object
+ *
+ * Decreases the reference count of the object. If it becomes zero,
+ * the object is freed. Before freeing, reference counts on embedded
+ * objects are decresed by one.
+ **/
+void
+polkit_policy_file_entry_unref (PolKitPolicyFileEntry *policy_file_entry)
+{
+ g_return_if_fail (policy_file_entry != NULL);
+ policy_file_entry->refcount--;
+ if (policy_file_entry->refcount > 0)
+ return;
+ g_free (policy_file_entry->action);
+ if (policy_file_entry->defaults != NULL)
+ polkit_policy_default_unref (policy_file_entry->defaults);
+ g_free (policy_file_entry);
+}
+
+/**
+ * polkit_policy_file_entry_debug:
+ * @policy_file_entry: the entry
+ *
+ * Print debug information about object
+ **/
+void
+polkit_policy_file_entry_debug (PolKitPolicyFileEntry *policy_file_entry)
+{
+ g_return_if_fail (policy_file_entry != NULL);
+ _pk_debug ("PolKitPolicyFileEntry: refcount=%d action=%s",
+ policy_file_entry->refcount,
+ policy_file_entry->action);
+ polkit_policy_default_debug (policy_file_entry->defaults);
+}
+
+/**
+ * polkit_policy_file_entry_get_id:
+ * @policy_file_entry: the file entry
+ *
+ * Get the action identifier.
+ *
+ * Returns: A string - caller shall not free this string.
+ **/
+const char *
+polkit_policy_file_entry_get_id (PolKitPolicyFileEntry *policy_file_entry)
+{
+ g_return_val_if_fail (policy_file_entry != NULL, NULL);
+ return policy_file_entry->action;
+}
+
+/**
+ * polkit_policy_file_entry_get_default:
+ * @policy_file_entry: the file entry
+ *
+ * Get the the default policy for this policy.
+ *
+ * Returns: A #PolKitPolicyDefault object - caller shall not unref this object.
+ **/
+PolKitPolicyDefault *
+polkit_policy_file_entry_get_default (PolKitPolicyFileEntry *policy_file_entry)
+{
+ g_return_val_if_fail (policy_file_entry != NULL, NULL);
+ return policy_file_entry->defaults;
+}
diff --git a/polkit/polkit-policy-file-entry.h b/polkit/polkit-policy-file-entry.h
new file mode 100644
index 0000000..1fd11b5
--- /dev/null
+++ b/polkit/polkit-policy-file-entry.h
@@ -0,0 +1,49 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-policy-file-entry.h : entries in policy files
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_POLICY_FILE_ENTRY_H
+#define POLKIT_POLICY_FILE_ENTRY_H
+
+#include <polkit/polkit-result.h>
+#include <polkit/polkit-policy-default.h>
+
+struct PolKitPolicyFileEntry;
+typedef struct PolKitPolicyFileEntry PolKitPolicyFileEntry;
+
+PolKitPolicyFileEntry *polkit_policy_file_entry_ref (PolKitPolicyFileEntry *policy_file_entry);
+void polkit_policy_file_entry_unref (PolKitPolicyFileEntry *policy_file_entry);
+void polkit_policy_file_entry_debug (PolKitPolicyFileEntry *policy_file_entry);
+
+const char *polkit_policy_file_entry_get_id (PolKitPolicyFileEntry *policy_file_entry);
+PolKitPolicyDefault *polkit_policy_file_entry_get_default (PolKitPolicyFileEntry *policy_file_entry);
+
+
+#endif /* POLKIT_POLICY_FILE_ENTRY_H */
+
+
diff --git a/polkit/polkit-policy-file.c b/polkit/polkit-policy-file.c
new file mode 100644
index 0000000..04b23dc
--- /dev/null
+++ b/polkit/polkit-policy-file.c
@@ -0,0 +1,218 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-policy-file.c : policy files
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <glib.h>
+#include "polkit-error.h"
+#include "polkit-result.h"
+#include "polkit-policy-file.h"
+#include "polkit-policy-file-entry.h"
+
+/**
+ * SECTION:polkit-policy-file
+ * @short_description: Policy files.
+ *
+ * This class is used to represent a policy files.
+ **/
+
+/**
+ * PolKitPolicyFile:
+ *
+ * Objects of this class are used to record information about a
+ * policy file.
+ **/
+struct PolKitPolicyFile
+{
+ int refcount;
+ GSList *entries;
+};
+
+extern PolKitPolicyFileEntry *_polkit_policy_file_entry_new (GKeyFile *keyfile,
+ const char *action,
+ PolKitError **error);
+
+/**
+ * polkit_policy_file_new:
+ * @path: path to policy file
+ * @error: return location for error
+ *
+ * Create a new #PolKitPolicyFile object. If the file does not
+ * validate, a human readable explanation of why will be set in
+ * @error.
+ *
+ * Returns: the new object or #NULL if error is set
+ **/
+PolKitPolicyFile *
+polkit_policy_file_new (const char *path, PolKitError **error)
+{
+ GKeyFile *key_file;
+ PolKitPolicyFile *pf;
+ char **groups;
+ gsize groups_len;
+ int n;
+ GError *g_error;
+
+ pf = NULL;
+ key_file = NULL;
+ groups = NULL;
+
+ if (!g_str_has_suffix (path, ".policy")) {
+ polkit_error_set_error (error,
+ POLKIT_ERROR_POLICY_FILE_INVALID,
+ "Policy files must have extension .policy; file '%s' doesn't", path);
+ goto error;
+ }
+
+ g_error = NULL;
+ key_file = g_key_file_new ();
+ if (!g_key_file_load_from_file (key_file, path, G_KEY_FILE_NONE, &g_error)) {
+ polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID,
+ "Cannot load PolicyKit policy file at '%s': %s",
+ path,
+ g_error->message);
+ g_error_free (g_error);
+ goto error;
+ }
+
+ pf = g_new0 (PolKitPolicyFile, 1);
+ pf->refcount = 1;
+
+ groups = g_key_file_get_groups(key_file, &groups_len);
+ if (groups == NULL)
+ goto error;
+
+ for (n = 0; groups[n] != NULL; n++) {
+ const char *action;
+ PolKitPolicyFileEntry *pfe;
+
+ if (!g_str_has_prefix (groups[n], "Action ")) {
+ polkit_error_set_error (error,
+ POLKIT_ERROR_POLICY_FILE_INVALID,
+ "Unknown group of name '%s'", groups[n]);
+ goto error;
+ }
+
+ action = groups[n] + 7; /* "Action " */
+ if (strlen (action) == 0) {
+ polkit_error_set_error (error,
+ POLKIT_ERROR_POLICY_FILE_INVALID,
+ "Zero-length action name");
+ goto error;
+ }
+
+ pfe = _polkit_policy_file_entry_new (key_file, action, error);
+ if (pfe == NULL)
+ goto error;
+ pf->entries = g_slist_prepend (pf->entries, pfe);
+ }
+
+ g_strfreev (groups);
+ g_key_file_free (key_file);
+ return pf;
+error:
+ if (groups != NULL)
+ g_strfreev (groups);
+ if (key_file != NULL)
+ g_key_file_free (key_file);
+ if (pf != NULL)
+ polkit_policy_file_unref (pf);
+ return NULL;
+}
+
+/**
+ * polkit_policy_file_ref:
+ * @policy_file: the policy file object
+ *
+ * Increase reference count.
+ *
+ * Returns: the object
+ **/
+PolKitPolicyFile *
+polkit_policy_file_ref (PolKitPolicyFile *policy_file)
+{
+ g_return_val_if_fail (policy_file != NULL, policy_file);
+ policy_file->refcount++;
+ return policy_file;
+}
+
+/**
+ * polkit_policy_file_unref:
+ * @policy_file: the policy file object
+ *
+ * Decreases the reference count of the object. If it becomes zero,
+ * the object is freed. Before freeing, reference counts on embedded
+ * objects are decresed by one.
+ **/
+void
+polkit_policy_file_unref (PolKitPolicyFile *policy_file)
+{
+ GSList *i;
+ g_return_if_fail (policy_file != NULL);
+ policy_file->refcount--;
+ if (policy_file->refcount > 0)
+ return;
+ for (i = policy_file->entries; i != NULL; i = g_slist_next (i)) {
+ polkit_policy_file_entry_unref (i->data);
+ }
+ if (policy_file->entries != NULL)
+ g_slist_free (policy_file->entries);
+ g_free (policy_file);
+}
+
+/**
+ * polkit_policy_file_entry_foreach:
+ * @policy_file: the policy file object
+ * @cb: callback to invoke for each entry
+ * @user_data: user data
+ *
+ * Visits all entries in a policy file.
+ **/
+void
+polkit_policy_file_entry_foreach (PolKitPolicyFile *policy_file,
+ PolKitPolicyFileEntryForeachFunc cb,
+ void *user_data)
+{
+ GSList *i;
+
+ g_return_if_fail (policy_file != NULL);
+ g_return_if_fail (cb != NULL);
+
+ for (i = policy_file->entries; i != NULL; i = g_slist_next (i)) {
+ PolKitPolicyFileEntry *pfe = i->data;
+ cb (policy_file, pfe, user_data);
+ }
+}
diff --git a/polkit/polkit-policy-file.h b/polkit/polkit-policy-file.h
new file mode 100644
index 0000000..3e1baf0
--- /dev/null
+++ b/polkit/polkit-policy-file.h
@@ -0,0 +1,60 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-policy-file.h : policy files
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_POLICY_FILE_H
+#define POLKIT_POLICY_FILE_H
+
+#include <polkit/polkit-error.h>
+#include <polkit/polkit-policy-file-entry.h>
+
+struct PolKitPolicyFile;
+typedef struct PolKitPolicyFile PolKitPolicyFile;
+
+/**
+ * PolKitPolicyFileEntryForeachFunc:
+ * @policy_file: the policy file
+ * @policy_file_entry: the entry
+ * @user_data: user data
+ *
+ * Type for function used in polkit_policy_file_entry_foreach().
+ **/
+typedef void (*PolKitPolicyFileEntryForeachFunc) (PolKitPolicyFile *policy_file,
+ PolKitPolicyFileEntry *policy_file_entry,
+ void *user_data);
+
+PolKitPolicyFile *polkit_policy_file_new (const char *path, PolKitError **error);
+PolKitPolicyFile *polkit_policy_file_ref (PolKitPolicyFile *policy_file);
+void polkit_policy_file_unref (PolKitPolicyFile *policy_file);
+void polkit_policy_file_entry_foreach (PolKitPolicyFile *policy_file,
+ PolKitPolicyFileEntryForeachFunc cb,
+ void *user_data);
+
+#endif /* POLKIT_POLICY_FILE_H */
+
+
diff --git a/polkit/polkit-resource.c b/polkit/polkit-resource.c
new file mode 100644
index 0000000..70d7d53
--- /dev/null
+++ b/polkit/polkit-resource.c
@@ -0,0 +1,232 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-resource.c : resources
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <glib.h>
+#include "polkit-debug.h"
+#include "polkit-resource.h"
+#include "polkit-utils.h"
+
+/**
+ * SECTION:polkit-resource
+ * @short_description: Resources.
+ *
+ * This class is used to represent a resource. TODO: describe what a resource really is.
+ **/
+
+/**
+ * PolKitResource:
+ *
+ * Objects of this class are used to record information about a
+ * resource. TODO: describe what a resource really is.
+ **/
+struct PolKitResource
+{
+ int refcount;
+ char *type;
+ char *id;
+};
+
+/**
+ * polkit_resource_new:
+ *
+ * Create a new #PolKitResource object.
+ *
+ * Returns: the new object
+ **/
+PolKitResource *
+polkit_resource_new (void)
+{
+ PolKitResource *resource;
+ resource = g_new0 (PolKitResource, 1);
+ resource->refcount = 1;
+ return resource;
+}
+
+/**
+ * polkit_resource_ref:
+ * @resource: the resource object
+ *
+ * Increase reference count
+ *
+ * Returns: the object
+ **/
+PolKitResource *
+polkit_resource_ref (PolKitResource *resource)
+{
+ g_return_val_if_fail (resource != NULL, resource);
+ resource->refcount++;
+ return resource;
+}
+
+
+/**
+ * polkit_resource_unref:
+ * @resource: the resource object
+ *
+ * Decreases the reference count of the object. If it becomes zero,
+ * the object is freed. Before freeing, reference counts on embedded
+ * objects are decresed by one.
+ **/
+void
+polkit_resource_unref (PolKitResource *resource)
+{
+ g_return_if_fail (resource != NULL);
+
+ resource->refcount--;
+ if (resource->refcount > 0)
+ return;
+
+ g_free (resource->type);
+ g_free (resource->id);
+ g_free (resource);
+}
+
+
+/**
+ * polkit_resource_set_resource_type:
+ * @resource: the resource object
+ * @resource_type: type of resource
+ *
+ * Set the type of the resource. TODO: link to wtf this is.
+ *
+ * Returns: #TRUE only if the value validated and was set
+ **/
+polkit_bool_t
+polkit_resource_set_resource_type (PolKitResource *resource, const char *resource_type)
+{
+ g_return_val_if_fail (resource != NULL, FALSE);
+ g_return_val_if_fail (_pk_validate_identifier (resource_type), FALSE);
+ if (resource->type != NULL)
+ g_free (resource->type);
+ resource->type = g_strdup (resource_type);
+ return TRUE;
+}
+
+/**
+ * polkit_resource_set_resource_id:
+ * @resource: the resource object
+ * @resource_id: identifier of resource
+ *
+ * set the identifier of the resource. TODO: link to wtf this is.
+ *
+ * Returns: #TRUE only if the value validated and was set
+ **/
+polkit_bool_t
+polkit_resource_set_resource_id (PolKitResource *resource, const char *resource_id)
+{
+ g_return_val_if_fail (resource != NULL, FALSE);
+ g_return_val_if_fail (_pk_validate_identifier (resource_id), FALSE);
+ if (resource->id != NULL)
+ g_free (resource->id);
+ resource->id = g_strdup (resource_id);
+ return TRUE;
+}
+
+/**
+ * polkit_resource_get_resource_type:
+ * @resource: the resource object
+ * @out_resource_type: Returns the resource type. The caller shall not free this string.
+ *
+ * Get the type of the resource.
+ *
+ * Returns: TRUE iff the value was returned.
+ **/
+polkit_bool_t
+polkit_resource_get_resource_type (PolKitResource *resource, char **out_resource_type)
+{
+ g_return_val_if_fail (resource != NULL, FALSE);
+ g_return_val_if_fail (out_resource_type != NULL, FALSE);
+
+ if (resource->type == NULL)
+ return FALSE;
+
+ *out_resource_type = resource->type;
+ return TRUE;
+}
+
+/**
+ * polkit_resource_get_resource_id:
+ * @resource: the resource object
+ * @out_resource_id: Returns the resource identifier. The caller shall not free this string.
+ *
+ * Get the identifier of the resource
+ *
+ * Returns: TRUE iff the value was returned.
+ **/
+polkit_bool_t
+polkit_resource_get_resource_id (PolKitResource *resource, char **out_resource_id)
+{
+ g_return_val_if_fail (resource != NULL, FALSE);
+ g_return_val_if_fail (out_resource_id != NULL, FALSE);
+
+ if (resource->id == NULL)
+ return FALSE;
+
+ *out_resource_id = resource->id;
+ return TRUE;
+}
+
+/**
+ * polkit_resource_debug:
+ * @resource: the object
+ *
+ * Print debug details
+ **/
+void
+polkit_resource_debug (PolKitResource *resource)
+{
+ g_return_if_fail (resource != NULL);
+ _pk_debug ("PolKitResource: refcount=%d type=%s id=%s", resource->refcount, resource->type, resource->id);
+}
+
+/**
+ * polkit_resource_validate:
+ * @resource: the object
+ *
+ * Validate the object
+ *
+ * Returns: #TRUE iff the object is valid.
+ **/
+polkit_bool_t
+polkit_resource_validate (PolKitResource *resource)
+{
+ g_return_val_if_fail (resource != NULL, FALSE);
+ g_return_val_if_fail (resource->type != NULL, FALSE);
+ g_return_val_if_fail (resource->id != NULL, FALSE);
+ return TRUE;
+}
diff --git a/polkit/polkit-resource.h b/polkit/polkit-resource.h
new file mode 100644
index 0000000..636e730
--- /dev/null
+++ b/polkit/polkit-resource.h
@@ -0,0 +1,52 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-resource.h : resources
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_RESOURCE_H
+#define POLKIT_RESOURCE_H
+
+#include <polkit/polkit-types.h>
+
+struct PolKitResource;
+typedef struct PolKitResource PolKitResource;
+
+PolKitResource *polkit_resource_new (void);
+PolKitResource *polkit_resource_ref (PolKitResource *resource);
+void polkit_resource_unref (PolKitResource *resource);
+polkit_bool_t polkit_resource_set_resource_type (PolKitResource *resource, const char *resource_type);
+polkit_bool_t polkit_resource_set_resource_id (PolKitResource *resource, const char *resource_id);
+polkit_bool_t polkit_resource_get_resource_type (PolKitResource *resource, char **out_resource_type);
+polkit_bool_t polkit_resource_get_resource_id (PolKitResource *resource, char **out_resource_id);
+
+void polkit_resource_debug (PolKitResource *resource);
+
+polkit_bool_t polkit_resource_validate (PolKitResource *resource);
+
+#endif /* POLKIT_RESOURCE_H */
+
+
diff --git a/polkit/polkit-result.c b/polkit/polkit-result.c
new file mode 100644
index 0000000..9193c73
--- /dev/null
+++ b/polkit/polkit-result.c
@@ -0,0 +1,116 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-result.c : result codes from PolicyKit
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+/**
+ * SECTION:polkit-result
+ * @short_description: Result of PolicyKit queries
+ *
+ * These functions are used to manipulate PolicyKit results.
+ **/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <glib.h>
+#include "polkit-result.h"
+
+
+static const struct {
+ PolKitResult result;
+ const char *str;
+} mapping[] =
+{
+ {POLKIT_RESULT_UNKNOWN_ACTION, "unknown"},
+ {POLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW, "not_authorized"},
+ {POLKIT_RESULT_NO, "no"},
+ {POLKIT_RESULT_ONLY_VIA_ROOT_AUTH, "auth_root"},
+ {POLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_SESSION, "auth_root_keep_session"},
+ {POLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_ALWAYS, "auth_root_keep_always"},
+ {POLKIT_RESULT_ONLY_VIA_SELF_AUTH, "auth_self"},
+ {POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION, "auth_self_keep_session"},
+ {POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS, "auth_self_keep_always"},
+ {POLKIT_RESULT_YES, "yes"},
+ {0, NULL}
+};
+
+
+/**
+ * polkit_result_to_string_representation:
+ * @result: the given result to get a textual representation of
+ *
+ * Gives a textual representation of a #PolKitResult object.
+ *
+ * Returns: string representing the result (do not free) or #NULL if the given result is invalid
+ **/
+const char *
+polkit_result_to_string_representation (PolKitResult result)
+{
+ if (result < 0 || result >= POLKIT_RESULT_N_RESULTS) {
+ g_warning ("The passed result code, %d, is not valid", result);
+ return NULL;
+ }
+
+ return mapping[result].str;
+}
+
+/**
+ * polkit_result_from_string_representation:
+ * @string: textual representation of a #PolKitResult object
+ * @out_result: return location for #PolKitResult
+ *
+ * Given a textual representation of a #PolKitResult object, find the #PolKitResult value.
+ *
+ * Returns: TRUE if the textual representation was valid, otherwise FALSE
+ **/
+polkit_bool_t
+polkit_result_from_string_representation (const char *string, PolKitResult *out_result)
+{
+ int n;
+
+ g_return_val_if_fail (out_result != NULL, FALSE);
+
+ for (n = 0; n < POLKIT_RESULT_N_RESULTS; n++) {
+ if (mapping[n].str == NULL)
+ break;
+ if (strcmp (mapping[n].str, string) == 0) {
+ *out_result = mapping[n].result;
+ goto found;
+ }
+ }
+
+ return FALSE;
+found:
+ return TRUE;
+}
diff --git a/polkit/polkit-result.h b/polkit/polkit-result.h
new file mode 100644
index 0000000..475154e
--- /dev/null
+++ b/polkit/polkit-result.h
@@ -0,0 +1,84 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-result.h : result codes from PolicyKit
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_RESULT_H
+#define POLKIT_RESULT_H
+
+#include <polkit/polkit-types.h>
+
+/**
+ * PolKitResult:
+ * @POLKIT_RESULT_UNKNOWN_ACTION: The passed action is unknown.
+ * @POLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW: The caller of polkit is not sufficiently privilege to know the answer.
+ * @POLKIT_RESULT_NO: Access denied.
+ * @POLKIT_RESULT_ONLY_VIA_ROOT_AUTH: Access denied, but authentication of the caller as
+ * root will grant access to the resource... but the access isn't permanent
+ * @POLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_SESSION: Access denied, but authentication of the caller as
+ * root will grant access to the resource for the remainder of the session
+ * @POLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_ALWAYS: Access denied, but authentication of the caller as
+ * root will grant access to the resource in the future.
+ * @POLKIT_RESULT_ONLY_VIA_SELF_AUTH: Access denied, but authentication of the caller as
+ * himself will grant access to the resource... but the access isn't permanent
+ * @POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION: Access denied, but authentication of the caller as
+ * himself will grant access to the resource for the remainder of the session
+ * @POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS: Access denied, but authentication of the caller as
+ * himself will grant access to the resource in the future.
+ * @POLKIT_RESULT_YES: Access granted.
+ * @POLKIT_RESULT_N_RESULTS: Number of result codes
+ *
+ * Result codes from queries to PolicyKit. These are ordered and we
+ * say that a result A is "more strict" than a result B, if A has a
+ * lower numerical value. (e.g. #POLKIT_RESULT_NO is more strict
+ * than #POLKIT_RESULT_YES).
+ */
+typedef enum
+{
+ POLKIT_RESULT_UNKNOWN_ACTION,
+ POLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW,
+ POLKIT_RESULT_NO,
+
+ POLKIT_RESULT_ONLY_VIA_ROOT_AUTH,
+ POLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_SESSION,
+ POLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_ALWAYS,
+
+ POLKIT_RESULT_ONLY_VIA_SELF_AUTH,
+ POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION,
+ POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS,
+
+ POLKIT_RESULT_YES,
+ POLKIT_RESULT_N_RESULTS
+} PolKitResult;
+
+const char *
+polkit_result_to_string_representation (PolKitResult result);
+
+polkit_bool_t
+polkit_result_from_string_representation (const char *string, PolKitResult *out_result);
+
+#endif /* POLKIT_RESULT_H */
diff --git a/polkit/polkit-seat.c b/polkit/polkit-seat.c
new file mode 100644
index 0000000..507a1d4
--- /dev/null
+++ b/polkit/polkit-seat.c
@@ -0,0 +1,179 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-seat.c : seat
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <glib.h>
+#include "polkit-debug.h"
+#include "polkit-seat.h"
+#include "polkit-utils.h"
+
+/**
+ * SECTION:polkit-seat
+ * @short_description: Seats.
+ *
+ * This class is used to represent a seat. TODO: describe seat.
+ **/
+
+/**
+ * PolKitSeat:
+ *
+ * Objects of this class are used to record information about a
+ * seat.
+ **/
+struct PolKitSeat
+{
+ int refcount;
+ char *ck_objref;
+};
+
+/**
+ * polkit_seat_new:
+ *
+ * Creates a new #PolKitSeat object.
+ *
+ * Returns: the new object
+ **/
+PolKitSeat *
+polkit_seat_new (void)
+{
+ PolKitSeat *seat;
+ seat = g_new0 (PolKitSeat, 1);
+ seat->refcount = 1;
+ return seat;
+}
+
+/**
+ * polkit_seat_ref:
+ * @seat: the seat object
+ *
+ * Increase reference count.
+ *
+ * Returns: the object
+ **/
+PolKitSeat *
+polkit_seat_ref (PolKitSeat *seat)
+{
+ g_return_val_if_fail (seat != NULL, seat);
+ seat->refcount++;
+ return seat;
+}
+
+/**
+ * polkit_seat_unref:
+ * @seat: the seat object
+ *
+ * Decreases the reference count of the object. If it becomes zero,
+ * the object is freed. Before freeing, reference counts on embedded
+ * objects are decresed by one.
+ **/
+void
+polkit_seat_unref (PolKitSeat *seat)
+{
+ g_return_if_fail (seat != NULL);
+ seat->refcount--;
+ if (seat->refcount > 0)
+ return;
+ g_free (seat->ck_objref);
+ g_free (seat);
+}
+
+/**
+ * polkit_seat_set_ck_objref:
+ * @seat: the seat object
+ * @ck_objref: the D-Bus object path to the ConsoleKit seat object
+ *
+ * Set the D-Bus object path to the ConsoleKit seat object.
+ *
+ * Returns: #TRUE only if the value validated and was set
+ **/
+polkit_bool_t
+polkit_seat_set_ck_objref (PolKitSeat *seat, const char *ck_objref)
+{
+ g_return_val_if_fail (seat != NULL, FALSE);
+ g_return_val_if_fail (_pk_validate_identifier (ck_objref), FALSE);
+ if (seat->ck_objref != NULL)
+ g_free (seat->ck_objref);
+ seat->ck_objref = g_strdup (ck_objref);
+ return TRUE;
+}
+
+/**
+ * polkit_seat_get_ck_objref:
+ * @seat: the seat object
+ * @out_ck_objref: Returns the D-Bus object path to the ConsoleKit seat object. The caller shall not free this string.
+ *
+ * Get the D-Bus object path to the ConsoleKit seat object.
+ *
+ * Returns: TRUE iff the value is returned
+ **/
+polkit_bool_t
+polkit_seat_get_ck_objref (PolKitSeat *seat, char **out_ck_objref)
+{
+ g_return_val_if_fail (seat != NULL, FALSE);
+ g_return_val_if_fail (out_ck_objref != NULL, FALSE);
+ *out_ck_objref = seat->ck_objref;
+ return TRUE;
+}
+
+/**
+ * polkit_seat_debug:
+ * @seat: the object
+ *
+ * Print debug details
+ **/
+void
+polkit_seat_debug (PolKitSeat *seat)
+{
+ g_return_if_fail (seat != NULL);
+ _pk_debug ("PolKitSeat: refcount=%d objpath=%s", seat->refcount, seat->ck_objref);
+}
+
+/**
+ * polkit_seat_validate:
+ * @seat: the object
+ *
+ * Validate the object
+ *
+ * Returns: #TRUE iff the object is valid.
+ **/
+polkit_bool_t
+polkit_seat_validate (PolKitSeat *seat)
+{
+ g_return_val_if_fail (seat != NULL, FALSE);
+ g_return_val_if_fail (seat->ck_objref != NULL, FALSE);
+ return TRUE;
+}
diff --git a/polkit/polkit-seat.h b/polkit/polkit-seat.h
new file mode 100644
index 0000000..5a01714
--- /dev/null
+++ b/polkit/polkit-seat.h
@@ -0,0 +1,49 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-seat.h : seats
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_SEAT_H
+#define POLKIT_SEAT_H
+
+#include <polkit/polkit-types.h>
+
+struct PolKitSeat;
+typedef struct PolKitSeat PolKitSeat;
+
+PolKitSeat *polkit_seat_new (void);
+PolKitSeat *polkit_seat_ref (PolKitSeat *seat);
+void polkit_seat_unref (PolKitSeat *seat);
+polkit_bool_t polkit_seat_set_ck_objref (PolKitSeat *seat, const char *ck_objref);
+polkit_bool_t polkit_seat_get_ck_objref (PolKitSeat *seat, char **out_ck_objref);
+
+void polkit_seat_debug (PolKitSeat *seat);
+polkit_bool_t polkit_seat_validate (PolKitSeat *seat);
+
+#endif /* POLKIT_SEAT_H */
+
+
diff --git a/polkit/polkit-session.c b/polkit/polkit-session.c
new file mode 100644
index 0000000..4a1d118
--- /dev/null
+++ b/polkit/polkit-session.c
@@ -0,0 +1,394 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-session.c : sessions
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <glib.h>
+#include "polkit-debug.h"
+#include "polkit-session.h"
+#include "polkit-utils.h"
+
+/**
+ * SECTION:polkit-session
+ * @short_description: Sessions.
+ *
+ * This class is used to represent a session. TODO: describe session.
+ **/
+
+/**
+ * PolKitSession:
+ *
+ * Objects of this class are used to record information about a
+ * session.
+ **/
+struct PolKitSession
+{
+ int refcount;
+ uid_t uid;
+ PolKitSeat *seat;
+ char *ck_objref;
+ polkit_bool_t is_active;
+ polkit_bool_t is_local;
+ char *remote_host;
+};
+
+/**
+ * polkit_session_new:
+ *
+ * Creates a new #PolKitSession object.
+ *
+ * Returns: the new object
+ **/
+PolKitSession *
+polkit_session_new (void)
+{
+ PolKitSession *session;
+ session = g_new0 (PolKitSession, 1);
+ session->refcount = 1;
+ return session;
+}
+
+/**
+ * polkit_session_ref:
+ * @session: The session object
+ *
+ * Increase reference count.
+ *
+ * Returns: the object
+ **/
+PolKitSession *
+polkit_session_ref (PolKitSession *session)
+{
+ g_return_val_if_fail (session != NULL, session);
+ session->refcount++;
+ return session;
+}
+
+
+/**
+ * polkit_session_unref:
+ * @session: The session object
+ *
+ * Decreases the reference count of the object. If it becomes zero,
+ * the object is freed. Before freeing, reference counts on embedded
+ * objects are decresed by one.
+ **/
+void
+polkit_session_unref (PolKitSession *session)
+{
+ g_return_if_fail (session != NULL);
+ session->refcount--;
+ if (session->refcount > 0)
+ return;
+ g_free (session->ck_objref);
+ g_free (session->remote_host);
+ if (session->seat != NULL)
+ polkit_seat_unref (session->seat);
+ g_free (session);
+}
+
+/**
+ * polkit_session_set_uid:
+ * @session: The session object
+ * @uid: UNIX user id
+ *
+ * Set the UNIX user id of the user owning the session.
+ *
+ * Returns: #TRUE only if the value validated and was set
+ **/
+polkit_bool_t
+polkit_session_set_uid (PolKitSession *session, uid_t uid)
+{
+ g_return_val_if_fail (session != NULL, FALSE);
+ session->uid = uid;
+ return TRUE;
+}
+
+/**
+ * polkit_session_set_ck_objref:
+ * @session: The session object
+ * @ck_objref: D-Bus object path
+ *
+ * Set the D-Bus object path to the ConsoleKit session object.
+ *
+ * Returns: #TRUE only if the value validated and was set
+ **/
+polkit_bool_t
+polkit_session_set_ck_objref (PolKitSession *session, const char *ck_objref)
+{
+ g_return_val_if_fail (session != NULL, FALSE);
+ g_return_val_if_fail (_pk_validate_identifier (ck_objref), FALSE);
+ if (session->ck_objref != NULL)
+ g_free (session->ck_objref);
+ session->ck_objref = g_strdup (ck_objref);
+ return TRUE;
+}
+
+/**
+ * polkit_session_set_ck_is_active:
+ * @session: The session object
+ * @is_active: whether ConsoleKit reports the session as active
+ *
+ * Set whether ConsoleKit regard the session as active.
+ *
+ * Returns: #TRUE only if the value validated and was set
+ **/
+polkit_bool_t
+polkit_session_set_ck_is_active (PolKitSession *session, polkit_bool_t is_active)
+{
+ g_return_val_if_fail (session != NULL, FALSE);
+ session->is_active = is_active;
+ return TRUE;
+}
+
+/**
+ * polkit_session_set_ck_is_local:
+ * @session: The session object
+ * @is_local: whether ConsoleKit reports the session as local
+ *
+ * Set whether ConsoleKit regard the session as local.
+ *
+ * Returns: #TRUE only if the value validated and was set
+ **/
+polkit_bool_t
+polkit_session_set_ck_is_local (PolKitSession *session, polkit_bool_t is_local)
+{
+ g_return_val_if_fail (session != NULL, FALSE);
+ session->is_local = is_local;
+ return TRUE;
+}
+
+/**
+ * polkit_session_set_ck_remote_host:
+ * @session: The session object
+ * @remote_host: hostname of the host/display that ConsoleKit reports
+ * the session to occur at
+ *
+ * Set the remote host/display that ConsoleKit reports the session to
+ * occur at.
+ *
+ * Returns: #TRUE only if the value validated and was set
+ **/
+polkit_bool_t
+polkit_session_set_ck_remote_host (PolKitSession *session, const char *remote_host)
+{
+ g_return_val_if_fail (session != NULL, FALSE);
+ /* TODO: FIXME: probably need to allow a lot more here */
+ g_return_val_if_fail (_pk_validate_identifier (remote_host), FALSE);
+ if (session->remote_host != NULL)
+ g_free (session->remote_host);
+ session->remote_host = g_strdup (remote_host);
+ return TRUE;
+}
+
+/**
+ * polkit_session_set_seat:
+ * @session: The session object
+ * @seat: a #PolKitSeat object
+ *
+ * Set the seat that the session belongs to. The reference count on
+ * the given object will be increased by one. If an existing seat
+ * object was set already, the reference count on that one will be
+ * decreased by one.
+ *
+ * Returns: #TRUE only if the value validated and was set
+ **/
+polkit_bool_t
+polkit_session_set_seat (PolKitSession *session, PolKitSeat *seat)
+{
+ g_return_val_if_fail (session != NULL, FALSE);
+ g_return_val_if_fail (polkit_seat_validate (seat), FALSE);
+ if (session->seat != NULL)
+ polkit_seat_unref (session->seat);
+ session->seat = seat != NULL ? polkit_seat_ref (seat) : NULL;
+ return TRUE;
+}
+
+/**
+ * polkit_session_get_uid:
+ * @session: The session object
+ * @out_uid: UNIX user id
+ *
+ * Get the UNIX user id of the user owning the session.
+ *
+ * Returns: TRUE iff the value is returned
+ **/
+polkit_bool_t
+polkit_session_get_uid (PolKitSession *session, uid_t *out_uid)
+{
+ g_return_val_if_fail (session != NULL, FALSE);
+ g_return_val_if_fail (out_uid != NULL, FALSE);
+ *out_uid = session->uid;
+ return TRUE;
+}
+
+/**
+ * polkit_session_get_ck_objref:
+ * @session: The session object
+ * @out_ck_objref: D-Bus object path. Shall not be freed by the caller.
+ *
+ * Get the D-Bus object path to the ConsoleKit session object.
+ *
+ * Returns: TRUE iff the value is returned
+ **/
+polkit_bool_t
+polkit_session_get_ck_objref (PolKitSession *session, char **out_ck_objref)
+{
+ g_return_val_if_fail (session != NULL, FALSE);
+ g_return_val_if_fail (out_ck_objref != NULL, FALSE);
+ *out_ck_objref = session->ck_objref;
+ return TRUE;
+}
+
+/**
+ * polkit_session_get_ck_is_active:
+ * @session: The session object
+ * @out_is_active: whether ConsoleKit reports the session as active
+ *
+ * Get whether ConsoleKit regard the session as active.
+ *
+ * Returns: TRUE iff the value is returned
+ **/
+polkit_bool_t
+polkit_session_get_ck_is_active (PolKitSession *session, polkit_bool_t *out_is_active)
+{
+ g_return_val_if_fail (session != NULL, FALSE);
+ g_return_val_if_fail (out_is_active != NULL, FALSE);
+ *out_is_active = session->is_active;
+ return TRUE;
+}
+
+/**
+ * polkit_session_get_ck_is_local:
+ * @session: The session object
+ * @out_is_local: whether ConsoleKit reports the session as local
+ *
+ * Set whether ConsoleKit regard the session as local.
+ *
+ * Returns: TRUE iff the value is returned
+ **/
+polkit_bool_t
+polkit_session_get_ck_is_local (PolKitSession *session, polkit_bool_t *out_is_local)
+{
+ g_return_val_if_fail (session != NULL, FALSE);
+ g_return_val_if_fail (out_is_local != NULL, FALSE);
+ *out_is_local = session->is_local;
+ return TRUE;
+}
+
+/**
+ * polkit_session_get_ck_remote_host:
+ * @session: The session object
+ * @out_remote_host: hostname of the host/display that ConsoleKit
+ * reports the session to occur at. Shall not be freed by the caller.
+ *
+ * Get the remote host/display that ConsoleKit reports the session to
+ * occur at.
+ *
+ * Returns: TRUE iff the value is returned
+ **/
+polkit_bool_t
+polkit_session_get_ck_remote_host (PolKitSession *session, char **out_remote_host)
+{
+ g_return_val_if_fail (session != NULL, FALSE);
+ g_return_val_if_fail (out_remote_host != NULL, FALSE);
+ *out_remote_host = session->remote_host;
+ return TRUE;
+}
+
+/**
+ * polkit_session_get_seat:
+ * @session: The session object
+ * @out_seat: Returns the seat the session belongs to. Shall not
+ * be unreffed by the caller.
+ *
+ * Get the seat that the session belongs to.
+ *
+ * Returns: TRUE iff the value is returned
+ **/
+polkit_bool_t
+polkit_session_get_seat (PolKitSession *session, PolKitSeat **out_seat)
+{
+ g_return_val_if_fail (session != NULL, FALSE);
+ g_return_val_if_fail (out_seat != NULL, FALSE);
+ *out_seat = session->seat;
+ return TRUE;
+}
+
+/**
+ * polkit_session_debug:
+ * @session: the object
+ *
+ * Print debug details
+ **/
+void
+polkit_session_debug (PolKitSession *session)
+{
+ g_return_if_fail (session != NULL);
+ _pk_debug ("PolKitSession: refcount=%d uid=%d objpath=%s is_active=%d is_local=%d remote_host=%s",
+ session->refcount, session->uid,
+ session->ck_objref, session->is_active, session->is_local, session->remote_host);
+ if (session->seat != NULL)
+ polkit_seat_debug (session->seat);
+}
+
+
+/**
+ * polkit_session_validate:
+ * @session: the object
+ *
+ * Validate the object
+ *
+ * Returns: #TRUE iff the object is valid.
+ **/
+polkit_bool_t
+polkit_session_validate (PolKitSession *session)
+{
+ polkit_bool_t ret;
+ g_return_val_if_fail (session != NULL, FALSE);
+
+ ret = FALSE;
+ if (session->is_local) {
+ if (session->remote_host != NULL)
+ goto error;
+ } else {
+ if (session->remote_host == NULL)
+ goto error;
+ }
+ ret = TRUE;
+error:
+ return TRUE;
+}
diff --git a/polkit/polkit-session.h b/polkit/polkit-session.h
new file mode 100644
index 0000000..3fb4ca0
--- /dev/null
+++ b/polkit/polkit-session.h
@@ -0,0 +1,60 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-session.h : sessions
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_SESSION_H
+#define POLKIT_SESSION_H
+
+#include <polkit/polkit-types.h>
+#include <polkit/polkit-seat.h>
+
+#include <sys/types.h>
+
+struct PolKitSession;
+typedef struct PolKitSession PolKitSession;
+
+PolKitSession *polkit_session_new (void);
+PolKitSession *polkit_session_ref (PolKitSession *session);
+void polkit_session_unref (PolKitSession *session);
+polkit_bool_t polkit_session_set_uid (PolKitSession *session, uid_t uid);
+polkit_bool_t polkit_session_set_seat (PolKitSession *session, PolKitSeat *seat);
+polkit_bool_t polkit_session_set_ck_objref (PolKitSession *session, const char *ck_objref);
+polkit_bool_t polkit_session_set_ck_is_active (PolKitSession *session, polkit_bool_t is_active);
+polkit_bool_t polkit_session_set_ck_is_local (PolKitSession *session, polkit_bool_t is_local);
+polkit_bool_t polkit_session_set_ck_remote_host (PolKitSession *session, const char *remote_host);
+polkit_bool_t polkit_session_get_uid (PolKitSession *session, uid_t *out_uid);
+polkit_bool_t polkit_session_get_seat (PolKitSession *session, PolKitSeat **out_seat);
+polkit_bool_t polkit_session_get_ck_objref (PolKitSession *session, char **out_ck_objref);
+polkit_bool_t polkit_session_get_ck_is_active (PolKitSession *session, polkit_bool_t *out_is_active);
+polkit_bool_t polkit_session_get_ck_is_local (PolKitSession *session, polkit_bool_t *out_is_local);
+polkit_bool_t polkit_session_get_ck_remote_host (PolKitSession *session, char **out_remote_host);
+
+void polkit_session_debug (PolKitSession *session);
+polkit_bool_t polkit_session_validate (PolKitSession *session);
+
+#endif /* POLKIT_SESSION_H */
diff --git a/polkit/polkit-types.h b/polkit/polkit-types.h
new file mode 100644
index 0000000..c344161
--- /dev/null
+++ b/polkit/polkit-types.h
@@ -0,0 +1,56 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-types.h : fundamental types such as polkit_bool_t
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_TYPES_H
+#define POLKIT_TYPES_H
+
+/**
+ * SECTION:polkit-types
+ * @short_description: Basic types.
+ *
+ * Typedefs for common primitive types.
+ **/
+
+/**
+ * polkit_bool_t:
+ *
+ * A boolean, valid values are #TRUE and #FALSE.
+ */
+typedef int polkit_bool_t;
+
+#ifndef TRUE
+# define TRUE 1
+#endif
+#ifndef FALSE
+# define FALSE 0
+#endif
+
+#endif /* POLKIT_TYPES_H */
+
+
diff --git a/polkit/polkit-utils.c b/polkit/polkit-utils.c
new file mode 100644
index 0000000..9b51a53
--- /dev/null
+++ b/polkit/polkit-utils.c
@@ -0,0 +1,153 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-utils.c : internal utilities used in polkit
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <sys/time.h>
+#include <time.h>
+#include <glib.h>
+#include <string.h>
+
+#include "polkit-utils.h"
+#include "polkit-debug.h"
+
+/**
+ * SECTION:polkit-utils
+ * @short_description: Internal utility functions for polkit.
+ *
+ * Internal utility functions for polkit.
+ **/
+
+/**
+ * _pk_validate_identifier:
+ * @identifier: the NUL-terminated string to validate
+ *
+ * Validates strings used for an identifier; PolicyKit conventions
+ * state that identifiers must be NUL-terminated ASCII strings less
+ * than 256 bytes and only contain the characters "[a-z][A-Z]0-9]._-:/"
+ *
+ * Returns: #TRUE iff the identifier validates
+ **/
+polkit_bool_t
+_pk_validate_identifier (const char *identifier)
+{
+ unsigned int n;
+ polkit_bool_t ret;
+
+ g_return_val_if_fail (identifier != NULL, FALSE);
+
+ ret = FALSE;
+ for (n = 0; identifier[n] != '\0'; n++) {
+ char c = identifier[n];
+
+ if (n >= 255) {
+ _pk_debug ("identifier too long");
+ goto out;
+ }
+
+ if ((c >= 'a' && c <= 'z') ||
+ (c >= 'A' && c <= 'Z') ||
+ (c >= '0' && c <= '9') ||
+ c == '.' ||
+ c == '_' ||
+ c == '-' ||
+ c == ':' ||
+ c == '/')
+ continue;
+
+ _pk_debug ("invalid character in identifier");
+ goto out;
+ }
+
+ ret = TRUE;
+out:
+ return ret;
+}
+
+
+/* Determine wether the given character is valid as a second or later character in a bus name */
+#define VALID_BUS_NAME_CHARACTER(c) \
+ ( ((c) >= '0' && (c) <= '9') || \
+ ((c) >= 'A' && (c) <= 'Z') || \
+ ((c) >= 'a' && (c) <= 'z') || \
+ ((c) == '_') || ((c) == '-'))
+
+polkit_bool_t
+_pk_validate_unique_bus_name (const char *unique_bus_name)
+{
+ int len;
+ const char *s;
+ const char *end;
+ const char *last_dot;
+ polkit_bool_t ret;
+
+ ret = FALSE;
+
+ if (unique_bus_name == NULL)
+ goto error;
+
+ len = strlen (unique_bus_name);
+ if (len == 0)
+ goto error;
+
+ end = unique_bus_name + len;
+ last_dot = NULL;
+
+ s = unique_bus_name;
+
+ /* check special cases of first char so it doesn't have to be done
+ * in the loop. Note we know len > 0
+ */
+ if (*s == ':') {
+ /* unique name */
+ ++s;
+ while (s != end) {
+ if (*s == '.') {
+ if (G_UNLIKELY ((s + 1) == end))
+ goto error;
+ if (G_UNLIKELY (!VALID_BUS_NAME_CHARACTER (*(s + 1))))
+ goto error;
+ ++s; /* we just validated the next char, so skip two */
+ } else if (G_UNLIKELY (!VALID_BUS_NAME_CHARACTER (*s))) {
+ goto error;
+ }
+ ++s;
+ }
+ } else {
+ goto error;
+ }
+
+ ret = TRUE;
+
+error:
+ if (!ret)
+ _pk_debug ("name '%s' did not validate", unique_bus_name);
+ return ret;
+}
diff --git a/polkit/polkit-utils.h b/polkit/polkit-utils.h
new file mode 100644
index 0000000..5dee853
--- /dev/null
+++ b/polkit/polkit-utils.h
@@ -0,0 +1,37 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-utils.h : internal utilities used in polkit
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#ifndef POLKIT_UTILS_H
+#define POLKIT_UTILS_H
+
+#include <polkit/polkit-types.h>
+
+polkit_bool_t _pk_validate_identifier (const char *identifier);
+
+polkit_bool_t _pk_validate_unique_bus_name (const char *unique_bus_name);
+
+#endif /* POLKIT_UTILS_H */
+
+
diff --git a/polkit/polkit.h b/polkit/polkit.h
new file mode 100644
index 0000000..3ce6947
--- /dev/null
+++ b/polkit/polkit.h
@@ -0,0 +1,48 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit.h : library for querying system-wide policy
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#ifndef POLKIT_H
+#define POLKIT_H
+
+#define _POLKIT_INSIDE_POLKIT_H 1
+#include <polkit/polkit-types.h>
+#include <polkit/polkit-error.h>
+#include <polkit/polkit-result.h>
+#include <polkit/polkit-context.h>
+#include <polkit/polkit-action.h>
+#include <polkit/polkit-resource.h>
+#include <polkit/polkit-seat.h>
+#include <polkit/polkit-session.h>
+#include <polkit/polkit-caller.h>
+#include <polkit/polkit-policy-file-entry.h>
+#include <polkit/polkit-policy-file.h>
+#include <polkit/polkit-policy-cache.h>
+#include <polkit/polkit-policy-default.h>
+#include <polkit/polkit-module.h>
+#undef _POLKIT_INSIDE_POLKIT_H
+
+#endif /* POLKIT_H */
+
+
diff --git a/tools/Makefile.am b/tools/Makefile.am
index 4524d70..eddca37 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -14,16 +14,16 @@ INCLUDES = \
bin_PROGRAMS = polkit-check-caller polkit-check-session polkit-policy-file-validate polkit-grant
polkit_check_caller_SOURCES = polkit-check-caller.c
-polkit_check_caller_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/libpolkit/libpolkit.la $(top_builddir)/libpolkit-dbus/libpolkit-dbus.la
+polkit_check_caller_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/polkit/libpolkit.la $(top_builddir)/polkit-dbus/libpolkit-dbus.la
polkit_check_session_SOURCES = polkit-check-session.c
-polkit_check_session_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/libpolkit/libpolkit.la $(top_builddir)/libpolkit-dbus/libpolkit-dbus.la
+polkit_check_session_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/polkit/libpolkit.la $(top_builddir)/polkit-dbus/libpolkit-dbus.la
polkit_policy_file_validate_SOURCES = polkit-policy-file-validate.c
-polkit_policy_file_validate_LDADD = $(top_builddir)/libpolkit/libpolkit.la
+polkit_policy_file_validate_LDADD = $(top_builddir)/polkit/libpolkit.la
polkit_grant_SOURCES = polkit-grant.c
-polkit_grant_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/libpolkit/libpolkit.la $(top_builddir)/libpolkit-grant/libpolkit-grant.la $(top_builddir)/libpolkit-dbus/libpolkit-dbus.la
+polkit_grant_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/polkit/libpolkit.la $(top_builddir)/polkit-grant/libpolkit-grant.la $(top_builddir)/polkit-dbus/libpolkit-dbus.la
clean-local :
rm -f *~
diff --git a/tools/polkit-check-caller.c b/tools/polkit-check-caller.c
index 304a282..bfb3ffa 100644
--- a/tools/polkit-check-caller.c
+++ b/tools/polkit-check-caller.c
@@ -35,7 +35,7 @@
#include <unistd.h>
#include <errno.h>
-#include <libpolkit-dbus/libpolkit-dbus.h>
+#include <polkit-dbus/polkit-dbus.h>
#include <glib.h>
@@ -149,30 +149,30 @@ main (int argc, char *argv[])
}
p_error = NULL;
- pol_ctx = libpolkit_context_new ();
- if (!libpolkit_context_init (pol_ctx, &p_error)) {
- fprintf (stderr, "error: libpolkit_context_init: %s\n", polkit_error_get_error_message (p_error));
+ pol_ctx = polkit_context_new ();
+ if (!polkit_context_init (pol_ctx, &p_error)) {
+ fprintf (stderr, "error: polkit_context_init: %s\n", polkit_error_get_error_message (p_error));
polkit_error_free (p_error);
return 1;
}
- action = libpolkit_action_new ();
- libpolkit_action_set_action_id (action, action_id);
+ action = polkit_action_new ();
+ polkit_action_set_action_id (action, action_id);
- resource = libpolkit_resource_new ();
- libpolkit_resource_set_resource_type (resource, resource_type);
- libpolkit_resource_set_resource_id (resource, resource_id);
+ resource = polkit_resource_new ();
+ polkit_resource_set_resource_type (resource, resource_type);
+ polkit_resource_set_resource_id (resource, resource_id);
- caller = libpolkit_caller_new_from_dbus_name (bus, dbus_name, &error);
+ caller = polkit_caller_new_from_dbus_name (bus, dbus_name, &error);
if (caller == NULL) {
if (dbus_error_is_set (&error)) {
- fprintf (stderr, "error: libpolkit_caller_new_from_dbus_name(): %s: %s\n",
+ fprintf (stderr, "error: polkit_caller_new_from_dbus_name(): %s: %s\n",
error.name, error.message);
return 1;
}
}
- allowed = libpolkit_context_can_caller_access_resource (pol_ctx, action, resource, caller);
+ allowed = polkit_context_can_caller_access_resource (pol_ctx, action, resource, caller);
if (allowed)
return 0;
diff --git a/tools/polkit-check-session.c b/tools/polkit-check-session.c
index 609e8db..b232737 100644
--- a/tools/polkit-check-session.c
+++ b/tools/polkit-check-session.c
@@ -35,7 +35,7 @@
#include <unistd.h>
#include <errno.h>
-#include <libpolkit-dbus/libpolkit-dbus.h>
+#include <polkit-dbus/polkit-dbus.h>
#include <glib.h>
@@ -152,35 +152,35 @@ main (int argc, char *argv[])
}
p_error = NULL;
- pol_ctx = libpolkit_context_new ();
- if (!libpolkit_context_init (pol_ctx, &p_error)) {
- fprintf (stderr, "error: libpolkit_context_init: %s\n", polkit_error_get_error_message (p_error));
+ pol_ctx = polkit_context_new ();
+ if (!polkit_context_init (pol_ctx, &p_error)) {
+ fprintf (stderr, "error: polkit_context_init: %s\n", polkit_error_get_error_message (p_error));
polkit_error_free (p_error);
return 1;
}
if (session_id != NULL) {
- session = libpolkit_session_new_from_objpath (bus, session_id, -1, &error);
+ session = polkit_session_new_from_objpath (bus, session_id, -1, &error);
} else {
if (cookie == NULL) {
fprintf (stderr, "Not part of a session. Try --session instead.\n");
return 1;
}
- session = libpolkit_session_new_from_cookie (bus, cookie, &error);
+ session = polkit_session_new_from_cookie (bus, cookie, &error);
}
if (session == NULL) {
- fprintf (stderr, "error: libpolkit_session_new_from_objpath: %s: %s\n", error.name, error.message);
+ fprintf (stderr, "error: polkit_session_new_from_objpath: %s: %s\n", error.name, error.message);
return 1;
}
- action = libpolkit_action_new ();
- libpolkit_action_set_action_id (action, action_id);
+ action = polkit_action_new ();
+ polkit_action_set_action_id (action, action_id);
- resource = libpolkit_resource_new ();
- libpolkit_resource_set_resource_type (resource, resource_type);
- libpolkit_resource_set_resource_id (resource, resource_id);
+ resource = polkit_resource_new ();
+ polkit_resource_set_resource_type (resource, resource_type);
+ polkit_resource_set_resource_id (resource, resource_id);
- allowed = libpolkit_context_can_session_access_resource (pol_ctx, action, resource, session);
+ allowed = polkit_context_can_session_access_resource (pol_ctx, action, resource, session);
if (allowed)
return 0;
diff --git a/tools/polkit-grant.c b/tools/polkit-grant.c
index d993b5f..0c5181d 100644
--- a/tools/polkit-grant.c
+++ b/tools/polkit-grant.c
@@ -37,8 +37,8 @@
#include <errno.h>
#include <termios.h>
-#include <libpolkit-dbus/libpolkit-dbus.h>
-#include <libpolkit-grant/libpolkit-grant.h>
+#include <polkit-dbus/polkit-dbus.h>
+#include <polkit-grant/polkit-grant.h>
#include <glib.h>
@@ -71,15 +71,15 @@ static void
conversation_type (PolKitGrant *polkit_grant, PolKitResult auth_type, void *user_data)
{
switch (auth_type) {
- case LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH:
- case LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_SESSION:
- case LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_ALWAYS:
+ case POLKIT_RESULT_ONLY_VIA_ROOT_AUTH:
+ case POLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_SESSION:
+ case POLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_ALWAYS:
printf ("Authentication as root is required.\n");
break;
- case LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH:
- case LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION:
- case LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS:
+ case POLKIT_RESULT_ONLY_VIA_SELF_AUTH:
+ case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION:
+ case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS:
printf ("Authentication is required.\n");
break;
@@ -154,11 +154,11 @@ conversation_override_grant_type (PolKit
PolKitResult overridden_auth_type;
switch (auth_type) {
- case LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH:
- case LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH:
+ case POLKIT_RESULT_ONLY_VIA_ROOT_AUTH:
+ case POLKIT_RESULT_ONLY_VIA_SELF_AUTH:
break;
- case LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_SESSION:
- case LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION:
+ case POLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_SESSION:
+ case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION:
printf ("Keep this privilege for the session? [no/session]?\n");
getline (&lineptr, &linelen, stdin);
if (g_str_has_prefix (lineptr, "no")) {
@@ -171,8 +171,8 @@ conversation_override_grant_type (PolKit
}
free (lineptr);
break;
- case LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_ALWAYS:
- case LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS:
+ case POLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_ALWAYS:
+ case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS:
printf ("Keep this privilege for the session or always? [no/session/always]?\n");
getline (&lineptr, &linelen, stdin);
if (g_str_has_prefix (lineptr, "no")) {
@@ -193,24 +193,24 @@ conversation_override_grant_type (PolKit
}
switch (auth_type) {
- case LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH:
- case LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_SESSION:
- case LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_ALWAYS:
- overridden_auth_type = LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH;
+ case POLKIT_RESULT_ONLY_VIA_ROOT_AUTH:
+ case POLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_SESSION:
+ case POLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_ALWAYS:
+ overridden_auth_type = POLKIT_RESULT_ONLY_VIA_ROOT_AUTH;
if (keep_session)
- overridden_auth_type = LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_SESSION;
+ overridden_auth_type = POLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_SESSION;
else if (keep_always)
- overridden_auth_type = LIBPOLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_ALWAYS;
+ overridden_auth_type = POLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_ALWAYS;
break;
- case LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH:
- case LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION:
- case LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS:
- overridden_auth_type = LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH;
+ case POLKIT_RESULT_ONLY_VIA_SELF_AUTH:
+ case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION:
+ case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS:
+ overridden_auth_type = POLKIT_RESULT_ONLY_VIA_SELF_AUTH;
if (keep_session)
- overridden_auth_type = LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION;
+ overridden_auth_type = POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION;
else if (keep_always)
- overridden_auth_type = LIBPOLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS;
+ overridden_auth_type = POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS;
break;
default:
@@ -238,7 +238,7 @@ child_watch_func (GPid pid,
gpointer user_data)
{
PolKitGrant *polkit_grant = user_data;
- libpolkit_grant_child_func (polkit_grant, pid, WEXITSTATUS (status));
+ polkit_grant_child_func (polkit_grant, pid, WEXITSTATUS (status));
}
static int
@@ -253,7 +253,7 @@ io_watch_have_data (GIOChannel *channel,
int fd;
PolKitGrant *polkit_grant = user_data;
fd = g_io_channel_unix_get_fd (channel);
- libpolkit_grant_io_func (polkit_grant, fd);
+ polkit_grant_io_func (polkit_grant, fd);
return TRUE;
}
@@ -368,31 +368,31 @@ main (int argc, char *argv[])
}
p_error = NULL;
- pol_ctx = libpolkit_context_new ();
- if (!libpolkit_context_init (pol_ctx, &p_error)) {
- fprintf (stderr, "error: libpolkit_context_init: %s\n", polkit_error_get_error_message (p_error));
+ pol_ctx = polkit_context_new ();
+ if (!polkit_context_init (pol_ctx, &p_error)) {
+ fprintf (stderr, "error: polkit_context_init: %s\n", polkit_error_get_error_message (p_error));
polkit_error_free (p_error);
goto error;
}
- action = libpolkit_action_new ();
- libpolkit_action_set_action_id (action, action_id);
+ action = polkit_action_new ();
+ polkit_action_set_action_id (action, action_id);
- resource = libpolkit_resource_new ();
- libpolkit_resource_set_resource_type (resource, resource_type);
- libpolkit_resource_set_resource_id (resource, resource_id);
+ resource = polkit_resource_new ();
+ polkit_resource_set_resource_type (resource, resource_type);
+ polkit_resource_set_resource_id (resource, resource_id);
- caller = libpolkit_caller_new_from_dbus_name (bus, dbus_bus_get_unique_name (bus), &error);
+ caller = polkit_caller_new_from_dbus_name (bus, dbus_bus_get_unique_name (bus), &error);
if (caller == NULL) {
if (dbus_error_is_set (&error)) {
- fprintf (stderr, "error: libpolkit_caller_new_from_dbus_name(): %s: %s\n",
+ fprintf (stderr, "error: polkit_caller_new_from_dbus_name(): %s: %s\n",
error.name, error.message);
goto error;
}
}
- polkit_grant = libpolkit_grant_new ();
- libpolkit_grant_set_functions (polkit_grant,
+ polkit_grant = polkit_grant_new ();
+ polkit_grant_set_functions (polkit_grant,
add_io_watch,
add_child_watch,
remove_watch,
@@ -405,7 +405,7 @@ main (int argc, char *argv[])
conversation_done,
&ud);
- if (!libpolkit_grant_initiate_auth (polkit_grant,
+ if (!polkit_grant_initiate_auth (polkit_grant,
action,
resource,
caller)) {
@@ -414,7 +414,7 @@ main (int argc, char *argv[])
goto error;
}
g_main_loop_run (ud.loop);
- libpolkit_grant_unref (polkit_grant);
+ polkit_grant_unref (polkit_grant);
printf ("Privilege grant done.. result=%d\n", ud.gained_privilege);
diff --git a/tools/polkit-policy-file-validate.c b/tools/polkit-policy-file-validate.c
index 3d2353d..4bd1d76 100644
--- a/tools/polkit-policy-file-validate.c
+++ b/tools/polkit-policy-file-validate.c
@@ -36,7 +36,7 @@
#include <unistd.h>
#include <errno.h>
-#include <libpolkit/libpolkit.h>
+#include <polkit/polkit.h>
static void
usage (int argc, char *argv[])
@@ -61,13 +61,13 @@ validate_file (const char *file)
PolKitError *error;
error = NULL;
- priv_file = libpolkit_policy_file_new (file, &error);
+ priv_file = polkit_policy_file_new (file, &error);
if (priv_file == NULL) {
printf ("%s did not validate: %s\n", file, polkit_error_get_error_message (error));
polkit_error_free (error);
return FALSE;
}
- libpolkit_policy_file_unref (priv_file);
+ polkit_policy_file_unref (priv_file);
return TRUE;
}
More information about the hal-commit
mailing list