PolicyKit: Branch 'master'
David Zeuthen
david at kemper.freedesktop.org
Fri Aug 24 12:36:07 PDT 2007
doc/man/PolicyKit.8.in | 35 --
doc/man/PolicyKit.conf.5.in | 236 -------------------
doc/man/PolicyKit.conf.xml | 380 +++++++++++++++++++++++++++++++
doc/man/PolicyKit.xml | 74 ++++++
doc/man/polkit-check-caller.1.in | 65 -----
doc/man/polkit-check-session.1.in | 65 -----
doc/man/polkit-config-file-validate.xml | 105 ++++++++
doc/man/polkit-grant.xml | 125 ++++++++++
doc/man/polkit-list-actions.1.in | 44 ---
doc/man/polkit-list-actions.xml | 101 ++++++++
doc/man/polkit-policy-file-validate.1.in | 53 ----
doc/man/polkit-policy-file-validate.xml | 104 ++++++++
tools/polkit-check-caller.c | 164 -------------
tools/polkit-check-session.c | 173 --------------
14 files changed, 889 insertions(+), 835 deletions(-)
New commits:
diff-tree 7b3f73291a742e8ef41cd4b63dcbb79d599c88ad (from 3b73f007910c5436828b4cecdd1e47eee40eaf0c)
Author: David Zeuthen <davidz at redhat.com>
Date: Fri Aug 24 15:31:35 2007 -0400
convert manual page sources to Docbook, add polkit-config-file-validate tool
Also drop the polkit-check-caller and polkit-check-session tools;
they're not really useful in their current incarnation.
diff --git a/doc/man/PolicyKit.8.in b/doc/man/PolicyKit.8.in
deleted file mode 100644
index a426580..0000000
--- a/doc/man/PolicyKit.8.in
+++ /dev/null
@@ -1,35 +0,0 @@
-.\"
-.\" PolicyKit manual page.
-.\" Copyright (C) 2007 David Zeuthen <david at fubar.dk>
-.\"
-.TH POLICYKIT 8
-.SH NAME
-PolicyKit \- centralized policy management
-.SH DESCRIPTION
-.PP
-
-For more information about the big picture refer to the \fIPolicyKit
-spec\fP which can be found in
-.I "@docdir@/spec/polkit-spec.html"
-depending on the distribution.
-
-.SH BUGS
-.PP
-Please send bug reports to either the distribution or the HAL
-mailing list, see
-.I "http://lists.freedesktop.org/mailman/listinfo/hal"
-on how to subscribe.
-
-.SH SEE ALSO
-.PP
-\&\fIPolicyKit.conf\fR\|(5),
-\&\fIpolkit-list-actions\fR\|(1),
-\&\fIpolkit-check-caller\fR\|(1),
-\&\fIpolkit-check-session\fR\|(1),
-\&\fIpolkit-policy-file-validate\fR\|(1),
-\&\fIpolkit-grant\fR\|(1)
-
-.SH AUTHOR
-Written by David Zeuthen <david at fubar.dk> with a lot of help from many
-others.
-
diff --git a/doc/man/PolicyKit.conf.5.in b/doc/man/PolicyKit.conf.5.in
deleted file mode 100644
index 79435ef..0000000
--- a/doc/man/PolicyKit.conf.5.in
+++ /dev/null
@@ -1,236 +0,0 @@
-.\" -*- Nroff -*-
-.\" PolicyKit.conf manual page.
-.\" Copyright (C) 2007 David Zeuthen <david at fubar.dk>
-.\"
-.TH POLICYKIT.CONF 5
-.SH NAME
- at sysconfdir@/PolicyKit/PolicyKit.conf \- PolicyKit configuration file
-.SH DESCRIPTION
-.PP
-
-The
-.I @sysconfdir@/PolicyKit/PolicyKit.conf
-configuration file provides a way for system administrators to
-override policy that mechanisms use
-.I libpolkit
-to determine whether a caller is privileged to use the mechanism in the way specified by the given
-.I action
-identifier.
-
-Changes to this configuration file are immediately propagated to
-running processes using the \&\fIlibpolkit\fR\|(3) library. If the
-configuration file is invalid, processes using this library will log
-this fact to the system logger and the library will only only return
-.B no
-as the answer to processes using it.
-
-.B TODO:
-we need to have a tool to verify the PolicyKit.conf file is well
-formed.
-
-For more information about the big picture refer to the \fIPolicyKit
-spec\fP which can be found in
-.I "@docdir@/spec/polkit-spec.html"
-depending on the distribution.
-
-.SH CONFIGURATION FILE
-.PP
-
-The configuration file is an XML document. It must
-have the following doctype declaration:
-
- <!DOCTYPE pkconfig PUBLIC "-//freedesktop//DTD PolicyKit Configuration 1.0//EN"
- "http://hal.freedesktop.org/releases/PolicyKit/1.0/config.dtd">
-
-The following elements may be present in the configuration file
-
-.I config
-
-Root element. A single attribute
-.I version
-must be present and must be set to
-.I "0.1"
-at this point. There can only be one
-.I config
-element in the configuration file.
-
-.I match
-
-This element is for matching information related to the decision
-making process and includes values describing both the caller and the
-action. This element can be embedded in both
-.I config
-and other
-.I match
-elements (hence allowing for nested matching).
-
-There can only be a single attribute in each
-.I match
-element and POSIX Extended Regular Expression syntax are supported in
-the value part. The following attributes are supported:
-
-.I
-.TP
-.B user
-This matches on the user's login name.
-.TP
-.B action
-For matching on the action, for example
-.B action="org.freedesktop.hal.storage.*"
-will match on all actions whose name begins with the string with "org.freedesktop.hal.storage.".
-
-.PP
-
-.I return
-
-This element is for used to specify what result
-.I libpolkit
-should return. It can only be embedded in
-.I config
-and
-.I match
-elements and can embed no elements itself. The
-.I return
-element is typically used deeply inside a number of
-.I match
-elements. A single attribute
-.I result
-is supported and it can assume the following values
-
-.TP
-.B no
-Access denied.
-.TP
-.B auth_admin
-Access denied, but authentication of the caller as root will grant
-access to only that caller.
-.TP
-.B auth_admin_keep_session
-Access denied, but authentication of the caller as root will grant
-access for the remainder of the session the caller stems from.
-.TP
-.B auth_admin_keep_always
-Access denied, but authentication of the caller as root will grant
-access to the user of the caller in the future.
-.TP
-.B auth_self
-Access denied, but authentication of the caller as himself will grant
-access to only that caller.
-.TP
-.B auth_self_keep_session
-Access denied, but authentication of the caller as himself will grant
-access for the remainder of the session the caller stems from.
-.TP
-.B auth_self_keep_always
-Access denied, but authentication of the caller as himself will grant
-access to the user of the caller in the future.
-.TP
-.B yes
-Access granted.
-
-.PP
-
-.I define_admin_auth
-
-This element is used to specify the meaning of "authenticate as
-administrator". It is normally used at the top-level but can also be
-used deep inside a number of
-.I match
-elements for conditional behavior.
-
-There can only be a single attribute in each
-.I define_admin_auth
-element. POSIX Extended Regular Expression syntax are
-.B not
-supported in the value part, however multiple values to match on can
-be separated with the bar (|) character. The following attributes
-are supported:
-
-.TP
-.B user
-Administrator authentication means authenticate as the given user.
-If no
-.I define_admin_auth
-element is given, the default is to use
-.B user="root"
-e.g. administrator authentication mean authenticate as the super user.
-
-.TP
-.B group
-Administrator authentication means that any user in the groups matching
-the given value can be used to authenticate. Typically, on a system
-with the root account disabled one wants to use something like
-.B group="wheel"
-to e.g. enable all UNIX users in the UNIX group
-.B wheel
-to be able to authentication whenever administrator authentication
-is required.
-
-.SH EXAMPLES
-
-For brevity the standard XML and doctype headers are omitted in the
-following configuration file examples. The actions used may also be
-fictional, use \&\fIpolkit-list-actions\fR\|(1) to learn about the
-actions installed on the system.
-
-.I ALLOW EVERYTHING
-
- <config version="0.1">
-.br
- <match user="davidz|bateman">
-.br
- <return result="yes"/>
-.br
- </match>
-.br
- </config>
-.br
-
-The two UNIX users "davidz" and "bateman" to do any action.
-
-.I MOUNTING FIXED DRIVES
-
-Suppose the action
-.I org.freedesktop.hal.storage.mount-fixed
-is used by \&\fIhald\fR\|(8) to determine whether mounting internal
-hard drives are allowed. Then this configuration file
-
- <config version="0.1">
-.br
- <match action="org.freedesktop.hal.storage.mount-fixed">
- <match user="davidz">
-.br
- <return result="yes"/>
-.br
- </match>
- <match user="freddy">
-.br
- <return result="no"/>
-.br
- </match>
-.br
- </match>
-.br
- </config>
-.br
-
-specifies that UNIX user "davidz" is always allowed to do the action,
-while UNIX user "freddy" is never allowed to do the action.
-
-.SH BUGS
-.PP
-Please send bug reports to either the distribution or the HAL
-mailing list, see
-.I "http://lists.freedesktop.org/mailman/listinfo/hal"
-on how to subscribe.
-
-.SH SEE ALSO
-.PP
-\&\fIPolicyKit\fR\|(8),
-\&\fIpolkit-list-actions\fR\|(1)
-
-
-.SH AUTHOR
-Written by David Zeuthen <david at fubar.dk> with a lot of help from many
-others.
-
diff --git a/doc/man/PolicyKit.conf.xml b/doc/man/PolicyKit.conf.xml
new file mode 100644
index 0000000..b93d479
--- /dev/null
+++ b/doc/man/PolicyKit.conf.xml
@@ -0,0 +1,380 @@
+<?xml version='1.0'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+
+<article>
+ <section>
+ <title>PolicyKit.conf</title>
+ <refentry>
+ <refentryinfo>
+ <title>PolicyKit.conf</title>
+ <date>August 2007</date>
+ <productname>PolicyKit</productname>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle>PolicyKit.conf</refentrytitle>
+ <manvolnum>5</manvolnum>
+ <refmiscinfo class="version"></refmiscinfo>
+ </refmeta>
+
+ <refnamediv>
+ <refname>PolicyKit.conf</refname>
+ <refpurpose>PolicyKit configuration file</refpurpose>
+ </refnamediv>
+
+ <refsect1><title>DESCRIPTION</title>
+ <para>
+ The <filename>/etc/PolicyKit/PolicyKit.conf</filename>
+ configuration file provides a way for system administrators
+ to override policy for mechanisms that use the PolicyKit
+ library to determine whether a caller is allowed to use the
+ mechanism.
+ </para>
+
+ <para>
+ Changes to this configuration file are immediately
+ propagated to running processes using the PolicyKit
+ library. If the configuration file is invalid, processes
+ using this library will log this fact to the system logger
+ and the library will only only
+ return <emphasis>no</emphasis> as the answer to processes
+ using it.
+ </para>
+
+ <para>
+ The <citerefentry><refentrytitle>polkit-config-file-validate</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+ tool can be used to verify that the configuration file is
+ valid.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>FILE FORMAT</title>
+ <para>
+ The configuration file is an XML document. It must have the
+ following doctype declaration:
+ </para>
+
+ <programlisting>
+ <![CDATA[
+<!DOCTYPE pkconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Configuration 1.0//EN"
+ "http://hal.freedesktop.org/releases/PolicyKit/1.0/config.dtd">
+]]>
+ </programlisting>
+
+ <para>
+ The following elements may be present in the configuration file:
+ </para>
+
+ <refsect2>
+ <title>config</title>
+ <para>
+ This is the root element. A single
+ attribute <emphasis>version</emphasis> must be present and
+ must be set to "0.1" at this point. There can only be one
+ <emphasis>config</emphasis> element in the configuration file.
+ </para>
+ </refsect2>
+
+ <refsect2>
+ <title>match</title>
+ <para>
+ This element is for matching information related to the
+ decision making process and includes values describing
+ both the caller and the action. This element can be
+ embedded in both <emphasis>config</emphasis> and
+ other <emphasis>match</emphasis> elements (hence allowing
+ for nested matching).
+ </para>
+ <para>
+ There can only be a single attribute in
+ each <emphasis>match</emphasis> element and POSIX Extended
+ Regular Expression syntax are supported in the value
+ part. The following attributes are supported:
+ </para>
+
+ <variablelist>
+ <varlistentry>
+ <term><emphasis>user</emphasis></term>
+ <listitem>
+ <para>
+ This matches on the users login name.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><emphasis>action</emphasis></term>
+ <listitem>
+ <para>
+ For matching on the given action being queried for,
+ for example
+ <emphasis>action="org.foo.*"</emphasis> will match
+ on all actions whose action identifier begins with
+ the string "org.foo.".
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ </refsect2>
+
+ <refsect2>
+ <title>return</title>
+ <para>
+ This element is for used to specify what result the
+ PolicyKit library will return. It can only be embedded in
+ <emphasis>config</emphasis> and <emphasis>match</emphasis>
+ elements and can embed no elements
+ itself. The <emphasis>return</emphasis> element is
+ typically used deeply inside a number
+ of <emphasis>match</emphasis> elements. A single attribute,
+ <emphasis>result</emphasis> is supported and it can assume
+ the following values:
+ </para>
+
+ <variablelist>
+ <varlistentry>
+ <term><emphasis>no</emphasis></term>
+ <listitem>
+ <para>
+ Access denied.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><emphasis>auth_self</emphasis></term>
+ <listitem>
+ <para>
+ Access denied, but authentication of the caller as
+ himself will grant access to only that caller.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><emphasis>auth_self_keep_session</emphasis></term>
+ <listitem>
+ <para>
+ Access denied, but authentication of the caller as
+ himself will grant access to any caller in the
+ session of the caller belongs to.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><emphasis>auth_self_keep_always</emphasis></term>
+ <listitem>
+ <para>
+ Access denied, but authentication of the caller as
+ himself will grant access any caller with the given
+ uid in the future.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><emphasis>auth_admin</emphasis></term>
+ <listitem>
+ <para>
+ Access denied, but authentication of the caller as
+ an administrative user will grant access to only
+ that caller.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><emphasis>auth_admin_keep_session</emphasis></term>
+ <listitem>
+ <para>
+ Access denied, but authentication of the caller as
+ an administrative user will grant access to any caller
+ in the session of the caller belongs to.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><emphasis>auth_admin_keep_always</emphasis></term>
+ <listitem>
+ <para>
+ Access denied, but authentication of the caller as
+ an administrative user will grant access any caller
+ with the given uid in the future.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><emphasis>yes</emphasis></term>
+ <listitem>
+ <para>
+ Access granted.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ </refsect2>
+
+ <refsect2>
+ <title>define_admin_auth</title>
+ <para>
+ This element is used to specify the meaning of
+ <emphasis>"authenticate as administrator"</emphasis>. It
+ is normally used at the top-level but can also be used
+ deep inside a number of
+ <emphasis>match</emphasis> elements for conditional
+ behavior.
+ </para>
+
+ <para>
+ There can only be a single attribute in
+ each <emphasis>define_admin_auth</emphasis> element. POSIX
+ Extended Regular Expression syntax
+ is <emphasis>not</emphasis> supported in the value part,
+ however multiple values to match on can be separated with
+ the bar (|) character. The following attributes are
+ supported:
+ </para>
+
+ <variablelist>
+ <varlistentry>
+ <term><emphasis>user</emphasis></term>
+ <listitem>
+ <para>
+ Administrator authentication means authenticate as
+ the given user(s). If
+ no <emphasis>define_admin_auth</emphasis> element is
+ given, the default is to
+ use <emphasis>user="root"</emphasis>
+ e.g. administrator authentication mean authenticate
+ as the super user.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><emphasis>group</emphasis></term>
+ <listitem>
+ <para>
+ Administrator authentication means that any user in
+ the groups matching the given value can be used to
+ authenticate. Typically, on a system with the root
+ account disabled one wants to use something like
+ <emphasis>group="wheel"</emphasis> to e.g. enable
+ all UNIX users in the UNIX group
+ <emphasis>wheel</emphasis> to be able to
+ authentication whenever administrator authentication
+ is required.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ </refsect2>
+
+ </refsect1>
+
+ <refsect1>
+ <title>EXAMPLES</title>
+ <para>
+ For brevity, the standard XML and DOCTYPE headers as well as
+ the top-level <emphasis>config</emphasis> are omitted in the
+ following configuration file examples. The actions used may
+ also be fictional,
+ use <citerefentry><refentrytitle>polkit-list-actions</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+ to learn about the actions available on your system.
+ </para>
+
+ <refsect2>
+ <title>ALLOW EVERYTHING</title>
+ <para>
+ The users "davidz" and "bateman" are allowed to do any
+ action:
+ </para>
+ <programlisting>
+ <![CDATA[
+<match user="davidz|bateman">
+ <return result="yes"/>
+</match>
+]]>
+ </programlisting>
+ </refsect2>
+
+ <refsect2>
+ <title>MOUNTING FIXED DRIVES</title>
+ <para>
+ Suppose the
+ action <emphasis>org.freedesktop.hal.storage.mount-fixed</emphasis>
+ is used to determine whether mounting internal hard drives
+ are allowed. Then this configuration file
+
+ </para>
+ <programlisting>
+ <![CDATA[
+<match action="org.freedesktop.hal.storage.mount-fixed">
+ <match user="davidz">
+ <return result="yes"/>
+ </match>
+ <match user="freddy">
+ <return result="no"/>
+ </match>
+</match>
+]]>
+ </programlisting>
+ <para>
+ specifies that user "davidz" is always allowed to do the
+ action, while user "freddy" is never allowed to do the
+ action. Other users will be subject to the defaults
+ results specified in the <emphasis>.policy</emphasis> file
+ describing the action.
+ </para>
+
+ </refsect2>
+
+ </refsect1>
+
+ <refsect1>
+ <title>AUTHOR</title>
+ <para>
+ Written by David Zeuthen <email>david at fubar.dk</email> with
+ a lot of help from many others.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>BUGS</title>
+ <para>
+ Please send bug reports to either the distribution or the
+ hal mailing list,
+ see <ulink url="http://lists.freedesktop.org/mailman/listinfo/hal"/>.
+ to subscribe.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>PolicyKit</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>polkit-config-file-validate</refentrytitle><manvolnum>1</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>polkit-list-actions</refentrytitle><manvolnum>1</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>polkit-grant</refentrytitle><manvolnum>1</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+ </refentry>
+ </section>
+</article>
diff --git a/doc/man/PolicyKit.xml b/doc/man/PolicyKit.xml
new file mode 100644
index 0000000..cf30649
--- /dev/null
+++ b/doc/man/PolicyKit.xml
@@ -0,0 +1,74 @@
+<?xml version='1.0'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+
+<article>
+ <section>
+ <title>PolicyKit</title>
+ <refentry>
+ <refentryinfo>
+ <title>PolicyKit</title>
+ <date>August 2007</date>
+ <productname>PolicyKit</productname>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle>PolicyKit</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="version"></refmiscinfo>
+ </refmeta>
+
+ <refnamediv>
+ <refname>PolicyKit</refname>
+ <refpurpose>centralized policy management</refpurpose>
+ </refnamediv>
+
+ <refsect1><title>DESCRIPTION</title>
+ <para>
+ For more information about the big picture refer to the
+ PolicyKit specification which can be normally be found
+ under <filename>/usr/share/doc</filename>.
+ </para>
+
+ <para>
+ <emphasis>TODO:</emphasis> This manual page should contain a
+ simple introduction to PolicyKit for a system administrator
+ audience. Remains to be written.
+ </para>
+ </refsect1>
+
+
+ <refsect1><title>AUTHOR</title>
+ <para>
+ Written by David Zeuthen <email>david at fubar.dk</email> with
+ a lot of help from many others.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>BUGS</title>
+ <para>
+ Please send bug reports to either the distribution or the
+ hal mailing list,
+ see <ulink url="http://lists.freedesktop.org/mailman/listinfo/hal"/>.
+ to subscribe.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>PolicyKit.conf</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>polkit-list-actions</refentrytitle><manvolnum>1</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>polkit-grant</refentrytitle><manvolnum>1</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+ </refentry>
+ </section>
+</article>
diff --git a/doc/man/polkit-check-caller.1.in b/doc/man/polkit-check-caller.1.in
deleted file mode 100644
index df67b33..0000000
--- a/doc/man/polkit-check-caller.1.in
+++ /dev/null
@@ -1,65 +0,0 @@
-.\"
-.\" polkit-check-caller manual page.
-.\" Copyright (C) 2007 David Zeuthen <david at fubar.dk>
-.\"
-.TH POLKIT-CHECK-CALLER 1
-.SH NAME
-polkit-check-caller \- check access
-.SH SYNOPSIS
-.PP
-.B polkit-check-caller
-[options]
-
-.SH DESCRIPTION
-
-\fIpolkit-check-caller\fP can be used to determine if a given caller
-can a given action. For more information about the big picture refer
-to the \fIPolicyKit spec\fP which can be found in
-.I "@docdir@/spec/polkit-spec.html"
-depending on the distribution.
-
-.SH OPTIONS
-The following options are supported:
-.TP
-.I "--action"
-The action to check.
-.TP
-.I "--caller"
-The caller to check for. Must be the callers unique name on the D-Bus
-system message bus.
-.TP
-.I "--resource-type"
-Type of resource.
-.TP
-.I "--resource"
-Identifier of resource.
-.TP
-.I "--help"
-Print out usage.
-.TP
-.I "--version"
-Print the version.
-
-.SH RETURN VALUE
-.PP
-If access is allowed, this
-program exits with exit code 0. If no access is allowed or an error
-occurs, the program exits with a non-zero exit code.
-
-.SH BUGS
-.PP
-Please send bug reports to either the distribution or the HAL
-mailing list, see
-.I "http://lists.freedesktop.org/mailman/listinfo/hal"
-on how to subscribe.
-
-.SH SEE ALSO
-.PP
-\&\fIPolicyKit\fR\|(8),
-\&\fIdbus-daemon\fR\|(1),
-\&\fIpolkit-check-session\fR\|(1)
-
-.SH AUTHOR
-Written by David Zeuthen <david at fubar.dk> with a lot of help from many
-others.
-
diff --git a/doc/man/polkit-check-session.1.in b/doc/man/polkit-check-session.1.in
deleted file mode 100644
index 76542ea..0000000
--- a/doc/man/polkit-check-session.1.in
+++ /dev/null
@@ -1,65 +0,0 @@
-.\"
-.\" polkit-check-session manual page.
-.\" Copyright (C) 2007 David Zeuthen <david at fubar.dk>
-.\"
-.TH POLKIT-CHECK-SESSION 1
-.SH NAME
-polkit-check-session \- check access
-.SH SYNOPSIS
-.PP
-.B polkit-check-session
-[options]
-
-.SH DESCRIPTION
-
-\fIpolkit-check-session\fP can be used to determine if a given session
-can do a given action. For more information about the big picture
-refer to the \fIPolicyKit spec\fP which can be found in
-.I "@docdir@/spec/polkit-spec.html"
-depending on the distribution.
-
-.SH OPTIONS
-The following options are supported:
-.TP
-.I "--action"
-The action to check.
-.TP
-.I "--session"
-The session to check for. Must be a ConsoleKit object path. If
-ommitted the current session is used.
-.TP
-.I "--resource-type"
-Type of resource.
-.TP
-.I "--resource"
-Identifier of resource.
-.TP
-.I "--help"
-Print out usage.
-.TP
-.I "--version"
-Print the version.
-
-.SH RETURN VALUE
-.PP
-If access is allowed, this
-program exits with exit code 0. If no access is allowed or an error
-occurs, the program exits with a non-zero exit code.
-
-.SH BUGS
-.PP
-Please send bug reports to either the distribution or the HAL
-mailing list, see
-.I "http://lists.freedesktop.org/mailman/listinfo/hal"
-on how to subscribe.
-
-.SH SEE ALSO
-.PP
-\&\fIPolicyKit\fR\|(8),
-\&\fIdbus-daemon\fR\|(1),
-\&\fIpolkit-check-caller\fR\|(1)
-
-.SH AUTHOR
-Written by David Zeuthen <david at fubar.dk> with a lot of help from many
-others.
-
diff --git a/doc/man/polkit-config-file-validate.xml b/doc/man/polkit-config-file-validate.xml
new file mode 100644
index 0000000..13dfc9d
--- /dev/null
+++ b/doc/man/polkit-config-file-validate.xml
@@ -0,0 +1,105 @@
+<?xml version='1.0'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+
+<article>
+ <section>
+ <title>polkit-config-file-validate</title>
+ <refentry>
+ <refentryinfo>
+ <title>polkit-config-file-validate</title>
+ <date>August 2007</date>
+ <productname>PolicyKit</productname>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle>polkit-config-file-validate</refentrytitle>
+ <manvolnum>1</manvolnum>
+ <refmiscinfo class="version"></refmiscinfo>
+ </refmeta>
+
+ <refnamediv>
+ <refname>polkit-config-file-validate</refname>
+ <refpurpose>manage PolicyKit privilege grants</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>polkit-config-file-validate <replaceable>[/path/to/config/file]</replaceable></command>
+ <arg><option>--version</option></arg>
+ <arg><option>--help</option></arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>DESCRIPTION</title>
+ <para>
+ polkit-config-file-validate is used to verify that a given
+ PolicyKit configuration file is valid. If no path to a
+ config file is given, the default
+ <filename>/etc/PolicyKit/PolicyKit.conf</filename> file
+ will be verified.
+ </para>
+
+ <para>
+ The typical role of this tool is to verify a configuration
+ file before deploying it on one or more machines.
+ </para>
+
+ <para>
+ This program exit with exit code 0 if the configuration file
+ is valid. If not, the program exits with a non-zero exit
+ code.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>OPTIONS</title>
+ <variablelist>
+ <varlistentry>
+ <term><option>--version</option></term>
+ <listitem>
+ <para>
+ Show version and exit.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--help</option></term>
+ <listitem>
+ <para>
+ Show usage information and exit.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title>BUGS</title>
+ <para>
+ Please send bug reports to either the distribution or the
+ hal mailing list,
+ see <ulink url="http://lists.freedesktop.org/mailman/listinfo/hal"/>.
+ to subscribe.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>PolicyKit</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>PolicyKit.conf</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>polkit-policy-file-validate</refentrytitle><manvolnum>1</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+ </refentry>
+ </section>
+</article>
diff --git a/doc/man/polkit-grant.xml b/doc/man/polkit-grant.xml
new file mode 100644
index 0000000..c593a8d
--- /dev/null
+++ b/doc/man/polkit-grant.xml
@@ -0,0 +1,125 @@
+<?xml version='1.0'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+
+<article>
+ <section>
+ <title>polkit-grant</title>
+ <refentry>
+ <refentryinfo>
+ <title>polkit-grant</title>
+ <date>August 2007</date>
+ <productname>PolicyKit</productname>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle>polkit-grant</refentrytitle>
+ <manvolnum>1</manvolnum>
+ <refmiscinfo class="version"></refmiscinfo>
+ </refmeta>
+
+ <refnamediv>
+ <refname>polkit-grant</refname>
+ <refpurpose>manage PolicyKit privilege grants</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>polkit-grant</command>
+ <arg><option>--gain <replaceable>action</replaceable></option></arg>
+ <arg><option>--list</option></arg>
+ <arg><option>--delete <replaceable>user</replaceable></option></arg>
+ <arg><option>--version</option></arg>
+ <arg><option>--help</option></arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>DESCRIPTION</title>
+ <para>
+ polkit-grant is used to inspect and manage the privileges
+ that users obtain through authentication to enable a
+ mechanism to perform a specific action on their behalf.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>OPTIONS</title>
+ <variablelist>
+ <varlistentry>
+ <term><option>--gain <replaceable>action</replaceable></option></term>
+ <listitem>
+ <para>
+ Attempt to gain the privilege for the user to do an
+ action. This starts an interactive dialog where,
+ among, other things the user is authenticated.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--list</option></term>
+ <listitem>
+ <para>
+ Lists all the privileges previously granted.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--delete <replaceable>user</replaceable></option></term>
+ <listitem>
+ <para>
+ Delete all privileges granted to a given user. Needs
+ super user privileges.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--version</option></term>
+ <listitem>
+ <para>
+ Show version and exit.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--help</option></term>
+ <listitem>
+ <para>
+ Show usage information and exit.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title>BUGS</title>
+ <para>
+ Please send bug reports to either the distribution or the
+ hal mailing list,
+ see <ulink url="http://lists.freedesktop.org/mailman/listinfo/hal"/>.
+ to subscribe.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>PolicyKit</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>PolicyKit.conf</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>polkit-list-actions</refentrytitle><manvolnum>1</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+ </refentry>
+ </section>
+</article>
diff --git a/doc/man/polkit-list-actions.1.in b/doc/man/polkit-list-actions.1.in
deleted file mode 100644
index 3c22900..0000000
--- a/doc/man/polkit-list-actions.1.in
+++ /dev/null
@@ -1,44 +0,0 @@
-.\"
-.\" polkit-list-actions manual page.
-.\" Copyright (C) 2007 David Zeuthen <david at fubar.dk>
-.\"
-.TH POLKIT-LIST-ACTIONS 1
-.SH NAME
-polkit-list-actions \- list actions registered with PolicyKit
-.SH SYNOPSIS
-.PP
-.B polkit-list-actions
-[options]
-
-.SH DESCRIPTION
-
-\fIpolkit-list-actions\fP simply list the actions that mechanisms have
-registered with PolicyKit. For more information about the big picture
-refer to the \fIPolicyKit spec\fP which can be found in
-.I "@docdir@/spec/polkit-spec.html"
-depending on the distribution.
-
-.SH OPTIONS
-The following options are supported:
-.TP
-.I "--help"
-Print out usage.
-.TP
-.I "--version"
-Print the version.
-
-.SH BUGS
-.PP
-Please send bug reports to either the distribution or the HAL
-mailing list, see
-.I "http://lists.freedesktop.org/mailman/listinfo/hal"
-on how to subscribe.
-
-.SH SEE ALSO
-.PP
-\&\fIPolicyKit\fR\|(8)
-
-.SH AUTHOR
-Written by David Zeuthen <david at fubar.dk> with a lot of help from many
-others.
-
diff --git a/doc/man/polkit-list-actions.xml b/doc/man/polkit-list-actions.xml
new file mode 100644
index 0000000..583c93c
--- /dev/null
+++ b/doc/man/polkit-list-actions.xml
@@ -0,0 +1,101 @@
+<?xml version='1.0'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+
+<article>
+ <section>
+ <title>polkit-list-actions</title>
+ <refentry>
+ <refentryinfo>
+ <title>polkit-list-actions</title>
+ <date>August 2007</date>
+ <productname>PolicyKit</productname>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle>polkit-list-actions</refentrytitle>
+ <manvolnum>1</manvolnum>
+ <refmiscinfo class="version"></refmiscinfo>
+ </refmeta>
+
+ <refnamediv>
+ <refname>polkit-list-actions</refname>
+ <refpurpose>manage PolicyKit privilege grants</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>polkit-list-actions</command>
+ <arg><option>--action <replaceable>action</replaceable></option></arg>
+ <arg><option>--version</option></arg>
+ <arg><option>--help</option></arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>DESCRIPTION</title>
+ <para>
+ polkit-list-actions is used to list the PolicyKit actions
+ that are registered on the system.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>OPTIONS</title>
+ <variablelist>
+ <varlistentry>
+ <term><option>--action <replaceable>action</replaceable></option></term>
+ <listitem>
+ <para>
+ Show detailed information about a specific action.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--version</option></term>
+ <listitem>
+ <para>
+ Show version and exit.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--help</option></term>
+ <listitem>
+ <para>
+ Show usage information and exit.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title>BUGS</title>
+ <para>
+ Please send bug reports to either the distribution or the
+ hal mailing list,
+ see <ulink url="http://lists.freedesktop.org/mailman/listinfo/hal"/>.
+ to subscribe.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>PolicyKit</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>PolicyKit.conf</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>polkit-grant</refentrytitle><manvolnum>1</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+ </refentry>
+ </section>
+</article>
diff --git a/doc/man/polkit-policy-file-validate.1.in b/doc/man/polkit-policy-file-validate.1.in
deleted file mode 100644
index d82de93..0000000
--- a/doc/man/polkit-policy-file-validate.1.in
+++ /dev/null
@@ -1,53 +0,0 @@
-.\"
-.\" polkit-policy-file-validate manual page.
-.\" Copyright (C) 2007 David Zeuthen <david at fubar.dk>
-.\"
-.TH POLKIT-POLICY-FILE-VALIDATE 1
-.SH NAME
-polkit-policy-file-validate \- check access
-.SH SYNOPSIS
-.PP
-.B polkit-policy-file-validate
-<policy-files>
-
-.SH DESCRIPTION
-
-\fIpolkit-policy-file-validate\fP is used to validate PolicyKit
-policy definition files. These are normally stored in the
-.I "@datadir@/PolicyKit/policy"
-directory. For more information about the big picture
-refer to the \fIPolicyKit spec\fP which can be found in
-.I "@docdir@/spec/polkit-spec.html"
-depending on the distribution.
-
-.SH OPTIONS
-The following options are supported:
-.TP
-.I "--help"
-Print out usage.
-.TP
-.I "--version"
-Print the version.
-
-.SH RETURN VALUE
-.PP
-If the given files are all valid, this program exits with exit code
-0. Otherwise the program exits with a non-zero exit code.
-
-.SH BUGS
-.PP
-Please send bug reports to either the distribution or the HAL
-mailing list, see
-.I "http://lists.freedesktop.org/mailman/listinfo/hal"
-on how to subscribe.
-
-.SH SEE ALSO
-.PP
-\&\fIPolicyKit\fR\|(8),
-\&\fIpolkit-check-caller\fR\|(1),
-\&\fIpolkit-check-session\fR\|(1)
-
-.SH AUTHOR
-Written by David Zeuthen <david at fubar.dk> with a lot of help from many
-others.
-
diff --git a/doc/man/polkit-policy-file-validate.xml b/doc/man/polkit-policy-file-validate.xml
new file mode 100644
index 0000000..1f38ca4
--- /dev/null
+++ b/doc/man/polkit-policy-file-validate.xml
@@ -0,0 +1,104 @@
+<?xml version='1.0'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+
+<article>
+ <section>
+ <title>polkit-policy-file-validate</title>
+ <refentry>
+ <refentryinfo>
+ <title>polkit-policy-file-validate</title>
+ <date>August 2007</date>
+ <productname>PolicyKit</productname>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle>polkit-policy-file-validate</refentrytitle>
+ <manvolnum>1</manvolnum>
+ <refmiscinfo class="version"></refmiscinfo>
+ </refmeta>
+
+ <refnamediv>
+ <refname>polkit-policy-file-validate</refname>
+ <refpurpose>manage PolicyKit privilege grants</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>polkit-policy-file-validate <replaceable>policy-files</replaceable></command>
+ <arg><option>--version</option></arg>
+ <arg><option>--help</option></arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>DESCRIPTION</title>
+ <para>
+ polkit-policy-file-validate is used to verify that one or
+ more PolicyKit <emphasis>.policy</emphasis> files are valid.
+ </para>
+
+ <para>
+ Normally this tool is used in the software release process
+ (typically during <emphasis>"make check"</emphasis>) and
+ during software installation (e.g. in
+ the <emphasis>%post</emphasis> section of a RPM spec file).
+ </para>
+
+ <para>
+ This program exit with exit code 0 if all the files
+ validate. If not, the program exits with a non-zero exit
+ code.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>OPTIONS</title>
+ <variablelist>
+ <varlistentry>
+ <term><option>--version</option></term>
+ <listitem>
+ <para>
+ Show version and exit.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--help</option></term>
+ <listitem>
+ <para>
+ Show usage information and exit.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title>BUGS</title>
+ <para>
+ Please send bug reports to either the distribution or the
+ hal mailing list,
+ see <ulink url="http://lists.freedesktop.org/mailman/listinfo/hal"/>.
+ to subscribe.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>PolicyKit</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>PolicyKit.conf</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>polkit-config-file-validate</refentrytitle><manvolnum>1</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+ </refentry>
+ </section>
+</article>
diff --git a/tools/polkit-check-caller.c b/tools/polkit-check-caller.c
deleted file mode 100644
index 0c960b3..0000000
--- a/tools/polkit-check-caller.c
+++ /dev/null
@@ -1,164 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-check-caller.c : check if a caller is privileged
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <getopt.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <polkit-dbus/polkit-dbus.h>
-
-#include <glib.h>
-
-static void
-usage (int argc, char *argv[])
-{
- fprintf (stderr,
- "\n"
- "usage : polkit-check-caller\n"
- " --caller <dbus-name> --action <action>\n"
- " [--version] [--help]\n");
- fprintf (stderr,
- "\n"
- " --caller Unique name of caller on the system bus\n"
- " --action Requested action\n"
- " --version Show version and exit\n"
- " --help Show this information and exit\n"
- "\n"
- "Determine if a given caller can do a given action. If access is \n"
- "allowed, this program exits with exit code 0. If no access is allowed\n"
- "or an error occurs, the program exits with a non-zero exit code.\n");
-}
-
-int
-main (int argc, char *argv[])
-{
- char *action_id = NULL;
- char *dbus_name = NULL;
- gboolean is_version = FALSE;
- DBusConnection *bus;
- DBusError error;
- PolKitContext *pol_ctx;
- PolKitCaller *caller;
- PolKitAction *action;
- gboolean allowed;
- PolKitError *p_error;
-
- if (argc <= 1) {
- usage (argc, argv);
- return 1;
- }
-
- while (1) {
- int c;
- int option_index = 0;
- const char *opt;
- static struct option long_options[] = {
- {"action", 1, NULL, 0},
- {"caller", 1, NULL, 0},
- {"version", 0, NULL, 0},
- {"help", 0, NULL, 0},
- {NULL, 0, NULL, 0}
- };
-
- c = getopt_long (argc, argv, "",
- long_options, &option_index);
- if (c == -1)
- break;
-
- switch (c) {
- case 0:
- opt = long_options[option_index].name;
-
- if (strcmp (opt, "help") == 0) {
- usage (argc, argv);
- return 0;
- } else if (strcmp (opt, "version") == 0) {
- is_version = TRUE;
- } else if (strcmp (opt, "action") == 0) {
- action_id = strdup (optarg);
- } else if (strcmp (opt, "caller") == 0) {
- dbus_name = strdup (optarg);
- }
- break;
-
- default:
- usage (argc, argv);
- return 1;
- break;
- }
- }
-
- if (is_version) {
- printf ("polkit-check-caller " PACKAGE_VERSION "\n");
- return 0;
- }
-
- if (action_id == NULL || dbus_name == NULL) {
- usage (argc, argv);
- return 1;
- }
-
- dbus_error_init (&error);
- bus = dbus_bus_get (DBUS_BUS_SYSTEM, &error);
- if (bus == NULL) {
- fprintf (stderr, "error: dbus_bus_get(): %s: %s\n", error.name, error.message);
- return 1;
- }
-
- p_error = NULL;
- pol_ctx = polkit_context_new ();
- if (!polkit_context_init (pol_ctx, &p_error)) {
- fprintf (stderr, "error: polkit_context_init: %s\n", polkit_error_get_error_message (p_error));
- polkit_error_free (p_error);
- return 1;
- }
-
- action = polkit_action_new ();
- polkit_action_set_action_id (action, action_id);
-
- caller = polkit_caller_new_from_dbus_name (bus, dbus_name, &error);
- if (caller == NULL) {
- if (dbus_error_is_set (&error)) {
- fprintf (stderr, "error: polkit_caller_new_from_dbus_name(): %s: %s\n",
- error.name, error.message);
- return 1;
- }
- }
-
- allowed = polkit_context_can_caller_do_action (pol_ctx, action, caller);
-
- if (allowed)
- return 0;
- else
- return 1;
-}
diff --git a/tools/polkit-check-session.c b/tools/polkit-check-session.c
deleted file mode 100644
index fd9f467..0000000
--- a/tools/polkit-check-session.c
+++ /dev/null
@@ -1,173 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-check-session.c : check if a session is privileged
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <getopt.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <polkit-dbus/polkit-dbus.h>
-
-#include <glib.h>
-
-static void
-usage (int argc, char *argv[])
-{
- fprintf (stderr,
- "\n"
- "usage : polkit-check-session\n"
- " [--session <session>] --action <action>\n"
- " [--version] [--help]\n");
- fprintf (stderr,
- "\n"
- " --session ConsoleKit object path of session\n"
- " --action Requested action\n"
- " --version Show version and exit\n"
- " --help Show this information and exit\n"
- "\n"
- "Determine if a given callers in a given session can do a given action.\n"
- "If no session is given, the current session is used. If access is\n"
- "allowed, this program exits with exit code 0. If no access is allowed\n"
- "or an error occurs, the program exits with a non-zero exit code.\n");
-}
-
-int
-main (int argc, char *argv[])
-{
- char *action_id = NULL;
- char *session_id = NULL;
- char *cookie = NULL;
- gboolean is_version = FALSE;
- DBusConnection *bus;
- DBusError error;
- PolKitContext *pol_ctx;
- PolKitSession *session;
- PolKitAction *action;
- gboolean allowed;
- PolKitError *p_error;
-
- if (argc <= 1) {
- usage (argc, argv);
- return 1;
- }
-
- cookie = getenv ("XDG_SESSION_COOKIE");
-
- while (1) {
- int c;
- int option_index = 0;
- const char *opt;
- static struct option long_options[] = {
- {"action", 1, NULL, 0},
- {"session", 1, NULL, 0},
- {"version", 0, NULL, 0},
- {"help", 0, NULL, 0},
- {NULL, 0, NULL, 0}
- };
-
- c = getopt_long (argc, argv, "",
- long_options, &option_index);
- if (c == -1)
- break;
-
- switch (c) {
- case 0:
- opt = long_options[option_index].name;
-
- if (strcmp (opt, "help") == 0) {
- usage (argc, argv);
- return 0;
- } else if (strcmp (opt, "version") == 0) {
- is_version = TRUE;
- } else if (strcmp (opt, "action") == 0) {
- action_id = strdup (optarg);
- } else if (strcmp (opt, "session") == 0) {
- session_id = strdup (optarg);
- }
- break;
-
- default:
- usage (argc, argv);
- return 1;
- break;
- }
- }
-
- if (is_version) {
- printf ("polkit-check-session " PACKAGE_VERSION "\n");
- return 0;
- }
-
- if (action_id == NULL) {
- usage (argc, argv);
- return 1;
- }
-
- dbus_error_init (&error);
- bus = dbus_bus_get (DBUS_BUS_SYSTEM, &error);
- if (bus == NULL) {
- fprintf (stderr, "error: dbus_bus_get(): %s: %s\n", error.name, error.message);
- return 1;
- }
-
- p_error = NULL;
- pol_ctx = polkit_context_new ();
- if (!polkit_context_init (pol_ctx, &p_error)) {
- fprintf (stderr, "error: polkit_context_init: %s\n", polkit_error_get_error_message (p_error));
- polkit_error_free (p_error);
- return 1;
- }
-
- if (session_id != NULL) {
- session = polkit_session_new_from_objpath (bus, session_id, -1, &error);
- } else {
- if (cookie == NULL) {
- fprintf (stderr, "Not part of a session. Try --session instead.\n");
- return 1;
- }
- session = polkit_session_new_from_cookie (bus, cookie, &error);
- }
- if (session == NULL) {
- fprintf (stderr, "error: polkit_session_new_from_objpath: %s: %s\n", error.name, error.message);
- return 1;
- }
-
- action = polkit_action_new ();
- polkit_action_set_action_id (action, action_id);
-
- allowed = polkit_context_can_session_do_action (pol_ctx, action, session);
-
- if (allowed)
- return 0;
- else
- return 1;
-}
More information about the hal-commit
mailing list