PolicyKit: Branch 'master' - 2 commits
David Zeuthen
david at kemper.freedesktop.org
Thu Jul 12 12:13:00 PDT 2007
Makefile.am | 2
configure.in | 6
doc/man/Makefile.am | 5
doc/man/polkit-module-allow-all.8.in | 51 -
doc/man/polkit-module-builtins.8.in | 55 -
doc/man/polkit-module-default.8.in | 39 -
doc/man/polkit-module-deny-all.8.in | 50 -
doc/man/polkit-module-run-program.8.in | 197 ------
doc/man/polkit-policy-file-validate.1.in | 2
doc/man/polkit-reload-config.1.in | 36 +
modules/Makefile.am | 5
modules/PolicyKit.conf | 6
modules/allow-all/Makefile.am | 25
modules/allow-all/polkit-module-allow-all.c | 82 --
modules/default/Makefile.am | 25
modules/default/polkit-module-default.c | 102 ---
modules/deny-all/Makefile.am | 25
modules/deny-all/polkit-module-deny-all.c | 82 --
modules/grant/Makefile.am | 25
modules/grant/polkit-module-grant.c | 208 -------
modules/run-program/Makefile.am | 25
modules/run-program/polkit-module-run-program.c | 329 -----------
policy/Makefile.am | 2
polkit/Makefile.am | 13
polkit/polkit-context.c | 326 +++--------
polkit/polkit-context.h | 161 ++---
polkit/polkit-module.c | 683 ------------------------
polkit/polkit-module.h | 163 -----
polkit/polkit.h | 1
tools/Makefile.am | 12
tools/polkit-reload-config.in | 2
31 files changed, 255 insertions(+), 2490 deletions(-)
New commits:
diff-tree b22ebaba2a6c077a7f09bd6567177197b63fff11 (from 608e8745e32a95b21475a0077b7db03d7a44fd8b)
Author: David Zeuthen <davidz at redhat.com>
Date: Thu Jul 12 15:12:30 2007 -0400
replace configuration reload mechanism
Instead of asking the user of libpolkit to provide a huge file
monitoring abstraction we simply ask for a simple interface for
watching file descriptors and use inotify (on Linux) to watch a file,
/var/lib/PolicyKit/reload. We provide a new tool,
polkit-reload-config, that simply touches this file.
diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am
index 8ed9175..2c06738 100644
--- a/doc/man/Makefile.am
+++ b/doc/man/Makefile.am
@@ -1,7 +1,7 @@
if MAN_PAGES_ENABLED
-MAN_IN_FILES = polkit-check-caller.1.in polkit-check-session.1.in polkit-policy-file-validate.1.in PolicyKit.8.in
+MAN_IN_FILES = polkit-check-caller.1.in polkit-check-session.1.in polkit-policy-file-validate.1.in PolicyKit.8.in polkit-reload-config.1.in
man_MANS = $(MAN_IN_FILES:.in=)
diff --git a/doc/man/polkit-reload-config.1.in b/doc/man/polkit-reload-config.1.in
new file mode 100644
index 0000000..304a358
--- /dev/null
+++ b/doc/man/polkit-reload-config.1.in
@@ -0,0 +1,36 @@
+.\"
+.\" polkit-reload-config manual page.
+.\" Copyright (C) 2007 David Zeuthen <david at fubar.dk>
+.\"
+.TH POLKIT-RELOAD-CONFIG 1
+.SH NAME
+polkit-reload-config \- reload configuration
+.SH SYNOPSIS
+.PP
+.B polkit-reload-config
+
+.SH DESCRIPTION
+
+\fIpolkit-reload-config\fP can be used to signal all processes using
+libpolkit to reload their configuration. For more information about
+the big picture refer to the \fIPolicyKit spec\fP which can be found
+in
+.I "@docdir@/spec/polkit-spec.html"
+depending on the distribution. Only the super user can invoke this
+tool.
+
+.SH BUGS
+.PP
+Please send bug reports to either the distribution or the HAL
+mailing list, see
+.I "http://lists.freedesktop.org/mailman/listinfo/hal"
+on how to subscribe.
+
+.SH SEE ALSO
+.PP
+\&\fIPolicyKit\fR\|(8)
+
+.SH AUTHOR
+Written by David Zeuthen <david at fubar.dk> with a lot of help from many
+others.
+
diff --git a/polkit/Makefile.am b/polkit/Makefile.am
index 8dfc805..36fae4c 100644
--- a/polkit/Makefile.am
+++ b/polkit/Makefile.am
@@ -55,3 +55,10 @@ libpolkit_la_LDFLAGS = -version-info $(L
clean-local :
rm -f *~ $(BUILT_SOURCES)
+
+# Create /var/lib/PolicyKit/reload file; this is being watched by libpolkit
+# for config file changes.
+install-data-local:
+ touch $(DESTDIR)$(localstatedir)/lib/PolicyKit/reload
+ -chmod 700 $(DESTDIR)$(localstatedir)/lib/PolicyKit/reload
+
diff --git a/polkit/polkit-context.c b/polkit/polkit-context.c
index b099bd0..19ba81d 100644
--- a/polkit/polkit-context.c
+++ b/polkit/polkit-context.c
@@ -35,6 +35,7 @@
#include <grp.h>
#include <unistd.h>
#include <errno.h>
+#include <sys/inotify.h>
#include <glib.h>
#include "polkit-debug.h"
@@ -67,14 +68,19 @@ struct PolKitContext
PolKitContextConfigChangedCB config_changed_cb;
void *config_changed_user_data;
- PolKitContextFileMonitorAddWatch file_monitor_add_watch_func;
- PolKitContextFileMonitorRemoveWatch file_monitor_remove_watch_func;
+ PolKitContextAddIOWatch io_add_watch_func;
+ PolKitContextRemoveIOWatch io_remove_watch_func;
char *policy_dir;
PolKitPolicyCache *priv_cache;
polkit_bool_t load_descriptions;
+
+ int inotify_fd;
+ int inotify_fd_watch_id;
+
+ int inotify_reload_wd;
};
/**
@@ -92,40 +98,6 @@ polkit_context_new (void)
pk_context->refcount = 1;
return pk_context;
}
-
-static void
-_config_file_events (PolKitContext *pk_context,
- PolKitContextFileMonitorEvent event_mask,
- const char *path,
- void *user_data)
-{
- _pk_debug ("Config file changed");
-
- /* signal that our configuration (may have) changed */
- if (pk_context->config_changed_cb) {
- pk_context->config_changed_cb (pk_context, pk_context->config_changed_user_data);
- }
-}
-
-static void
-_policy_dir_events (PolKitContext *pk_context,
- PolKitContextFileMonitorEvent event_mask,
- const char *path,
- void *user_data)
-{
- /* mark cache of policy files as stale.. (will be populated on-demand, see _get_cache()) */
- if (pk_context->priv_cache != NULL) {
- _pk_debug ("Something happened in %s - invalidating cache", pk_context->policy_dir);
- polkit_policy_cache_unref (pk_context->priv_cache);
- pk_context->priv_cache = NULL;
- }
-
- /* signal that our configuration (may have) changed */
- if (pk_context->config_changed_cb) {
- pk_context->config_changed_cb (pk_context, pk_context->config_changed_user_data);
- }
-}
-
/**
* polkit_context_init:
* @pk_context: the context object
@@ -150,39 +122,41 @@ polkit_context_init (PolKitContext *pk_c
}
_pk_debug ("Using policy files from directory %s", pk_context->policy_dir);
- /* don't populate the cache until it's needed.. */
+ /* we don't populate the cache until it's needed.. */
+ if (pk_context->io_add_watch_func != NULL) {
+ pk_context->inotify_fd = inotify_init ();
+ if (pk_context->inotify_fd < 0) {
+ _pk_debug ("failed to initialize inotify: %s", strerror (errno));
+ /* TODO: set error */
+ goto error;
+ }
- if (pk_context->file_monitor_add_watch_func == NULL) {
- _pk_debug ("No file monitor; cannot monitor '%s' for .policy file changes", pk_context->policy_dir);
- } else {
- /* Watch when policy definitions file change */
- pk_context->file_monitor_add_watch_func (pk_context,
- pk_context->policy_dir,
- POLKIT_CONTEXT_FILE_MONITOR_EVENT_CREATE|
- POLKIT_CONTEXT_FILE_MONITOR_EVENT_DELETE|
- POLKIT_CONTEXT_FILE_MONITOR_EVENT_CHANGE,
- _policy_dir_events,
- NULL);
-
- /* Config file changes */
- pk_context->file_monitor_add_watch_func (pk_context,
- PACKAGE_DATA_DIR "/PolicyKit",
- POLKIT_CONTEXT_FILE_MONITOR_EVENT_CREATE|
- POLKIT_CONTEXT_FILE_MONITOR_EVENT_DELETE|
- POLKIT_CONTEXT_FILE_MONITOR_EVENT_CHANGE,
- _config_file_events,
- NULL);
+ /* create a watch on /var/lib/PolicyKit/reload */
+ pk_context->inotify_reload_wd = inotify_add_watch (pk_context->inotify_fd,
+ PACKAGE_LOCALSTATEDIR "/lib/PolicyKit/reload",
+ IN_MODIFY | IN_CREATE | IN_ATTRIB);
+ if (pk_context->inotify_reload_wd < 0) {
+ _pk_debug ("failed to add watch on file '" PACKAGE_LOCALSTATEDIR "/lib/PolicyKit/reload': %s",
+ strerror (errno));
+ /* TODO: set error */
+ goto error;
+ }
+
+ pk_context->inotify_fd_watch_id = pk_context->io_add_watch_func (pk_context, pk_context->inotify_fd);
+ if (pk_context->inotify_fd_watch_id == 0) {
+ _pk_debug ("failed to add io watch");
+ /* TODO: set error */
+ goto error;
+ }
}
return TRUE;
-#if 0
error:
if (pk_context != NULL)
polkit_context_unref (pk_context);
return FALSE;
-#endif
}
/**
@@ -244,8 +218,8 @@ polkit_context_unref (PolKitContext *pk_
**/
void
polkit_context_set_config_changed (PolKitContext *pk_context,
- PolKitContextConfigChangedCB cb,
- void *user_data)
+ PolKitContextConfigChangedCB cb,
+ void *user_data)
{
g_return_if_fail (pk_context != NULL);
pk_context->config_changed_cb = cb;
@@ -253,23 +227,77 @@ polkit_context_set_config_changed (PolKi
}
/**
- * polkit_context_set_file_monitor:
+ * polkit_context_io_func:
+ * @pk_context: the object
+ * @fd: the file descriptor passed to the supplied function of type #PolKitContextAddIOWatch.
+ *
+ * Method that the application must call when there is data to read
+ * from a file descriptor registered with the supplied function of
+ * type #PolKitContextAddIOWatch.
+ **/
+void
+polkit_context_io_func (PolKitContext *pk_context, int fd)
+{
+ g_return_if_fail (pk_context != NULL);
+
+ _pk_debug ("polkit_context_io_func: data on fd %d", fd);
+
+ if (fd == pk_context->inotify_fd) {
+/* size of the event structure, not counting name */
+#define EVENT_SIZE (sizeof (struct inotify_event))
+/* reasonable guess as to size of 1024 events */
+#define BUF_LEN (1024 * (EVENT_SIZE + 16))
+ char buf[BUF_LEN];
+ int len;
+ int i = 0;
+again:
+ len = read (fd, buf, BUF_LEN);
+ if (len < 0) {
+ if (errno == EINTR) {
+ goto again;
+ } else {
+ _pk_debug ("read: %s", strerror (errno));
+ }
+ } else if (len > 0) {
+ /* BUF_LEN too small? */
+ }
+ while (i < len) {
+ struct inotify_event *event;
+ event = (struct inotify_event *) &buf[i];
+ _pk_debug ("wd=%d mask=%u cookie=%u len=%u",
+ event->wd, event->mask, event->cookie, event->len);
+
+ if (event->wd == pk_context->inotify_reload_wd) {
+ _pk_debug ("config changed!");
+ if (pk_context->config_changed_cb != NULL) {
+ pk_context->config_changed_cb (pk_context,
+ pk_context->config_changed_user_data);
+ }
+ }
+
+ i += EVENT_SIZE + event->len;
+ }
+ }
+}
+
+/**
+ * polkit_context_set_io_watch_functions:
* @pk_context: the context object
- * @add_watch_func: the function that the PolicyKit library can invoke to start watching a file
- * @remove_watch_func: the function that the PolicyKit library can invoke to stop watching a file
+ * @io_add_watch_func: the function that the PolicyKit library can invoke to start watching a file descriptor
+ * @io_remove_watch_func: the function that the PolicyKit library can invoke to stop watching a file descriptor
*
- * Register a functions that PolicyKit can use for watching files.
+ * Register a functions that PolicyKit can use for watching IO descriptors.
*
* This method must be called before polkit_context_init().
**/
void
-polkit_context_set_file_monitor (PolKitContext *pk_context,
- PolKitContextFileMonitorAddWatch add_watch_func,
- PolKitContextFileMonitorRemoveWatch remove_watch_func)
+polkit_context_set_io_watch_functions (PolKitContext *pk_context,
+ PolKitContextAddIOWatch io_add_watch_func,
+ PolKitContextRemoveIOWatch io_remove_watch_func)
{
g_return_if_fail (pk_context != NULL);
- pk_context->file_monitor_add_watch_func = add_watch_func;
- pk_context->file_monitor_remove_watch_func = remove_watch_func;
+ pk_context->io_add_watch_func = io_add_watch_func;
+ pk_context->io_remove_watch_func = io_remove_watch_func;
}
/**
diff --git a/polkit/polkit-context.h b/polkit/polkit-context.h
index 0261338..3e4fe29 100644
--- a/polkit/polkit-context.h
+++ b/polkit/polkit-context.h
@@ -53,6 +53,9 @@ typedef struct PolKitContext PolKitConte
* permissions / acl's they have set in response to policy decisions
* made from information provided by PolicyKit.
*
+ * The user must have set up watches using #polkit_context_set_io_watch_functions
+ * for this to work.
+ *
* Note that this function may be called many times within a short
* interval due to how file monitoring works if e.g. the user is
* editing a configuration file (editors typically create back-up
@@ -65,97 +68,101 @@ typedef void (*PolKitContextConfigChange
void *user_data);
/**
- * PolKitContextFileMonitorEvent:
- * @POLKIT_CONTEXT_FILE_MONITOR_EVENT_NONE: TODO
- * @POLKIT_CONTEXT_FILE_MONITOR_EVENT_ACCESS: watch when a file is accessed
- * @POLKIT_CONTEXT_FILE_MONITOR_EVENT_CREATE: watch when a file is created
- * @POLKIT_CONTEXT_FILE_MONITOR_EVENT_DELETE: watch when a file is deleted
- * @POLKIT_CONTEXT_FILE_MONITOR_EVENT_CHANGE: watch when a file changes
+ * PolKitContextAddIOWatch:
+ * @pk_context: the polkit context
+ * @fd: the file descriptor to watch
+ *
+ * Type for function supplied by the application to integrate a watch
+ * on a file descriptor into the applications main loop. The
+ * application must call polkit_grant_io_func() when there is data
+ * to read from the file descriptor.
+ *
+ * For glib mainloop, the function will typically look like this:
+ *
+ * <programlisting>
+ * static gboolean
+ * io_watch_have_data (GIOChannel *channel, GIOCondition condition, gpointer user_data)
+ * {
+ * int fd;
+ * PolKitContext *pk_context = user_data;
+ * fd = g_io_channel_unix_get_fd (channel);
+ * polkit_context_io_func (pk_context, fd);
+ * return TRUE;
+ * }
+ *
+ * static int
+ * io_add_watch (PolKitContext *pk_context, int fd)
+ * {
+ * guint id = 0;
+ * GIOChannel *channel;
+ * channel = g_io_channel_unix_new (fd);
+ * if (channel == NULL)
+ * goto out;
+ * id = g_io_add_watch (channel, G_IO_IN, io_watch_have_data, pk_context);
+ * if (id == 0) {
+ * g_io_channel_unref (channel);
+ * goto out;
+ * }
+ * g_io_channel_unref (channel);
+ * out:
+ * return id;
+ * }
+ * </programlisting>
*
- * File monitoring events.
+ * Returns: 0 if the watch couldn't be set up; otherwise an unique
+ * identifier for the watch.
**/
-typedef enum
-{
- POLKIT_CONTEXT_FILE_MONITOR_EVENT_NONE = 1 << 0,
- POLKIT_CONTEXT_FILE_MONITOR_EVENT_ACCESS = 1 << 1,
- POLKIT_CONTEXT_FILE_MONITOR_EVENT_CREATE = 1 << 2,
- POLKIT_CONTEXT_FILE_MONITOR_EVENT_DELETE = 1 << 3,
- POLKIT_CONTEXT_FILE_MONITOR_EVENT_CHANGE = 1 << 4,
-} PolKitContextFileMonitorEvent;
+typedef int (*PolKitContextAddIOWatch) (PolKitContext *pk_context, int fd);
/**
- * PolKitContextFileMonitorNotifyFunc:
- * @pk_context: PolicyKit context
- * @event_mask: event that happened
- * @path: the path to the monitored file
- * @user_data: the user data supplied to the function of type #PolKitContextFileMonitorAddWatch
+ * PolKitContextRemoveIOWatch:
+ * @pk_context: the context object
+ * @watch_id: the id obtained from using the supplied function
+ * of type #PolKitContextAddIOWatch
+ *
+ * Type for function supplied by the application to remove a watch set
+ * up via the supplied function of type #PolKitContextAddIOWatch
+ *
+ * For the glib mainloop, the function will typically look like this:
+ *
+ * <programlisting>
+ * static void
+ * io_remove_watch (PolKitContext *pk_context, int watch_id)
+ * {
+ * g_source_remove (watch_id);
+ * }
+ * </programlisting>
*
- * Callback when an event happens on a file that is monitored.
**/
-typedef void (*PolKitContextFileMonitorNotifyFunc) (PolKitContext *pk_context,
- PolKitContextFileMonitorEvent event_mask,
- const char *path,
- void *user_data);
-
-/**
- * PolKitContextFileMonitorAddWatch:
- * @pk_context: PolicyKit context
- * @path: path to file/directory to monitor for events
- * @event_mask: events to look for
- * @notify_cb: function to call on events
- * @user_data: user data
- *
- * The type of a function that PolicyKit can use to watch file
- * events. This function must call the supplied @notify_cb function
- * (and pass @path and @user_data) on events
- *
- * Returns: A handle for the watch. If zero it means the file cannot
- * be watched. Caller can remove the watch using the supplied function
- * of type #PolKitContextFileMonitorRemoveWatch and the handle.
- */
-typedef int (*PolKitContextFileMonitorAddWatch) (PolKitContext *pk_context,
- const char *path,
- PolKitContextFileMonitorEvent event_mask,
- PolKitContextFileMonitorNotifyFunc notify_cb,
- void *user_data);
+typedef void (*PolKitContextRemoveIOWatch) (PolKitContext *pk_context, int watch_id);
-/**
- * PolKitContextFileMonitorRemoveWatch:
- * @pk_context: PolicyKit context
- * @watch_id: the watch id
- *
- * The type of a function that PolicyKit can use to stop monitoring
- * file events. Pass the handle obtained from the supplied function of
- * type #PolKitContextFileMonitorAddWatch.
- */
-typedef void (*PolKitContextFileMonitorRemoveWatch) (PolKitContext *pk_context,
- int watch_id);
+PolKitContext *polkit_context_new (void);
+void polkit_context_set_config_changed (PolKitContext *pk_context,
+ PolKitContextConfigChangedCB cb,
+ void *user_data);
+void polkit_context_set_io_watch_functions (PolKitContext *pk_context,
+ PolKitContextAddIOWatch io_add_watch_func,
+ PolKitContextRemoveIOWatch io_remove_watch_func);
+void polkit_context_set_load_descriptions (PolKitContext *pk_context);
+polkit_bool_t polkit_context_init (PolKitContext *pk_context,
+ PolKitError **error);
+PolKitContext *polkit_context_ref (PolKitContext *pk_context);
+void polkit_context_unref (PolKitContext *pk_context);
-PolKitContext *polkit_context_new (void);
-void polkit_context_set_config_changed (PolKitContext *pk_context,
- PolKitContextConfigChangedCB cb,
- void *user_data);
-void polkit_context_set_file_monitor (PolKitContext *pk_context,
- PolKitContextFileMonitorAddWatch add_watch_func,
- PolKitContextFileMonitorRemoveWatch remove_watch_func);
-void polkit_context_set_load_descriptions (PolKitContext *pk_context);
-polkit_bool_t polkit_context_init (PolKitContext *pk_context,
- PolKitError **error);
-PolKitContext *polkit_context_ref (PolKitContext *pk_context);
-void polkit_context_unref (PolKitContext *pk_context);
+void polkit_context_io_func (PolKitContext *pk_context, int fd);
-PolKitPolicyCache *polkit_context_get_policy_cache (PolKitContext *pk_context);
+PolKitPolicyCache *polkit_context_get_policy_cache (PolKitContext *pk_context);
PolKitResult
-polkit_context_can_session_do_action (PolKitContext *pk_context,
- PolKitAction *action,
- PolKitSession *session);
+polkit_context_can_session_do_action (PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitSession *session);
PolKitResult
-polkit_context_can_caller_do_action (PolKitContext *pk_context,
- PolKitAction *action,
- PolKitCaller *caller);
+polkit_context_can_caller_do_action (PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitCaller *caller);
#endif /* POLKIT_CONTEXT_H */
diff --git a/tools/Makefile.am b/tools/Makefile.am
index d40298d..1f5de08 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -13,6 +13,8 @@ INCLUDES = \
bin_PROGRAMS = polkit-check-caller polkit-check-session polkit-policy-file-validate polkit-grant polkit-list-actions
+bin_SCRIPTS = polkit-reload-config
+
polkit_check_caller_SOURCES = polkit-check-caller.c
polkit_check_caller_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/polkit/libpolkit.la $(top_builddir)/polkit-dbus/libpolkit-dbus.la
@@ -28,6 +30,16 @@ polkit_grant_LDADD = @GLIB_LIBS@ @DBUS_L
polkit_list_actions_SOURCES = polkit-list-actions.c
polkit_list_actions_LDADD = $(GLIB) $(top_builddir)/polkit/libpolkit.la
+polkit-reload-config: polkit-reload-config.in Makefile
+ $(edit) $< >$@
+
+edit = sed \
+ -e 's|@docdir[@]|$(docdir)|g' \
+ -e 's|@sbindir[@]|$(sbindir)|g' \
+ -e 's|@sysconfdir[@]|$(sysconfdir)|g' \
+ -e 's|@datadir[@]|$(datadir)|g' \
+ -e 's|@localstatedir[@]|$(localstatedir)|g'
+
clean-local :
rm -f *~
diff --git a/tools/polkit-reload-config.in b/tools/polkit-reload-config.in
new file mode 100644
index 0000000..f4739f5
--- /dev/null
+++ b/tools/polkit-reload-config.in
@@ -0,0 +1,2 @@
+#!/bin/sh
+touch @localstatedir@/lib/PolicyKit/reload
diff-tree 608e8745e32a95b21475a0077b7db03d7a44fd8b (from 6696140d5fdc8b13bcb17a2d7e0d7a73b48a18ad)
Author: David Zeuthen <davidz at redhat.com>
Date: Thu Jul 12 13:49:08 2007 -0400
remove the notion of modules
diff --git a/Makefile.am b/Makefile.am
index 2214028..8a062fa 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,6 +1,6 @@
## Process this file with automake to produce Makefile.in
-SUBDIRS = data polkit polkit-dbus polkit-grant modules doc tools policy
+SUBDIRS = data polkit polkit-dbus polkit-grant doc tools policy
# Creating ChangeLog from git log (taken from cairo/Makefile.am):
ChangeLog: $(srcdir)/ChangeLog
diff --git a/configure.in b/configure.in
index c71a4bf..f28d502 100644
--- a/configure.in
+++ b/configure.in
@@ -361,12 +361,6 @@ doc/spec/Makefile
doc/spec/polkit-spec.xml.in
doc/man/Makefile
policy/Makefile
-modules/Makefile
-modules/default/Makefile
-modules/allow-all/Makefile
-modules/deny-all/Makefile
-modules/run-program/Makefile
-modules/grant/Makefile
])
dnl ==========================================================================
diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am
index f56c6b3..8ed9175 100644
--- a/doc/man/Makefile.am
+++ b/doc/man/Makefile.am
@@ -1,7 +1,7 @@
if MAN_PAGES_ENABLED
-MAN_IN_FILES = polkit-check-caller.1.in polkit-check-session.1.in polkit-policy-file-validate.1.in PolicyKit.8.in polkit-module-default.8.in polkit-module-allow-all.8.in polkit-module-deny-all.8.in polkit-module-run-program.8.in polkit-module-builtins.8.in
+MAN_IN_FILES = polkit-check-caller.1.in polkit-check-session.1.in polkit-policy-file-validate.1.in PolicyKit.8.in
man_MANS = $(MAN_IN_FILES:.in=)
@@ -18,4 +18,5 @@ clean-local:
edit = sed \
-e 's|@docdir[@]|$(docdir)|g' \
-e 's|@sbindir[@]|$(sbindir)|g' \
- -e 's|@sysconfdir[@]|$(sysconfdir)|g'
+ -e 's|@sysconfdir[@]|$(sysconfdir)|g' \
+ -e 's|@datadir[@]|$(datadir)|g'
diff --git a/doc/man/polkit-module-allow-all.8.in b/doc/man/polkit-module-allow-all.8.in
deleted file mode 100644
index 8b03b8e..0000000
--- a/doc/man/polkit-module-allow-all.8.in
+++ /dev/null
@@ -1,51 +0,0 @@
-.\"
-.\" polkit-module-allow-all manual page.
-.\" Copyright (C) 2007 David Zeuthen <david at fubar.dk>
-.\"
-.TH POLKIT-MODULE-ALLOW-ALL 8
-.SH NAME
-polkit-module-allow-all \- permit any action
-.SH SYNOPSIS
-.PP
-.B polkit-module-allow-all.so
-.SH DESCRIPTION
-.PP
-This PolicyKit module will permit any action regardless of the entity
-requesting it, what the requested action is and what resource is
-involved.
-
-For more information about the big picture refer to the \fIPolicyKit
-spec\fP which can be found in
-.I "@docdir@/spec/polkit-spec.html"
-depending on the distribution.
-
-.SH OPTIONS
-This module does not require nor recognize any options.
-
-.SH NOTES
-.PP
-Never use this module unless you
-.B COMPLETELY
-trust anyone with either remote or local access to the system, or you
-have confined the module using built-in options.
-
-.SH BUGS
-.PP
-Please send bug reports to either the distribution or the HAL
-mailing list, see
-.I "http://lists.freedesktop.org/mailman/listinfo/hal"
-on how to subscribe.
-
-.SH SEE ALSO
-.PP
-\&\fIPolicyKit\fR\|(8),
-\&\fIpolkit-module-builtins\fR\|(8),
-\&\fIpolkit-module-default\fR\|(8),
-\&\fIpolkit-module-deny-all\fR\|(8),
-\&\fIpolkit-module-run-program\fR\|(8),
-\&\fI at sysconfdir@/PolicyKit/policy\fR\|,
-\&\fI at sysconfdir@/PolicyKit/PolicyKit.conf\fR\|
-
-.SH AUTHOR
-Written by David Zeuthen <david at fubar.dk> with a lot of help from many
-others.
diff --git a/doc/man/polkit-module-builtins.8.in b/doc/man/polkit-module-builtins.8.in
deleted file mode 100644
index c34a44b..0000000
--- a/doc/man/polkit-module-builtins.8.in
+++ /dev/null
@@ -1,55 +0,0 @@
-.\"
-.\" polkit-module-builtins manual page.
-.\" Copyright (C) 2007 David Zeuthen <david at fubar.dk>
-.\"
-.TH POLKIT-MODULE-BUILTINS 8
-.SH NAME
-polkit-module-builtins \- options that apply to any PolicyKit module
-.SH SYNOPSIS
-.PP
-.B any-module.so [action=<regexp>] [user=<username> ...]
-.SH DESCRIPTION
-.PP
-This manual page describes options that can be used for any PolicyKit
-module to confine what requests it should deal with.
-
-For more information about the big picture refer to the \fIPolicyKit
-spec\fP which can be found in
-.I "@docdir@/spec/polkit-spec.html"
-depending on the distribution.
-
-.SH OPTIONS
-
-.TP 3n
-.B action=<regexp>
-Only consider requests where the action name matches the given
-regular expression. Example:
-.B action=hal-storage-mount*
-
-.TP 3n
-.B user=<username>
-Only consider requests matching the given username. May be both a
-numerical
-.B uid
-value or a username. This option can be used multiple times to specify
-multiple users. Example:
-.B user=davidz user=bateman
-
-.SH BUGS
-.PP
-Please send bug reports to either the distribution or the HAL
-mailing list, see
-.I "http://lists.freedesktop.org/mailman/listinfo/hal"
-on how to subscribe.
-
-.SH SEE ALSO
-.PP
-\&\fIPolicyKit\fR\|(8),
-\&\fIpolkit-module-default\fR\|(8),
-\&\fIpolkit-module-deny-all\fR\|(8),
-\&\fI at sysconfdir@/PolicyKit/policy\fR\|,
-\&\fI at sysconfdir@/PolicyKit/PolicyKit.conf\fR\|
-
-.SH AUTHOR
-Written by David Zeuthen <david at fubar.dk> with a lot of help from many
-others.
diff --git a/doc/man/polkit-module-default.8.in b/doc/man/polkit-module-default.8.in
deleted file mode 100644
index c0aaba3..0000000
--- a/doc/man/polkit-module-default.8.in
+++ /dev/null
@@ -1,39 +0,0 @@
-.\"
-.\" polkit-module-default manual page.
-.\" Copyright (C) 2007 David Zeuthen <david at fubar.dk>
-.\"
-.TH POLKIT-MODULE-DEFAULT 8
-.SH NAME
-polkit-module-default \- use default policy for actions
-.SH SYNOPSIS
-.PP
-.B standard polkit-module-default.so
-.SH DESCRIPTION
-.PP
-This PolicyKit module uses the default policy as specified (and
-required) for by the policy definition file for a given action.
-
-For more information about the big picture refer to the \fIPolicyKit
-spec\fP which can be found in
-.I "@docdir@/spec/polkit-spec.html"
-depending on the distribution.
-
-.SH BUGS
-.PP
-Please send bug reports to either the distribution or the HAL
-mailing list, see
-.I "http://lists.freedesktop.org/mailman/listinfo/hal"
-on how to subscribe.
-
-.SH SEE ALSO
-.PP
-\&\fIPolicyKit\fR\|(8),
-\&\fIpolkit-module-allow-all\fR\|(8),
-\&\fIpolkit-module-deny-all\fR\|(8),
-\&\fI at sysconfdir@/PolicyKit/policy\fR\|,
-\&\fI at sysconfdir@/PolicyKit/PolicyKit.conf\fR\|
-
-.SH AUTHOR
-Written by David Zeuthen <david at fubar.dk> with a lot of help from many
-others.
-
diff --git a/doc/man/polkit-module-deny-all.8.in b/doc/man/polkit-module-deny-all.8.in
deleted file mode 100644
index 3015f25..0000000
--- a/doc/man/polkit-module-deny-all.8.in
+++ /dev/null
@@ -1,50 +0,0 @@
-.\"
-.\" polkit-module-deny-all manual page.
-.\" Copyright (C) 2007 David Zeuthen <david at fubar.dk>
-.\"
-.TH POLKIT-MODULE-DENY-ALL 8
-.SH NAME
-polkit-module-deny-all \- deny any action
-.SH SYNOPSIS
-.PP
-.B polkit-module-deny-all.so
-.SH DESCRIPTION
-.PP
-This PolicyKit module will deny any action regardless of the entity
-requesting it, what the requested action is and what resource is
-involved.
-
-For more information about the big picture refer to the \fIPolicyKit
-spec\fP which can be found in
-.I "@docdir@/spec/polkit-spec.html"
-depending on the distribution.
-
-.SH OPTIONS
-This module does not require nor recognize any options.
-
-.SH NOTES
-.PP
-Unless confined using built-in options, this module is only useful
-in situations where it's desirable to lock down the system so it's
-unusable by normal unprivileged users.
-
-.SH BUGS
-.PP
-Please send bug reports to either the distribution or the HAL
-mailing list, see
-.I "http://lists.freedesktop.org/mailman/listinfo/hal"
-on how to subscribe.
-
-.SH SEE ALSO
-.PP
-\&\fIPolicyKit\fR\|(8),
-\&\fIpolkit-module-builtins\fR\|(8),
-\&\fIpolkit-module-default\fR\|(8),
-\&\fIpolkit-module-allow-all\fR\|(8),
-\&\fIpolkit-module-run-program\fR\|(8),
-\&\fI at sysconfdir@/PolicyKit/policy\fR\|,
-\&\fI at sysconfdir@/PolicyKit/PolicyKit.conf\fR\|
-
-.SH AUTHOR
-Written by David Zeuthen <david at fubar.dk> with a lot of help from many
-others.
diff --git a/doc/man/polkit-module-run-program.8.in b/doc/man/polkit-module-run-program.8.in
deleted file mode 100644
index 1824452..0000000
--- a/doc/man/polkit-module-run-program.8.in
+++ /dev/null
@@ -1,197 +0,0 @@
-.\"
-.\" polkit-module-run-program manual page.
-.\" Copyright (C) 2007 David Zeuthen <david at fubar.dk>
-.\"
-.TH POLKIT-MODULE-RUN-PROGRAM 8
-.SH NAME
-polkit-module-run-program \- determine policy by running a program
-.SH SYNOPSIS
-.PP
-.HP 31
-\fBpolkit-module-run-program.so\fR program=\fI<program>\fR
-.SH DESCRIPTION
-.PP
-This PolicyKit module will run a program every time an action is
-requested. For more information about the big picture refer to the
-\fIPolicyKit spec\fP which can be found in
-.I "@docdir@/spec/polkit-spec.html"
-depending on the distribution.
-
-.SH OPTIONS
-
-.TP 3n
-.B program=<program>
-Absolute path to program to run; this is a mandatory option. Examples:
-.B program=/usr/bin/my-program
-or
-.B program="/path/to/program --foo --bar"
-
-.SH DESCRIPTION
-This module will invoke the given program and will export a minimal
-environment with values identifying the request. The program
-.B SHOULD NOT
-have any side effects; it is only invoked to make a decision - not to
-alter state on the system. Further, the program is not guaranteed to
-run as
-.B uid 0
-(e.g. root); it is effectively invoked by a mechanism (such as
-\fBhald\fR(7)) that may run as an unprivileged system user.
-
-.PP
-If the program fails to run or exits with a non-zero exit code, it
-means that the request is denied (same as returning
-.B no
-- see below). If the program exits with exit code 0,
-.I stdout
-of the program is examined to determine the result of the decision
-(these values map directly to the possible values in the
-.I PolKitResult
-enumeration):
-
-.I
-.TP
-.B unknown
-The passed action is unknown.
-.TP
-.B not_authorized
-The mechanism / caller (e.g. the program using
-.I libpolkit
-that loads this module) is not sufficiently privileged to know the
-answer.
-.TP
-.B no
-Access denied.
-.TP
-.B auth_root
-Access denied, but authentication of the caller as root will grant
-access to only that caller.
-.TP
-.B auth_root_keep_session
-Access denied, but authentication of the caller as root will grant
-access for the remainder of the session the caller stems from.
-.TP
-.B auth_root_keep_always
-Access denied, but authentication of the caller as root will grant
-access to the user of the caller in the future.
-.TP
-.B auth_self
-Access denied, but authentication of the caller as himself will grant
-access to only that caller.
-.TP
-.B auth_self_keep_session
-Access denied, but authentication of the caller as himself will grant
-access for the remainder of the session the caller stems from.
-.TP
-.B auth_self_keep_always
-Access denied, but authentication of the caller as himself will grant
-access to the user of the caller in the future.
-.TP
-.B yes
-Access granted.
-
-.PP
-For a request concerning decisions for calls via the system message
-bus daemon, the environment will contain:
-
-.TP
-.B POLKIT_REQUEST_CALLER=1
-To identify the request to be concerning a decision about a caller on
-the system message bus.
-.TP
-.B POLKIT_ACTION_ID
-An identifier for the action
-.TP
-.B POLKIT_RESOURCE_ID
-Resource identifier
-.TP
-.B POLKIT_RESOURCE_TYPE
-Resource type
-.TP
-.B POLKIT_CALLER_UID
-UNIX user id of the caller
-.TP
-.B POLKIT_CALLER_DBUS_NAME
-Unique name of the caller on the system message bus
-.TP
-.B POLKIT_CALLER_PID
-UNIX process id of the caller
-.TP
-.B POLKIT_CALLER_SELINUX_CONTEXT
-SELinux security context of the caller (only set if SELinux is enabled)
-.TP
-.B POLKIT_SESSION_CK_IS_ACTIVE
-Whether ConsoleKit regards the session as active (only set if the caller belong to a session)
-.TP
-.B POLKIT_SESSION_CK_IS_LOCAL
-Whether ConsoleKit regards the session as local (only set if the caller belong to a session)
-.TP
-.B POLKIT_SESSION_CK_OBJREF
-ConsoleKit session D-Bus object reference (only set if the caller belong to a session)
-.TP
-.B POLKIT_SESSION_UID
-UNIX user ID of the user owning the session (only set if the caller belong to a session)
-.TP
-.B POLKIT_SEAT_CK_OBJREF
-ConsoleKit seat D-Bus object reference of the seat that the session belongs to (only set if the caller belong to a session)
-
-.PP
-For a request concerning session-wide decisions the environment will
-contain:
-
-.TP
-.B POLKIT_REQUEST_SESSION=1
-To identify the request to be session-wide.
-.TP
-.B POLKIT_ACTION_ID
-An identifier for the action
-.TP
-.B POLKIT_RESOURCE_ID
-Resource identifier
-.TP
-.B POLKIT_RESOURCE_TYPE
-Resource type
-.TP
-.B POLKIT_SESSION_CK_IS_ACTIVE
-Whether ConsoleKit regards the session as active
-.TP
-.B POLKIT_SESSION_CK_IS_LOCAL
-Whether ConsoleKit regards the session as local
-.TP
-.B POLKIT_SESSION_CK_OBJREF
-ConsoleKit session D-Bus object reference
-.TP
-.B POLKIT_SESSION_UID
-UNIX user ID of the user owning the session
-.TP
-.B POLKIT_SEAT_CK_OBJREF
-ConsoleKit seat D-Bus object reference of the seat that the session belongs to
-
-.SH NOTES
-.PP
-As PolicyKit modules are heavily used to enforce policy, running a
-program on every request may put unneccessary load on the system
-unless judicious use of built-in options to confine the module are
-employed.
-
-.SH BUGS
-.PP
-Please send bug reports to either the distribution or the HAL
-mailing list, see
-.I "http://lists.freedesktop.org/mailman/listinfo/hal"
-on how to subscribe.
-
-.SH SEE ALSO
-.PP
-\&\fIPolicyKit\fR\|(8),
-\&\fIhald\fR\|(8),
-\&\fIdbus-daemon\fR\|(1),
-\&\fIpolkit-module-builtins\fR\|(8),
-\&\fIpolkit-module-default\fR\|(8),
-\&\fIpolkit-module-allow-all\fR\|(8),
-\&\fIpolkit-module-deny-all\fR\|(8),
-\&\fI at sysconfdir@/PolicyKit/policy\fR\|,
-\&\fI at sysconfdir@/PolicyKit/PolicyKit.conf\fR\|
-
-.SH AUTHOR
-Written by David Zeuthen <david at fubar.dk> with a lot of help from many
-others.
diff --git a/doc/man/polkit-policy-file-validate.1.in b/doc/man/polkit-policy-file-validate.1.in
index 87f9bb0..d82de93 100644
--- a/doc/man/polkit-policy-file-validate.1.in
+++ b/doc/man/polkit-policy-file-validate.1.in
@@ -14,7 +14,7 @@ polkit-policy-file-validate \- check acc
\fIpolkit-policy-file-validate\fP is used to validate PolicyKit
policy definition files. These are normally stored in the
-.I "@sysconfdir@/PolicyKit/policy"
+.I "@datadir@/PolicyKit/policy"
directory. For more information about the big picture
refer to the \fIPolicyKit spec\fP which can be found in
.I "@docdir@/spec/polkit-spec.html"
diff --git a/modules/Makefile.am b/modules/Makefile.am
deleted file mode 100644
index 010ed66..0000000
--- a/modules/Makefile.am
+++ /dev/null
@@ -1,5 +0,0 @@
-
-SUBDIRS = default allow-all deny-all run-program grant
-
-polkitconfdir = $(sysconfdir)/PolicyKit
-dist_polkitconf_DATA = PolicyKit.conf
diff --git a/modules/PolicyKit.conf b/modules/PolicyKit.conf
deleted file mode 100644
index c3c6dd9..0000000
--- a/modules/PolicyKit.conf
+++ /dev/null
@@ -1,6 +0,0 @@
-# PolicyKit modules - see PolicyKit(8)
-#
-# NOTE: Changes made to this file may be applied instantly
-
-advise polkit-module-default.so
-advise polkit-module-grant.so
diff --git a/modules/allow-all/Makefile.am b/modules/allow-all/Makefile.am
deleted file mode 100644
index 316f3a6..0000000
--- a/modules/allow-all/Makefile.am
+++ /dev/null
@@ -1,25 +0,0 @@
-## Process this file with automake to produce Makefile.in
-
-INCLUDES = \
- -I$(top_builddir) -I$(top_srcdir) \
- -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
- -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
- -DPACKAGE_DATA_DIR=\""$(datadir)"\" \
- -DPACKAGE_BIN_DIR=\""$(bindir)"\" \
- -DPACKAGE_LOCALSTATEDIR=\""$(localstatedir)"\" \
- -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \
- -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \
- @DBUS_CFLAGS@
-
-polkitmoduledir = $(libdir)/PolicyKit/modules
-polkitmodule_LTLIBRARIES = \
- polkit-module-allow-all.la \
- $(NULL)
-
-
-polkit_module_allow_all_la_SOURCES = polkit-module-allow-all.c
-polkit_module_allow_all_la_LDFLAGS = -no-undefined -module -avoid-version
-polkit_module_allow_all_la_LIBADD = $(top_builddir)/polkit/libpolkit.la
-
-clean-local :
- rm -f *~
diff --git a/modules/allow-all/polkit-module-allow-all.c b/modules/allow-all/polkit-module-allow-all.c
deleted file mode 100644
index 06a15d2..0000000
--- a/modules/allow-all/polkit-module-allow-all.c
+++ /dev/null
@@ -1,82 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-module-allow-all.c : PolicyKit module that says YES to everything
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stddef.h>
-#include <polkit/polkit.h>
-
-/* The symbol that polkit looks up when loading this module */
-polkit_bool_t polkit_module_set_functions (PolKitModuleInterface *module_interface);
-
-static polkit_bool_t
-_module_init (PolKitModuleInterface *module_interface, int argc, char *argv[])
-{
- return TRUE;
-}
-
-static void
-_module_shutdown (PolKitModuleInterface *module_interface)
-{
-}
-
-static PolKitResult
-_module_can_session_do_action (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitSession *session)
-{
- return POLKIT_RESULT_YES;
-}
-
-static PolKitResult
-_module_can_caller_do_action (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitCaller *caller)
-{
- return POLKIT_RESULT_YES;
-}
-
-polkit_bool_t
-polkit_module_set_functions (PolKitModuleInterface *module_interface)
-{
- polkit_bool_t ret;
-
- ret = FALSE;
- if (module_interface == NULL)
- goto out;
-
- polkit_module_set_func_initialize (module_interface, _module_init);
- polkit_module_set_func_shutdown (module_interface, _module_shutdown);
- polkit_module_set_func_can_session_do_action (module_interface, _module_can_session_do_action);
- polkit_module_set_func_can_caller_do_action (module_interface, _module_can_caller_do_action);
-
- ret = TRUE;
-out:
- return ret;
-}
diff --git a/modules/default/Makefile.am b/modules/default/Makefile.am
deleted file mode 100644
index ec20eed..0000000
--- a/modules/default/Makefile.am
+++ /dev/null
@@ -1,25 +0,0 @@
-## Process this file with automake to produce Makefile.in
-
-INCLUDES = \
- -I$(top_builddir) -I$(top_srcdir) \
- -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
- -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
- -DPACKAGE_DATA_DIR=\""$(datadir)"\" \
- -DPACKAGE_BIN_DIR=\""$(bindir)"\" \
- -DPACKAGE_LOCALSTATEDIR=\""$(localstatedir)"\" \
- -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \
- -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \
- @DBUS_CFLAGS@
-
-polkitmoduledir = $(libdir)/PolicyKit/modules
-polkitmodule_LTLIBRARIES = \
- polkit-module-default.la \
- $(NULL)
-
-
-polkit_module_default_la_SOURCES = polkit-module-default.c
-polkit_module_default_la_LDFLAGS = -no-undefined -module -avoid-version
-polkit_module_default_la_LIBADD = $(top_builddir)/polkit/libpolkit.la
-
-clean-local :
- rm -f *~
diff --git a/modules/default/polkit-module-default.c b/modules/default/polkit-module-default.c
deleted file mode 100644
index 8ef02f8..0000000
--- a/modules/default/polkit-module-default.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-module-default.c : PolicyKit module for default policy
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stddef.h>
-#include <polkit/polkit.h>
-
-/* The symbol that polkit looks up when loading this module */
-polkit_bool_t polkit_module_set_functions (PolKitModuleInterface *module_interface);
-
-static polkit_bool_t
-_module_init (PolKitModuleInterface *module_interface,
- int argc,
- char *argv[])
-{
- return TRUE;
-}
-
-static void
-_module_shutdown (PolKitModuleInterface *module_interface)
-{
-}
-
-static PolKitResult
-_module_can_session_do_action (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitSession *session)
-{
- PolKitResult result;
- PolKitPolicyCache *cache;
- PolKitPolicyFileEntry *pfe;
-
- result = POLKIT_RESULT_NO;
- cache = polkit_context_get_policy_cache (pk_context);
- pfe = polkit_policy_cache_get_entry (cache, action);
- return polkit_policy_default_can_session_do_action (polkit_policy_file_entry_get_default (pfe),
- action,
- session);
-}
-
-static PolKitResult
-_module_can_caller_do_action (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitCaller *caller)
-{
- PolKitResult result;
- PolKitPolicyCache *cache;
- PolKitPolicyFileEntry *pfe;
-
- result = POLKIT_RESULT_NO;
- cache = polkit_context_get_policy_cache (pk_context);
- pfe = polkit_policy_cache_get_entry (cache, action);
- return polkit_policy_default_can_caller_do_action (polkit_policy_file_entry_get_default (pfe),
- action,
- caller);
-}
-
-polkit_bool_t
-polkit_module_set_functions (PolKitModuleInterface *module_interface)
-{
- polkit_bool_t ret;
-
- ret = FALSE;
- if (module_interface == NULL)
- goto out;
-
- polkit_module_set_func_initialize (module_interface, _module_init);
- polkit_module_set_func_shutdown (module_interface, _module_shutdown);
- polkit_module_set_func_can_session_do_action (module_interface, _module_can_session_do_action);
- polkit_module_set_func_can_caller_do_action (module_interface, _module_can_caller_do_action);
-
- ret = TRUE;
-out:
- return ret;
-}
diff --git a/modules/deny-all/Makefile.am b/modules/deny-all/Makefile.am
deleted file mode 100644
index 732d929..0000000
--- a/modules/deny-all/Makefile.am
+++ /dev/null
@@ -1,25 +0,0 @@
-## Process this file with automake to produce Makefile.in
-
-INCLUDES = \
- -I$(top_builddir) -I$(top_srcdir) \
- -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
- -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
- -DPACKAGE_DATA_DIR=\""$(datadir)"\" \
- -DPACKAGE_BIN_DIR=\""$(bindir)"\" \
- -DPACKAGE_LOCALSTATEDIR=\""$(localstatedir)"\" \
- -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \
- -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \
- @DBUS_CFLAGS@
-
-polkitmoduledir = $(libdir)/PolicyKit/modules
-polkitmodule_LTLIBRARIES = \
- polkit-module-deny-all.la \
- $(NULL)
-
-
-polkit_module_deny_all_la_SOURCES = polkit-module-deny-all.c
-polkit_module_deny_all_la_LDFLAGS = -no-undefined -module -avoid-version
-polkit_module_deny_all_la_LIBADD = $(top_builddir)/polkit/libpolkit.la
-
-clean-local :
- rm -f *~
diff --git a/modules/deny-all/polkit-module-deny-all.c b/modules/deny-all/polkit-module-deny-all.c
deleted file mode 100644
index 829c570..0000000
--- a/modules/deny-all/polkit-module-deny-all.c
+++ /dev/null
@@ -1,82 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-module-allow-all.c : PolicyKit module that says NO to everything
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stddef.h>
-#include <polkit/polkit.h>
-
-/* The symbol that polkit looks up when loading this module */
-polkit_bool_t polkit_module_set_functions (PolKitModuleInterface *module_interface);
-
-static polkit_bool_t
-_module_init (PolKitModuleInterface *module_interface, int argc, char *argv[])
-{
- return TRUE;
-}
-
-static void
-_module_shutdown (PolKitModuleInterface *module_interface)
-{
-}
-
-static PolKitResult
-_module_can_session_do_action (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitSession *session)
-{
- return POLKIT_RESULT_NO;
-}
-
-static PolKitResult
-_module_can_caller_do_action (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitCaller *caller)
-{
- return POLKIT_RESULT_NO;
-}
-
-polkit_bool_t
-polkit_module_set_functions (PolKitModuleInterface *module_interface)
-{
- polkit_bool_t ret;
-
- ret = FALSE;
- if (module_interface == NULL)
- goto out;
-
- polkit_module_set_func_initialize (module_interface, _module_init);
- polkit_module_set_func_shutdown (module_interface, _module_shutdown);
- polkit_module_set_func_can_session_do_action (module_interface, _module_can_session_do_action);
- polkit_module_set_func_can_caller_do_action (module_interface, _module_can_caller_do_action);
-
- ret = TRUE;
-out:
- return ret;
-}
diff --git a/modules/grant/Makefile.am b/modules/grant/Makefile.am
deleted file mode 100644
index 52ff52a..0000000
--- a/modules/grant/Makefile.am
+++ /dev/null
@@ -1,25 +0,0 @@
-## Process this file with automake to produce Makefile.in
-
-INCLUDES = \
- -I$(top_builddir) -I$(top_srcdir) \
- -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
- -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
- -DPACKAGE_DATA_DIR=\""$(datadir)"\" \
- -DPACKAGE_BIN_DIR=\""$(bindir)"\" \
- -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \
- -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \
- -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \
- @GLIB_CFLAGS@ @DBUS_CFLAGS@
-
-polkitmoduledir = $(libdir)/PolicyKit/modules
-polkitmodule_LTLIBRARIES = \
- polkit-module-grant.la \
- $(NULL)
-
-
-polkit_module_grant_la_SOURCES = polkit-module-grant.c
-polkit_module_grant_la_LDFLAGS = -no-undefined -module -avoid-version
-polkit_module_grant_la_LIBADD = $(top_builddir)/polkit/libpolkit.la @GLIB_LIBS@ $(top_builddir)/polkit-grant/libpolkit-grant-private.la
-
-clean-local :
- rm -f *~
diff --git a/modules/grant/polkit-module-grant.c b/modules/grant/polkit-module-grant.c
deleted file mode 100644
index c0ea67b..0000000
--- a/modules/grant/polkit-module-grant.c
+++ /dev/null
@@ -1,208 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-module-grant.c : determine policy by looking at grants
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#define _GNU_SOURCE
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <polkit/polkit.h>
-#include <glib.h>
-
-/* The symbol that polkit looks up when loading this module */
-polkit_bool_t polkit_module_set_functions (PolKitModuleInterface *module_interface);
-
-static polkit_bool_t
-_module_init (PolKitModuleInterface *module_interface, int argc, char *argv[])
-{
- return TRUE;
-}
-
-static void
-_module_shutdown (PolKitModuleInterface *module_interface)
-{
-}
-
-
-
-static PolKitResult
-_module_can_session_do_action (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitSession *session)
-{
- return POLKIT_RESULT_UNKNOWN_ACTION;
-}
-
-static PolKitResult
-_module_can_caller_do_action (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitCaller *caller)
-{
- return _polkit_grantdb_check_can_caller_do_action (pk_context, action, caller);
-
-#if 0
- char *grant_file;
- PolKitSession *session;
- PolKitResult result;
-
- result = POLKIT_RESULT_UNKNOWN_ACTION;
-
- /* file format:
- *
- * file: /var/[lib,run]/PolicyKit/grant/<action-name>.grant
- *
- * contents:
- * <uid1>[ <session-objpath>]\n # only makes sense for run
- * <uid2>\n
- * ...
- *
- * - run is used for temporarily granted privileges
- * - lib is used for permanently granted privileges
- *
- * FHS guarantees that the files /var/run/PolicyKit are
- * deleted upon reboots so we just need to ensure that
- * ConsoleKit session id's are unique per system (TODO: Ask Jon
- * to make ConsoleKit guarantee this).
- */
-
- uid_t invoking_user_id;
- char *action_name;
- char *session_objpath;
- const char *session_name;
- char *resource_type;
- char *resource_id;
- char *resource_str_to_hash;
- char *dbus_name;
- guint resource_hash;
-
- if (!polkit_action_get_action_id (action, &action_name))
- goto out;
- if (!polkit_caller_get_uid (caller, &invoking_user_id))
- goto out;
-
- if (resource == NULL) {
- resource_type = "";
- resource_id = "";
- } else {
- if (!polkit_resource_get_resource_type (resource, &resource_type))
- goto out;
- if (!polkit_resource_get_resource_id (resource, &resource_id))
- goto out;
- }
-
- session_name = NULL;
- if (!polkit_caller_get_ck_session (caller, &session))
- goto out;
- if (!polkit_caller_get_dbus_name (caller, &dbus_name))
- goto out;
- if (session == NULL) {
- session_objpath = NULL;
- session_name = NULL;
- } else {
- if (!polkit_session_get_ck_objref (session, &session_objpath))
- goto out;
- session_name = g_basename (session_objpath);
- }
-
- resource_str_to_hash = g_strdup_printf ("%s:%s", resource_type, resource_id);
- resource_hash = g_str_hash (resource_str_to_hash);
- g_free (resource_str_to_hash);
-
- /* TODO: FIXME: XXX: this format of storing granted privileges needs be redone
- *
- * this concerns these two files
- * - polkit-grant/polkit-grant-helper.c
- * - modules/grant/polkit-module-grant.c
- */
-
- /*
- * /var/lib/PolicyKit/uid_<uid>_<action>_<resource-hash>.grant
- * uid_<uid>_<action>.grant
- *
- * /var/run/PolicyKit/session_<session>_<uid>_<action>_<resource-hash>.grant
- * session_<session>_<uid>_<action>.grant
- * dbus_<dbusname>_<uid>_<action>_<resource-hash>.grant
- */
-
- if (dbus_name == NULL)
- dbus_name = "";
-
- grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit/dbus_%s_%d_%s_%u.grant",
- dbus_name, invoking_user_id, action_name, resource_hash);
-
- fprintf (stdout, "testing for file '%s'\n", grant_file);
-
- if (g_file_test (grant_file, G_FILE_TEST_EXISTS)) {
- result = POLKIT_RESULT_YES;
- g_free (grant_file);
- goto out;
- }
- g_free (grant_file);
-
- if (session_name != NULL) {
- grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit/session_%s_%d_%s_%u.grant",
- session_name, invoking_user_id, action_name, resource_hash);
- if (g_file_test (grant_file, G_FILE_TEST_EXISTS)) {
- result = POLKIT_RESULT_YES;
- g_free (grant_file);
- goto out;
- }
- g_free (grant_file);
- }
-
- grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit/uid_%d_%s_%u.grant",
- invoking_user_id, action_name, resource_hash);
- if (g_file_test (grant_file, G_FILE_TEST_EXISTS)) {
- result = POLKIT_RESULT_YES;
- g_free (grant_file);
- goto out;
- }
- g_free (grant_file);
-#endif
-}
-
-polkit_bool_t
-polkit_module_set_functions (PolKitModuleInterface *module_interface)
-{
- polkit_bool_t ret;
-
- ret = FALSE;
- if (module_interface == NULL)
- goto out;
-
- polkit_module_set_func_initialize (module_interface, _module_init);
- polkit_module_set_func_shutdown (module_interface, _module_shutdown);
- polkit_module_set_func_can_session_do_action (module_interface, _module_can_session_do_action);
- polkit_module_set_func_can_caller_do_action (module_interface, _module_can_caller_do_action);
-
- ret = TRUE;
-out:
- return ret;
-}
diff --git a/modules/run-program/Makefile.am b/modules/run-program/Makefile.am
deleted file mode 100644
index 61d1ad5..0000000
--- a/modules/run-program/Makefile.am
+++ /dev/null
@@ -1,25 +0,0 @@
-## Process this file with automake to produce Makefile.in
-
-INCLUDES = \
- -I$(top_builddir) -I$(top_srcdir) \
- -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
- -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
- -DPACKAGE_DATA_DIR=\""$(datadir)"\" \
- -DPACKAGE_BIN_DIR=\""$(bindir)"\" \
- -DPACKAGE_LOCALSTATEDIR=\""$(localstatedir)"\" \
- -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \
- -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \
- @GLIB_CFLAGS@ @DBUS_CFLAGS@
-
-polkitmoduledir = $(libdir)/PolicyKit/modules
-polkitmodule_LTLIBRARIES = \
- polkit-module-run-program.la \
- $(NULL)
-
-
-polkit_module_run_program_la_SOURCES = polkit-module-run-program.c
-polkit_module_run_program_la_LDFLAGS = -no-undefined -module -avoid-version
-polkit_module_run_program_la_LIBADD = $(top_builddir)/polkit/libpolkit.la @GLIB_LIBS@
-
-clean-local :
- rm -f *~
diff --git a/modules/run-program/polkit-module-run-program.c b/modules/run-program/polkit-module-run-program.c
deleted file mode 100644
index e5c00dc..0000000
--- a/modules/run-program/polkit-module-run-program.c
+++ /dev/null
@@ -1,329 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-module-run-program.c : determine policy by running a program
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <polkit/polkit.h>
-#include <glib.h>
-
-/* The symbol that polkit looks up when loading this module */
-polkit_bool_t polkit_module_set_functions (PolKitModuleInterface *module_interface);
-
-typedef struct {
- int program_argc;
- char **program_argv;
-} UserData;
-
-static polkit_bool_t
-_module_init (PolKitModuleInterface *module_interface, int argc, char *argv[])
-{
- int n;
- UserData *user_data;
-
- user_data = g_new0 (UserData, 1);
- for (n = 1; n < argc; n++) {
- if (g_str_has_prefix (argv[n], "program=")) {
- const char *program;
- program = argv[n] + 8;
-
- if (!g_shell_parse_argv (program,
- &user_data->program_argc,
- &user_data->program_argv, NULL)) {
- g_warning ("Cannot parse '%s' - skipping", program);
- goto error;
- }
-
- if (!g_file_test (user_data->program_argv[0],
- G_FILE_TEST_IS_EXECUTABLE|G_FILE_TEST_IS_REGULAR)) {
- g_warning ("Program '%s' is not an executable file - skipping",
- user_data->program_argv[0]);
- goto error;
- }
-
- g_debug ("program = '%s'", user_data->program_argv[0]);
-
- /* TODO:
- * O_o o_O... we could monitor the executable file :-) and trigger config changes!
- */
- }
- }
-
- if (user_data->program_argv == NULL)
- goto error;
-
- polkit_module_set_user_data (module_interface, user_data);
-
- return TRUE;
-error:
- if (user_data->program_argv != NULL)
- g_strfreev (user_data->program_argv);
- g_free (user_data);
- return FALSE;
-}
-
-static void
-_module_shutdown (PolKitModuleInterface *module_interface)
-{
- UserData *user_data;
- user_data = polkit_module_get_user_data (module_interface);
- if (user_data != NULL) {
- if (user_data->program_argv != NULL)
- g_strfreev (user_data->program_argv);
- g_free (user_data);
- }
-}
-
-static polkit_bool_t
-_add_action_to_env (PolKitAction *action, GPtrArray *envp)
-{
- char *p_id;
- if (!polkit_action_get_action_id (action, &p_id))
- goto error;
- g_ptr_array_add (envp, g_strdup_printf ("POLKIT_ACTION_ID=%s", p_id));
- return TRUE;
-error:
- return FALSE;
-}
-
-static polkit_bool_t
-_add_seat_to_env (PolKitSeat *seat, GPtrArray *envp)
-{
- char *s_ck_objref;
- if (!polkit_seat_get_ck_objref (seat, &s_ck_objref))
- goto error;
- g_ptr_array_add (envp, g_strdup_printf ("POLKIT_SEAT_CK_OBJREF=%s", s_ck_objref));
- return TRUE;
-error:
- return FALSE;
-}
-
-static polkit_bool_t
-_add_session_to_env (PolKitSession *session, GPtrArray *envp)
-{
- uid_t s_uid;
- char *s_ck_objref;
- polkit_bool_t s_ck_is_active;
- polkit_bool_t s_ck_is_local;
- char *s_ck_remote_host;
- PolKitSeat *s_seat;
-
- if (!polkit_session_get_uid (session, &s_uid))
- goto error;
- if (!polkit_session_get_ck_objref (session, &s_ck_objref))
- goto error;
- if (!polkit_session_get_ck_is_active (session, &s_ck_is_active))
- goto error;
- if (!polkit_session_get_ck_is_local (session, &s_ck_is_local))
- goto error;
- if (!s_ck_is_local)
- if (!polkit_session_get_ck_remote_host (session, &s_ck_remote_host))
- goto error;
- if (!polkit_session_get_seat (session, &s_seat))
- goto error;
-
- if (!_add_seat_to_env (s_seat, envp))
- goto error;
- g_ptr_array_add (envp, g_strdup_printf ("POLKIT_SESSION_UID=%d", (int) s_uid));
- g_ptr_array_add (envp, g_strdup_printf ("POLKIT_SESSION_CK_OBJREF=%s", s_ck_objref));
- g_ptr_array_add (envp, g_strdup_printf ("POLKIT_SESSION_CK_IS_ACTIVE=%d", s_ck_is_active));
- g_ptr_array_add (envp, g_strdup_printf ("POLKIT_SESSION_CK_IS_LOCAL=%d", s_ck_is_local));
- if (!s_ck_is_local)
- g_ptr_array_add (envp, g_strdup_printf ("POLKIT_SESSION_CK_REMOTE_HOST=%s", s_ck_remote_host));
- return TRUE;
-error:
- return FALSE;
-}
-
-static polkit_bool_t
-_add_caller_to_env (PolKitCaller *caller, GPtrArray *envp)
-{
- uid_t c_uid;
- pid_t c_pid;
- char *c_selinux_context;
- char *c_dbus_name;
- PolKitSession *c_session;
-
- if (!polkit_caller_get_uid (caller, &c_uid))
- goto error;
- if (!polkit_caller_get_pid (caller, &c_pid))
- goto error;
- if (!polkit_caller_get_dbus_name (caller, &c_dbus_name))
- goto error;
- if (!polkit_caller_get_selinux_context (caller, &c_selinux_context)) /* SELinux may not be available */
- c_selinux_context = NULL;
- if (!polkit_caller_get_ck_session (caller, &c_session)) /* Caller may not originate from a session */
- c_session = NULL;
-
- if (c_session != NULL)
- if (!_add_session_to_env (c_session, envp))
- goto error;
- g_ptr_array_add (envp, g_strdup_printf ("POLKIT_CALLER_UID=%d", (int) c_uid));
- g_ptr_array_add (envp, g_strdup_printf ("POLKIT_CALLER_PID=%d", (int) c_pid));
- g_ptr_array_add (envp, g_strdup_printf ("POLKIT_CALLER_DBUS_NAME=%s", c_dbus_name));
- if (c_selinux_context != NULL)
- g_ptr_array_add (envp, g_strdup_printf ("POLKIT_CALLER_SELINUX_CONTEXT=%s", c_selinux_context));
- return TRUE;
-error:
- return FALSE;
-}
-
-static polkit_bool_t
-_run_program (UserData *user_data, char **envp, PolKitResult *result)
-{
- int n;
- int exit_status;
- GError *g_error;
- char *prog_stdout;
- polkit_bool_t ret;
-
- g_error = NULL;
- prog_stdout = NULL;
- ret = FALSE;
-
- if (!g_spawn_sync ("/",
- user_data->program_argv,
- envp,
- 0,
- NULL,
- NULL,
- &prog_stdout,
- NULL,
- &exit_status,
- &g_error)) {
- g_warning ("error spawning '%s': %s", user_data->program_argv[0], g_error->message);
- g_error_free (g_error);
- goto error;
- }
-
- /* only care if the program returned 0 */
- if (exit_status != 0)
- goto error;
-
- /* only care about the first line */
- for (n = 0; prog_stdout[n] != '\n' && prog_stdout[n] != '\0'; n++)
- ;
- prog_stdout[n] = '\0';
-
- if (!polkit_result_from_string_representation (prog_stdout, result)) {
- g_warning ("malformed result '%s' from program", prog_stdout);
- goto error;
- }
-
- ret = TRUE;
-error:
- g_free (prog_stdout);
- return ret;
-}
-
-
-static PolKitResult
-_module_can_session_do_action (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitSession *session)
-{
- PolKitResult result;
- UserData *user_data;
- GPtrArray *envp;
-
- envp = NULL;
- result = POLKIT_RESULT_UNKNOWN_ACTION;
-
- user_data = polkit_module_get_user_data (module_interface);
-
- envp = g_ptr_array_new ();
-
- if (!_add_action_to_env (action, envp))
- goto error;
- if (!_add_session_to_env (session, envp))
- goto error;
- g_ptr_array_add (envp, g_strdup ("PATH=/usr/bin:/bin"));
- g_ptr_array_add (envp, g_strdup ("POLKIT_REQUEST_SESSION=1"));
- g_ptr_array_add (envp, NULL);
-
- if (!_run_program (user_data, (char **) envp->pdata, &result))
- goto error;
-
-error:
- if (envp != NULL) {
- g_ptr_array_foreach (envp, (GFunc) g_free, NULL);
- g_ptr_array_free (envp, TRUE);
- }
- return result;
-}
-
-static PolKitResult
-_module_can_caller_do_action (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitCaller *caller)
-{
- PolKitResult result;
- UserData *user_data;
- GPtrArray *envp;
-
- envp = NULL;
- result = POLKIT_RESULT_NO;
- user_data = polkit_module_get_user_data (module_interface);
-
- envp = g_ptr_array_new ();
- if (!_add_action_to_env (action, envp))
- goto error;
- if (!_add_caller_to_env (caller, envp))
- goto error;
- g_ptr_array_add (envp, g_strdup ("PATH=/usr/bin:/bin"));
- g_ptr_array_add (envp, g_strdup ("POLKIT_REQUEST_CALLER=1"));
- g_ptr_array_add (envp, NULL);
- if(!_run_program (user_data, (char **) envp->pdata, &result))
- goto error;
-
-error:
- if (envp != NULL) {
- g_ptr_array_foreach (envp, (GFunc) g_free, NULL);
- g_ptr_array_free (envp, TRUE);
- }
- return result;
-}
-
-polkit_bool_t
-polkit_module_set_functions (PolKitModuleInterface *module_interface)
-{
- polkit_bool_t ret;
-
- ret = FALSE;
- if (module_interface == NULL)
- goto out;
-
- polkit_module_set_func_initialize (module_interface, _module_init);
- polkit_module_set_func_shutdown (module_interface, _module_shutdown);
- polkit_module_set_func_can_session_do_action (module_interface, _module_can_session_do_action);
- polkit_module_set_func_can_caller_do_action (module_interface, _module_can_caller_do_action);
-
- ret = TRUE;
-out:
- return ret;
-}
diff --git a/policy/Makefile.am b/policy/Makefile.am
index 6cb4a86..5a6ff76 100644
--- a/policy/Makefile.am
+++ b/policy/Makefile.am
@@ -1,5 +1,5 @@
-polkit_privilegedir = $(sysconfdir)/PolicyKit/policy
+polkit_privilegedir = $(datadir)/PolicyKit/policy
dist_polkit_privilege_DATA =
diff --git a/polkit/Makefile.am b/polkit/Makefile.am
index c3968b4..8dfc805 100644
--- a/polkit/Makefile.am
+++ b/polkit/Makefile.am
@@ -30,8 +30,7 @@ libpolkitinclude_HEADERS =
polkit-policy-file-entry.h \
polkit-policy-file.h \
polkit-policy-cache.h \
- polkit-policy-default.h \
- polkit-module.h
+ polkit-policy-default.h
libpolkit_la_SOURCES = \
polkit.h \
@@ -48,8 +47,7 @@ libpolkit_la_SOURCES =
polkit-policy-cache.h polkit-policy-cache.c \
polkit-policy-default.h polkit-policy-default.c \
polkit-debug.h polkit-debug.c \
- polkit-utils.h polkit-utils.c \
- polkit-module.h polkit-module.c
+ polkit-utils.h polkit-utils.c
libpolkit_la_LIBADD = @GLIB_LIBS@ @EXPAT_LIBS@ -ldl
diff --git a/polkit/polkit-context.c b/polkit/polkit-context.c
index a1bb1d0..b099bd0 100644
--- a/polkit/polkit-context.c
+++ b/polkit/polkit-context.c
@@ -40,7 +40,6 @@
#include "polkit-debug.h"
#include "polkit-context.h"
#include "polkit-policy-cache.h"
-#include "polkit-module.h"
/**
* SECTION:polkit
@@ -75,8 +74,6 @@ struct PolKitContext
PolKitPolicyCache *priv_cache;
- GSList *modules;
-
polkit_bool_t load_descriptions;
};
@@ -96,138 +93,6 @@ polkit_context_new (void)
return pk_context;
}
-static polkit_bool_t
-unload_modules (PolKitContext *pk_context)
-{
- GSList *i;
- for (i = pk_context->modules; i != NULL; i = g_slist_next (i)) {
- PolKitModuleInterface *module_interface = i->data;
- polkit_module_interface_unref (module_interface);
- }
- g_slist_free (pk_context->modules);
- pk_context->modules = NULL;
- _pk_debug ("Unloaded modules");
-
- return TRUE;
-}
-
-static polkit_bool_t
-load_modules (PolKitContext *pk_context, PolKitError **error)
-{
- const char *config_file;
- polkit_bool_t ret;
- char *buf;
- char *end;
- char line[256];
- char *p;
- char *q;
- gsize len;
- int line_number;
- int mod_number;
- GError *g_error;
-
- ret = FALSE;
- buf = NULL;
- mod_number = 0;
-
- config_file = PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf";
- g_error = NULL;
- if (!g_file_get_contents (config_file,
- &buf,
- &len,
- &g_error)) {
- _pk_debug ("Cannot load PolicyKit configuration file at '%s'", config_file);
- polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID,
- "Cannot load PolicyKit configuration file at '%s': %s",
- config_file,
- g_error->message);
- g_error_free (g_error);
- goto out;
- }
-
- end = buf + len;
-
- /* parse the config file; one line at a time (yes, this is super ugly code) */
- p = buf;
- line_number = -1;
- while (TRUE) {
- int argc;
- char **tokens;
- char *module_name;
- char *module_path;
- PolKitModuleControl module_control;
- PolKitModuleInterface *module_interface;
-
- line_number++;
-
- q = p;
- while (*q != '\n' && q != '\0' && q < end)
- q++;
- if (*q == '\0' || q >= end) {
- /* skip last line if it's not terminated by whitespace */
- break;
- }
- if ((unsigned int) (q - p) > sizeof(line) - 1) {
- _pk_debug ("Line is too long; skipping it");
- continue;
- }
- strncpy (line, p, q - p);
- line[q - p] = '\0';
- p = q + 1;
-
- /* remove leading and trailing white space */
- g_strstrip (line);
-
- /* comments, blank lines are fine; just skip them */
- if (line[0] == '#' || strlen (line) == 0) {
- continue;
- }
-
- /*_pk_debug ("Looking at line: '%s'", line);*/
-
- if (!g_shell_parse_argv (line, &argc, &tokens, NULL)) {
- _pk_debug ("Cannot parse line %d - skipping", line_number);
- continue;
- }
- if (argc < 2) {
- _pk_debug ("Line %d is malformed - skipping line", line_number);
- g_strfreev (tokens);
- continue;
- }
- if (!polkit_module_control_from_string_representation (tokens[0], &module_control)) {
- _pk_debug ("Unknown module_control '%s' at line %d - skipping line", tokens[0], line_number);
- g_strfreev (tokens);
- continue;
- }
- module_name = tokens[1];
-
- module_path = g_strdup_printf (PACKAGE_LIB_DIR "/PolicyKit/modules/%s", module_name);
- _pk_debug ("MODULE: number=%d control=%d name=%s argc=%d",
- mod_number, module_control, module_name, argc - 1);
- module_interface = polkit_module_interface_load_module (module_path,
- module_control,
- argc - 1,
- tokens + 1);
- g_free (module_path);
-
- if (module_interface != NULL) {
- pk_context->modules = g_slist_append (pk_context->modules, module_interface);
- mod_number++;
- }
- g_strfreev (tokens);
-
- }
-
- ret = TRUE;
-
-out:
- if (buf != NULL)
- g_free (buf);
-
- _pk_debug ("Loaded %d modules in total", mod_number);
- return ret;
-}
-
static void
_config_file_events (PolKitContext *pk_context,
PolKitContextFileMonitorEvent event_mask,
@@ -235,8 +100,6 @@ _config_file_events (PolKitContext
void *user_data)
{
_pk_debug ("Config file changed");
- unload_modules (pk_context);
- load_modules (pk_context, NULL);
/* signal that our configuration (may have) changed */
if (pk_context->config_changed_cb) {
@@ -269,8 +132,8 @@ _policy_dir_events (PolKitContext
* @error: return location for error
*
* Initializes a new context; loads PolicyKit files from
- * /etc/PolicyKit/policy unless the environment variable
- * $POLKIT_POLICY_DIR points to a location.
+ * /usr/share/PolicyKit/policy unless the environment variable
+ * $POLKIT_POLICY_DIR points to another location.
*
* Returns: #FALSE if @error was set, otherwise #TRUE
**/
@@ -287,10 +150,6 @@ polkit_context_init (PolKitContext *pk_c
}
_pk_debug ("Using policy files from directory %s", pk_context->policy_dir);
- /* Load modules */
- if (!load_modules (pk_context, error))
- goto error;
-
/* don't populate the cache until it's needed.. */
if (pk_context->file_monitor_add_watch_func == NULL) {
@@ -316,11 +175,14 @@ polkit_context_init (PolKitContext *pk_c
}
return TRUE;
+
+#if 0
error:
if (pk_context != NULL)
polkit_context_unref (pk_context);
return FALSE;
+#endif
}
/**
@@ -356,8 +218,6 @@ polkit_context_unref (PolKitContext *pk_
if (pk_context->refcount > 0)
return;
- unload_modules (pk_context);
-
g_free (pk_context);
}
@@ -484,8 +344,6 @@ polkit_context_can_session_do_action (Po
PolKitPolicyCache *cache;
PolKitPolicyFileEntry *pfe;
PolKitResult current_result;
- PolKitModuleControl current_control;
- GSList *i;
current_result = POLKIT_RESULT_NO;
g_return_val_if_fail (pk_context != NULL, current_result);
@@ -522,8 +380,8 @@ polkit_context_can_session_do_action (Po
polkit_policy_file_entry_debug (pfe);
current_result = POLKIT_RESULT_UNKNOWN_ACTION;
- current_control = POLKIT_MODULE_CONTROL_ADVISE; /* start with advise */
+#if 0
/* visit modules */
for (i = pk_context->modules; i != NULL; i = g_slist_next (i)) {
PolKitModuleInterface *module_interface = i->data;
@@ -581,6 +439,7 @@ polkit_context_can_session_do_action (Po
}
}
}
+#endif
/* Never return UNKNOWN_ACTION to user */
if (current_result == POLKIT_RESULT_UNKNOWN_ACTION)
@@ -610,8 +469,6 @@ polkit_context_can_caller_do_action (Pol
PolKitPolicyCache *cache;
PolKitPolicyFileEntry *pfe;
PolKitResult current_result;
- PolKitModuleControl current_control;
- GSList *i;
current_result = POLKIT_RESULT_NO;
g_return_val_if_fail (pk_context != NULL, current_result);
@@ -648,8 +505,8 @@ polkit_context_can_caller_do_action (Pol
polkit_policy_file_entry_debug (pfe);
current_result = POLKIT_RESULT_UNKNOWN_ACTION;
- current_control = POLKIT_MODULE_CONTROL_ADVISE; /* start with advise */
+#if 0
/* visit modules */
for (i = pk_context->modules; i != NULL; i = g_slist_next (i)) {
PolKitModuleInterface *module_interface = i->data;
@@ -707,6 +564,7 @@ polkit_context_can_caller_do_action (Pol
}
}
}
+#endif
/* Never return UNKNOWN_ACTION to user */
if (current_result == POLKIT_RESULT_UNKNOWN_ACTION)
diff --git a/polkit/polkit-module.c b/polkit/polkit-module.c
deleted file mode 100644
index 833cc22..0000000
--- a/polkit/polkit-module.c
+++ /dev/null
@@ -1,683 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-module.c : PolicyKit loadable module interface
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-/**
- * SECTION:polkit-module
- * @short_description: PolicyKit loadable module interface
- *
- * These functions are used by loadable PolicyKit modules.
- **/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-#include <dlfcn.h>
-#include <regex.h>
-#include <pwd.h>
-#include <grp.h>
-#include <glib.h>
-#include <unistd.h>
-
-#include "polkit-debug.h"
-#include "polkit-module.h"
-
-/**
- * PolKitModuleInterface:
- *
- * Objects of this class are used to interface with PolicyKit modules
- **/
-struct PolKitModuleInterface
-{
- int refcount;
- void *dlopen_handle;
- char *name;
-
- void *module_user_data;
- PolKitModuleControl module_control;
-
- PolKitModuleInitialize func_initialize;
- PolKitModuleShutdown func_shutdown;
- PolKitModuleCanSessionDoAction func_can_session_do_action;
- PolKitModuleCanCallerDoAction func_can_caller_do_action;
-
- polkit_bool_t builtin_have_action_regex;
- regex_t builtin_action_regex_compiled;
-
- GSList *builtin_users;
-};
-
-static uid_t
-_util_name_to_uid (const char *username, gid_t *default_gid)
-{
- int rc;
- uid_t res;
- char *buf = NULL;
- unsigned int bufsize;
- struct passwd pwd;
- struct passwd *pwdp;
-
- res = (uid_t) -1;
-
- bufsize = sysconf (_SC_GETPW_R_SIZE_MAX);
- buf = g_new0 (char, bufsize);
-
- rc = getpwnam_r (username, &pwd, buf, bufsize, &pwdp);
- if (rc != 0 || pwdp == NULL) {
- /*g_warning ("getpwnam_r() returned %d", rc);*/
- goto out;
- }
-
- res = pwdp->pw_uid;
- if (default_gid != NULL)
- *default_gid = pwdp->pw_gid;
-
-out:
- g_free (buf);
- return res;
-}
-
-static void
-_parse_builtin_remove_option (int *argc, char *argv[], int position)
-{
- int n;
- for (n = position; n < *argc; n++)
- argv[n] = argv[n+1];
- (*argc)--;
-}
-
-static polkit_bool_t
-_parse_builtin (PolKitModuleInterface *mi, int *argc, char *argv[])
-{
- int n;
- polkit_bool_t ret;
-
- ret = FALSE;
-
- for (n = 1; n < *argc; ) {
- if (g_str_has_prefix (argv[n], "action=")) {
- const char *regex;
-
- if (mi->builtin_have_action_regex) {
- _pk_debug ("Already have option 'action='");
- goto error;
- }
-
- regex = argv[n] + 10;
- if (regcomp (&(mi->builtin_action_regex_compiled), regex, REG_EXTENDED) != 0) {
- _pk_debug ("Regex '%s' didn't compile", regex);
- goto error;
- }
- mi->builtin_have_action_regex = TRUE;
-
- _pk_debug ("Compiled regex '%s' for option 'action=' OK", regex);
-
- _parse_builtin_remove_option (argc, argv, n);
- } else if (g_str_has_prefix (argv[n], "user=")) {
- const char *user;
- uid_t uid;
- GSList *i;
-
- user = argv[n] + 5;
- uid = _util_name_to_uid (user, NULL);
- if ((int) uid == -1) {
- _pk_debug ("Unknown user name '%s'", user);
- goto error;
- }
-
- for (i = mi->builtin_users; i != NULL; i = g_slist_next (i)) {
- uid_t uid_in_list = GPOINTER_TO_INT (i->data);
- if (uid_in_list == uid) {
- _pk_debug ("Already have user '%s'", user);
- goto error;
- }
- }
-
- _pk_debug ("adding uid %d", uid);
- mi->builtin_users = g_slist_prepend (mi->builtin_users, GINT_TO_POINTER (uid));
-
- _parse_builtin_remove_option (argc, argv, n);
- } else {
- n++;
- }
- }
-
- ret = TRUE;
-
-error:
- return ret;
-}
-
-/**
- * polkit_module_interface_load_module:
- * @name: name of module, e.g. "polkit-module-default.so"
- * @module_control: the module control; from the configuration file
- * @argc: number arguments to pass
- * @argv: argument vector, the first argument must be the filename/path to the module
- *
- * Load and initialize a PolicyKit module
- *
- * Returns: A #PolKitModuleInterface object on success; #NULL on failure.
- **/
-PolKitModuleInterface *
-polkit_module_interface_load_module (const char *name, PolKitModuleControl module_control, int argc, char *argv[])
-{
- void *handle;
- PolKitModuleInterface *mi;
- polkit_bool_t (*func) (PolKitModuleInterface *);
-
- mi = NULL;
-
- _pk_debug ("loading %s", name);
-
- handle = dlopen (name, RTLD_NOW | RTLD_LOCAL);
- if (handle == NULL) {
- _pk_debug ("Cannot load module '%s'", name);
- goto error;
- }
-
- func = dlsym (handle, "polkit_module_set_functions");
- if (func == NULL) {
- _pk_debug ("Cannot get symbol 'polkit_module_set_functions' in module '%s'", name);
- goto error;
- }
-
- _pk_debug ("func = %p", func);
-
- mi = polkit_module_interface_new ();
- if (!func (mi)) {
- _pk_debug ("Module '%s' returned FALSE when asked to set functions", name);
- goto error;
- }
-
- if (mi->func_initialize == NULL) {
- _pk_debug ("Module '%s' didn't set initialize function", name);
- goto error;
- }
-
- if (mi->func_shutdown == NULL) {
- _pk_debug ("Module '%s' didn't set shutdown function", name);
- goto error;
- }
-
- if (!_parse_builtin (mi, &argc, argv)) {
- _pk_debug ("Error parsing built-in module options for '%s'", name);
- goto error;
- }
-
- if (!mi->func_initialize (mi, argc, argv)) {
- _pk_debug ("Module '%s' returned FALSE in initialization function", name);
- goto error;
- }
-
- mi->dlopen_handle = handle;
- mi->name = g_strdup (name);
- mi->module_control = module_control;
- return mi;
-error:
- if (mi != NULL)
- polkit_module_interface_unref (mi);
- if (handle != NULL)
- dlclose (handle);
- return NULL;
-}
-
-/**
- * polkit_module_get_name:
- * @module_interface: the module interface
- *
- * Get the name of the module
- *
- * Returns: name or #NULL if an error occured
- **/
-const char *
-polkit_module_get_name (PolKitModuleInterface *module_interface)
-{
- g_return_val_if_fail (module_interface != NULL, NULL);
- return module_interface->name;
-}
-
-
-/**
- * polkit_module_interface_new:
- *
- * Create a new #PolKitModuleInterface object.
- *
- * Returns: the new object
- **/
-PolKitModuleInterface *
-polkit_module_interface_new (void)
-{
- PolKitModuleInterface *module_interface;
- module_interface = g_new0 (PolKitModuleInterface, 1);
- module_interface->refcount = 1;
- return module_interface;
-}
-
-/**
- * polkit_module_interface_ref:
- * @module_interface: the module_interface object
- *
- * Increase reference count.
- *
- * Returns: the object
- **/
-PolKitModuleInterface *
-polkit_module_interface_ref (PolKitModuleInterface *module_interface)
-{
- g_return_val_if_fail (module_interface != NULL, module_interface);
- module_interface->refcount++;
- return module_interface;
-}
-
-/**
- * polkit_module_interface_unref:
- * @module_interface: the module_interface object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-polkit_module_interface_unref (PolKitModuleInterface *module_interface)
-{
- g_return_if_fail (module_interface != NULL);
- module_interface->refcount--;
- if (module_interface->refcount > 0)
- return;
-
- /* builtins */
- if (module_interface->builtin_have_action_regex)
- regfree (&module_interface->builtin_action_regex_compiled);
- g_slist_free (module_interface->builtin_users);
-
- /* shutdown the module and unload it */
- if (module_interface->func_shutdown != NULL)
- module_interface->func_shutdown (module_interface);
- if (module_interface->dlopen_handle != NULL)
- dlclose (module_interface->dlopen_handle);
-
- g_free (module_interface->name);
- g_free (module_interface);
-}
-
-/**
- * polkit_module_set_func_initialize:
- * @module_interface: the module interface
- * @func: the function pointer
- *
- * Set the function pointer.
- **/
-void
-polkit_module_set_func_initialize (PolKitModuleInterface *module_interface,
- PolKitModuleInitialize func)
-{
- g_return_if_fail (module_interface != NULL);
- module_interface->func_initialize = func;
-}
-
-/**
- * polkit_module_set_func_shutdown:
- * @module_interface: the module interface
- * @func: the function pointer
- *
- * Set the function pointer.
- **/
-void
-polkit_module_set_func_shutdown (PolKitModuleInterface *module_interface,
- PolKitModuleShutdown func)
-{
- g_return_if_fail (module_interface != NULL);
- module_interface->func_shutdown = func;
-}
-
-/**
- * polkit_module_set_func_can_session_do_action:
- * @module_interface: the module interface
- * @func: the function pointer
- *
- * Set the function pointer.
- **/
-void polkit_module_set_func_can_session_do_action (PolKitModuleInterface *module_interface,
- PolKitModuleCanSessionDoAction func)
-{
- g_return_if_fail (module_interface != NULL);
- module_interface->func_can_session_do_action = func;
-}
-
-/**
- * polkit_module_set_func_can_caller_do_action:
- * @module_interface: the module interface
- * @func: the function pointer
- *
- * Set the function pointer.
- **/
-void polkit_module_set_func_can_caller_do_action (PolKitModuleInterface *module_interface,
- PolKitModuleCanCallerDoAction func)
-{
- g_return_if_fail (module_interface != NULL);
- module_interface->func_can_caller_do_action = func;
-}
-
-/**
- * polkit_module_get_func_initialize:
- * @module_interface: the module interface
- *
- * Get the function pointer.
- *
- * Returns: Function pointer or #NULL if it's unavailable or an error occured
- **/
-PolKitModuleInitialize
-polkit_module_get_func_initialize (PolKitModuleInterface *module_interface)
-{
- g_return_val_if_fail (module_interface != NULL, NULL);
- return module_interface->func_initialize;
-}
-
-/**
- * polkit_module_get_func_shutdown:
- * @module_interface: the module interface
- *
- * Get the function pointer.
- *
- * Returns: Function pointer or #NULL if it's unavailable or an error occured
- **/
-PolKitModuleShutdown
-polkit_module_get_func_shutdown (PolKitModuleInterface *module_interface)
-{
- g_return_val_if_fail (module_interface != NULL, NULL);
- return module_interface->func_shutdown;
-}
-
-/**
- * polkit_module_get_func_can_session_do_action:
- * @module_interface: the module interface
- *
- * Get the function pointer.
- *
- * Returns: Function pointer or #NULL if it's unavailable or an error occured
- **/
-PolKitModuleCanSessionDoAction
-polkit_module_get_func_can_session_do_action (PolKitModuleInterface *module_interface)
-{
- g_return_val_if_fail (module_interface != NULL, NULL);
- return module_interface->func_can_session_do_action;
-}
-
-/**
- * polkit_module_get_func_can_caller_do_action:
- * @module_interface: the module interface
- *
- * Get the function pointer.
- *
- * Returns: Function pointer or #NULL if it's unavailable or an error occured
- **/
-PolKitModuleCanCallerDoAction
-polkit_module_get_func_can_caller_do_action (PolKitModuleInterface *module_interface)
-{
- g_return_val_if_fail (module_interface != NULL, NULL);
- return module_interface->func_can_caller_do_action;
-}
-
-
-/**
- * polkit_module_interface_get_control:
- * @module_interface: the module interface
- *
- * Get the control for this module.
- *
- * Returns: A #PolKitModuleControl value.
- **/
-PolKitModuleControl
-polkit_module_interface_get_control (PolKitModuleInterface *module_interface)
-{
- /* hmm, should we have UNKNOWN? */
- g_return_val_if_fail (module_interface != NULL, POLKIT_MODULE_CONTROL_MANDATORY);
- return module_interface->module_control;
-}
-
-static const struct {
- PolKitModuleControl module_control;
- const char *str;
-} mapping[] =
-{
- {POLKIT_MODULE_CONTROL_ADVISE, "advise"},
- {POLKIT_MODULE_CONTROL_MANDATORY, "mandatory"},
- {0, NULL}
-};
-
-/**
- * polkit_module_control_to_string_representation:
- * @module_control: the given value
- *
- * Gives a textual representation of a #PolKitModuleControl object.
- *
- * Returns: The textual representation or #NULL if the value passed is invalid
- **/
-const char *
-polkit_module_control_to_string_representation (PolKitModuleControl module_control)
-{
- if (module_control < 0 || module_control >= POLKIT_MODULE_CONTROL_N_CONTROLS) {
- g_warning ("The passed module control identifier, %d, is not valid", module_control);
- return NULL;
- }
-
- return mapping[module_control].str;
-}
-
-/**
- * polkit_module_control_from_string_representation:
- * @string: the textual representation
- * @out_module_control: return location for the value
- *
- * Given a textual representation of a #PolKitModuleControl object, find the #PolKitModuleControl value.
- *
- * Returns: TRUE if the textual representation was valid, otherwise FALSE
- **/
-polkit_bool_t
-polkit_module_control_from_string_representation (const char *string, PolKitModuleControl *out_module_control)
-{
- int n;
-
- g_return_val_if_fail (out_module_control != NULL, FALSE);
-
- for (n = 0; n < POLKIT_MODULE_CONTROL_N_CONTROLS; n++) {
- if (mapping[n].str == NULL)
- break;
- if (g_ascii_strcasecmp (mapping[n].str, string) == 0) {
- *out_module_control = mapping[n].module_control;
- goto found;
- }
- }
-
- return FALSE;
-found:
- return TRUE;
-}
-
-
-/**
- * polkit_module_set_user_data:
- * @module_interface: module interface
- * @user_data: user data to set
- *
- * Set user data. A PolicyKit module should use these instead of
- * global variables as multiple instances of the module may be
- * instantiated at the same time.
- **/
-void
-polkit_module_set_user_data (PolKitModuleInterface *module_interface, void *user_data)
-{
- g_return_if_fail (module_interface != NULL);
- module_interface->module_user_data = user_data;
-}
-
-/**
- * polkit_module_get_user_data:
- * @module_interface: module interface
- *
- * Get user data.
- *
- * Returns: The user data set with polkit_module_set_user_data()
- **/
-void *
-polkit_module_get_user_data (PolKitModuleInterface *module_interface)
-{
- g_return_val_if_fail (module_interface != NULL, NULL);
- return module_interface->module_user_data;
-}
-
-static polkit_bool_t
-_check_action (PolKitModuleInterface *module_interface, PolKitAction *action)
-{
- polkit_bool_t ret;
-
- ret = FALSE;
-
- if (module_interface->builtin_have_action_regex) {
- char *action_name;
- if (polkit_action_get_action_id (action, &action_name)) {
- if (regexec (&module_interface->builtin_action_regex_compiled,
- action_name, 0, NULL, 0) == 0) {
- ret = TRUE;
- }
- }
- } else {
- ret = TRUE;
- }
-
- return ret;
-}
-
-/*----*/
-
-static polkit_bool_t
-_check_uid_in_list (GSList *list, uid_t given_uid)
-{
- GSList *i;
-
- for (i = list; i != NULL; i = g_slist_next (i)) {
- uid_t uid = GPOINTER_TO_INT (i->data);
- if (given_uid == uid)
- return TRUE;
- }
- return FALSE;
-}
-
-static polkit_bool_t
-_check_users_for_session (PolKitModuleInterface *module_interface, PolKitSession *session)
-{
- uid_t uid;
- GSList *list;
- if ((list = module_interface->builtin_users) == NULL)
- return TRUE;
- if (session == NULL)
- return FALSE;
- if (!polkit_session_get_uid (session, &uid))
- return FALSE;
- return _check_uid_in_list (list, uid);
-}
-
-static polkit_bool_t
-_check_users_for_caller (PolKitModuleInterface *module_interface, PolKitCaller *caller)
-{
- uid_t uid;
- GSList *list;
- if ((list = module_interface->builtin_users) == NULL)
- return TRUE;
- if (caller == NULL)
- return FALSE;
- if (!polkit_caller_get_uid (caller, &uid))
- return FALSE;
- return _check_uid_in_list (list, uid);
-}
-
-
-/**
- * polkit_module_interface_check_builtin_confinement_for_session:
- * @module_interface: the given module
- * @pk_context: the PolicyKit context
- * @action: the type of access to check for
- * @session: the session in question
- *
- * Check whether some of the built-in module options (e.g. action="hal-storage-*",
- * user=davidz) confines the given module, e.g. whether it should be skipped.
- *
- * Returns: TRUE if, and only if, the module is confined from handling the request
- **/
-polkit_bool_t
-polkit_module_interface_check_builtin_confinement_for_session (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitSession *session)
-{
- polkit_bool_t ret;
- ret = TRUE;
-
- g_return_val_if_fail (module_interface != NULL, ret);
-
- if (!_check_action (module_interface, action))
- goto out;
- if (!_check_users_for_session (module_interface, session))
- goto out;
-
- /* not confined */
- ret = FALSE;
-out:
- return ret;
-}
-
-/**
- * polkit_module_interface_check_builtin_confinement_for_caller:
- * @module_interface: the given module
- * @pk_context: the PolicyKit context
- * @action: the type of access to check for
- * @caller: the caller in question
- *
- * Check whether some of the built-in module options (e.g. action="hal-storage-*",
- * user=davidz) confines the given module, e.g. whether it should be skipped.
- *
- * Returns: TRUE if, and only if, the module is confined from handling the request
- **/
-polkit_bool_t
-polkit_module_interface_check_builtin_confinement_for_caller (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitCaller *caller)
-{
- polkit_bool_t ret;
- ret = TRUE;
-
- g_return_val_if_fail (module_interface != NULL, ret);
-
- if (!_check_action (module_interface, action))
- goto out;
- if (!_check_users_for_caller (module_interface, caller))
- goto out;
-
- /* not confined */
- ret = FALSE;
-out:
- return ret;
-}
diff --git a/polkit/polkit-module.h b/polkit/polkit-module.h
deleted file mode 100644
index 02dd9ca..0000000
--- a/polkit/polkit-module.h
+++ /dev/null
@@ -1,163 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-module.h : PolicyKit loadable module interface
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_MODULE_H
-#define POLKIT_MODULE_H
-
-#include <polkit/polkit-types.h>
-#include <polkit/polkit.h>
-
-struct PolKitModuleInterface;
-typedef struct PolKitModuleInterface PolKitModuleInterface;
-
-/**
- * PolKitModuleInitialize:
- * @module_interface: the module interface
- * @argc: number of arguments to pass to module
- * @argv: arguments passed to module; the first argument is the filename/path to the module
- *
- * Type of PolicyKit module function to initialize the module.
- *
- * Returns: Whether the module was initialized.
- **/
-typedef polkit_bool_t (*PolKitModuleInitialize) (PolKitModuleInterface *module_interface,
- int argc,
- char *argv[]);
-
-/**
- * PolKitModuleShutdown:
- * @module_interface: the module interface
- *
- * Type of PolicyKit module function to shutdown the module.
- **/
-typedef void (*PolKitModuleShutdown) (PolKitModuleInterface *module_interface);
-
-/**
- * PolKitModuleCanSessionAccessDoAction:
- * @module_interface: the module interface
- * @pk_context: the PolicyKit context
- * @action: the type of access to check for
- * @session: the session in question
- *
- * Type of PolicyKit module function to implement polkit_can_session_access_do_action().
- *
- * Returns: the #PolKitResult
- **/
-typedef PolKitResult (*PolKitModuleCanSessionDoAction) (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitSession *session);
-
-/**
- * PolKitModuleCanCallerAccessDoAction:
- * @module_interface: the module interface
- * @pk_context: the PolicyKit context
- * @action: the type of access to check for
- * @caller: the caller in question
- *
- * Type of PolicyKit module function to implement polkit_can_caller_do_action().
- *
- * Returns: the #PolKitResult
- **/
-typedef PolKitResult (*PolKitModuleCanCallerDoAction) (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitCaller *caller);
-
-PolKitModuleInterface *polkit_module_interface_new (void);
-PolKitModuleInterface *polkit_module_interface_ref (PolKitModuleInterface *module_interface);
-void polkit_module_interface_unref (PolKitModuleInterface *module_interface);
-const char *polkit_module_get_name (PolKitModuleInterface *module_interface);
-
-void polkit_module_set_user_data (PolKitModuleInterface *module_interface, void *user_data);
-void *polkit_module_get_user_data (PolKitModuleInterface *module_interface);
-
-void polkit_module_set_func_initialize (PolKitModuleInterface *module_interface,
- PolKitModuleInitialize func);
-void polkit_module_set_func_shutdown (PolKitModuleInterface *module_interface,
- PolKitModuleShutdown func);
-void polkit_module_set_func_can_session_do_action (PolKitModuleInterface *module_interface,
- PolKitModuleCanSessionDoAction func);
-void polkit_module_set_func_can_caller_do_action (PolKitModuleInterface *module_interface,
- PolKitModuleCanCallerDoAction func);
-
-PolKitModuleInitialize polkit_module_get_func_initialize (PolKitModuleInterface *module_interface);
-PolKitModuleShutdown polkit_module_get_func_shutdown (PolKitModuleInterface *module_interface);
-PolKitModuleCanSessionDoAction polkit_module_get_func_can_session_do_action (PolKitModuleInterface *module_interface);
-PolKitModuleCanCallerDoAction polkit_module_get_func_can_caller_do_action (PolKitModuleInterface *module_interface);
-
-/**
- * PolKitModuleControl:
- * @POLKIT_MODULE_CONTROL_ADVISE: Allow modules, marked with #POLKIT_MODULE_CONTROL_MANDATORY, down the
- * stack to override results from this module. Modules down the stack that are also marked with
- * the #POLKIT_MODULE_CONTROL_ADVISE control will only take effect it they change the result to be "less strict".
- * @POLKIT_MODULE_CONTROL_MANDATORY: Always use results (unless it returns
- * #POLKIT_RESULT_UNKNOWN_ACTION for a given request) from this module, even if it changes whether the
- * result to be "more strict". . If a later module also uses this control, results from that module will override it.
- * @POLKIT_MODULE_CONTROL_N_CONTROLS: Number of control stanzas
- *
- * The control stanza for a PolicyKit module. This is read from the
- * PolicyKit configuration file (/etc/PolicyKit/PolicyKit.conf) that
- * defines the stacked order of the modules and is chosen by the
- * system administrator. See the definition of #PolKitResult for
- * the definition of "strict" with respect to result values.
- **/
-typedef enum
-{
- POLKIT_MODULE_CONTROL_ADVISE,
- POLKIT_MODULE_CONTROL_MANDATORY,
- POLKIT_MODULE_CONTROL_N_CONTROLS
-} PolKitModuleControl;
-
-const char *
-polkit_module_control_to_string_representation (PolKitModuleControl module_control);
-
-polkit_bool_t
-polkit_module_control_from_string_representation (const char *string, PolKitModuleControl *out_module_control);
-
-PolKitModuleInterface *polkit_module_interface_load_module (const char *name,
- PolKitModuleControl module_control,
- int argc, char *argv[]);
-
-PolKitModuleControl polkit_module_interface_get_control (PolKitModuleInterface *module_interface);
-
-
-polkit_bool_t
-polkit_module_interface_check_builtin_confinement_for_session (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitSession *session);
-
-polkit_bool_t
-polkit_module_interface_check_builtin_confinement_for_caller (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitCaller *caller);
-
-#endif /* POLKIT_MODULE_H */
diff --git a/polkit/polkit.h b/polkit/polkit.h
index 148ee25..581fbe3 100644
--- a/polkit/polkit.h
+++ b/polkit/polkit.h
@@ -39,7 +39,6 @@
#include <polkit/polkit-policy-file.h>
#include <polkit/polkit-policy-cache.h>
#include <polkit/polkit-policy-default.h>
-#include <polkit/polkit-module.h>
#undef _POLKIT_INSIDE_POLKIT_H
#endif /* POLKIT_H */
More information about the hal-commit
mailing list