PolicyKit: Branch 'master' - 3 commits
David Zeuthen
david at kemper.freedesktop.org
Tue Jun 19 17:00:32 PDT 2007
doc/api/polkit/polkit-docs.xml | 1
modules/Makefile.am | 3
modules/default/polkit-module-default.c | 38 +---
modules/grant/Makefile.am | 2
modules/grant/polkit-module-grant.c | 76 ++++----
polkit-dbus/polkit-dbus.c | 131 +++++++++++++
polkit-dbus/polkit-dbus.h | 2
polkit-grant/Makefile.am | 7
polkit-grant/polkit-grant-database.c | 303 ++++++++++++++++++++++++++++++++
polkit-grant/polkit-grant-database.h | 41 ++++
polkit-grant/polkit-grant-helper.c | 99 +++++++---
polkit-grant/polkit-grant.c | 45 ++--
polkit-grant/polkit-grant.h | 4
polkit/Makefile.am | 2
polkit/polkit-caller.c | 2
polkit/polkit-context.c | 111 +----------
polkit/polkit-context.h | 37 ---
polkit/polkit-module.c | 117 ++----------
polkit/polkit-module.h | 94 ++-------
polkit/polkit-policy-default.c | 141 ++++----------
polkit/polkit-policy-default.h | 24 +-
polkit/polkit-policy-file-entry.c | 110 +----------
polkit/polkit-policy-file-entry.h | 3
polkit/polkit-policy-file.c | 140 ++------------
polkit/polkit-resource.c | 232 ------------------------
polkit/polkit-resource.h | 52 -----
polkit/polkit.h | 1
tools/polkit-check-caller.c | 27 --
tools/polkit-check-session.c | 26 --
tools/polkit-grant.c | 23 --
tools/polkit-list-actions.c | 31 +--
31 files changed, 824 insertions(+), 1101 deletions(-)
New commits:
diff-tree 2ec20531b4976576f650acee5ed8f5fa3a3a9541 (from 874fa499deb2a7457d3f369d09f9e3d2288301b0)
Author: David Zeuthen <davidz at redhat.com>
Date: Tue Jun 19 19:59:54 2007 -0400
move all grant writing/checking into a separate private library
diff --git a/modules/grant/Makefile.am b/modules/grant/Makefile.am
index 2cea430..52ff52a 100644
--- a/modules/grant/Makefile.am
+++ b/modules/grant/Makefile.am
@@ -17,13 +17,9 @@ polkitmodule_LTLIBRARIES = \
$(NULL)
-polkit_module_grant_la_SOURCES = \
- $(top_srcdir)/polkit-grant/polkit-grant-database.h $(top_srcdir)/polkit-grant/polkit-grant-database.c \
- polkit-module-grant.c
-
-
+polkit_module_grant_la_SOURCES = polkit-module-grant.c
polkit_module_grant_la_LDFLAGS = -no-undefined -module -avoid-version
-polkit_module_grant_la_LIBADD = $(top_builddir)/polkit/libpolkit.la @GLIB_LIBS@
+polkit_module_grant_la_LIBADD = $(top_builddir)/polkit/libpolkit.la @GLIB_LIBS@ $(top_builddir)/polkit-grant/libpolkit-grant-private.la
clean-local :
rm -f *~
diff --git a/modules/grant/polkit-module-grant.c b/modules/grant/polkit-module-grant.c
index d1c3691..c0ea67b 100644
--- a/modules/grant/polkit-module-grant.c
+++ b/modules/grant/polkit-module-grant.c
@@ -65,13 +65,15 @@ _module_can_caller_do_action (PolKitModu
PolKitAction *action,
PolKitCaller *caller)
{
+ return _polkit_grantdb_check_can_caller_do_action (pk_context, action, caller);
+
+#if 0
char *grant_file;
PolKitSession *session;
PolKitResult result;
result = POLKIT_RESULT_UNKNOWN_ACTION;
-#if 0
/* file format:
*
* file: /var/[lib,run]/PolicyKit/grant/<action-name>.grant
@@ -184,9 +186,6 @@ _module_can_caller_do_action (PolKitModu
}
g_free (grant_file);
#endif
-
-out:
- return result;
}
polkit_bool_t
diff --git a/polkit-grant/Makefile.am b/polkit-grant/Makefile.am
index d8a39d7..4e1bc1c 100644
--- a/polkit-grant/Makefile.am
+++ b/polkit-grant/Makefile.am
@@ -12,6 +12,11 @@ INCLUDES = \
-D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \
@GLIB_CFLAGS@ @DBUS_CFLAGS@
+noinst_LTLIBRARIES=libpolkit-grant-private.la
+
+libpolkit_grant_private_la_SOURCES = \
+ polkit-grant-database.h polkit-grant-database.c
+
lib_LTLIBRARIES=libpolkit-grant.la
libpolkit_grantincludedir=$(includedir)/PolicyKit/polkit-grant
@@ -20,7 +25,6 @@ libpolkit_grantinclude_HEADERS =
polkit-grant.h
libpolkit_grant_la_SOURCES = \
- polkit-grant-database.h polkit-grant-database.c \
polkit-grant.h polkit-grant.c
libpolkit_grant_la_LIBADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/polkit/libpolkit.la
@@ -30,7 +34,7 @@ libpolkit_grant_la_LDFLAGS = -version-in
libexec_PROGRAMS = polkit-grant-helper
polkit_grant_helper_SOURCES = polkit-grant-helper.c
-polkit_grant_helper_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ @AUTH_LIBS@ $(top_builddir)/polkit/libpolkit.la $(top_builddir)/polkit-dbus/libpolkit-dbus.la
+polkit_grant_helper_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ @AUTH_LIBS@ $(top_builddir)/polkit/libpolkit.la $(top_builddir)/polkit-dbus/libpolkit-dbus.la $(top_builddir)/polkit-grant/libpolkit-grant-private.la
polkit_grant_alwaysdir = $(localstatedir)/lib/PolicyKit
dist_polkit_grant_always_DATA =
diff --git a/polkit-grant/polkit-grant-database.c b/polkit-grant/polkit-grant-database.c
new file mode 100644
index 0000000..c6f96de
--- /dev/null
+++ b/polkit-grant/polkit-grant-database.c
@@ -0,0 +1,303 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-grant-database.c : simple interface for storing and checking grants
+ *
+ * (This is an internal and private interface to PolicyKit. Do not use.)
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <errno.h>
+#include <string.h>
+#include <unistd.h>
+#include <fcntl.h>
+
+#include <glib.h>
+
+#include <polkit-grant/polkit-grant-database.h>
+
+/* TODO FIXME: this is Linux specific */
+static unsigned long long
+get_start_time_for_pid (pid_t pid)
+{
+ char *filename;
+ char *contents;
+ gsize length;
+ unsigned long long start_time;
+ GError *error = NULL;
+ char **tokens;
+ char *p;
+ char *endp;
+
+ start_time = 0;
+ contents = NULL;
+
+ filename = g_strdup_printf ("/proc/%d/stat", pid);
+ if (filename == NULL) {
+ fprintf (stderr, "Out of memory\n");
+ goto out;
+ }
+
+ if (!g_file_get_contents (filename, &contents, &length, &error)) {
+ fprintf (stderr, "Cannot get contents of '%s': %s\n", filename, error->message);
+ g_error_free (error);
+ goto out;
+ }
+
+ /* start time is the 19th token after the '(process name)' entry */
+
+ p = strchr (contents, ')');
+ if (p == NULL) {
+ goto out;
+ }
+ p += 2; /* skip ') ' */
+ if (p - contents >= (int) length) {
+ goto out;
+ }
+
+ tokens = g_strsplit (p, " ", 0);
+ if (g_strv_length (tokens) < 20) {
+ goto out;
+ }
+
+ start_time = strtoll (tokens[19], &endp, 10);
+ if (endp == tokens[19]) {
+ goto out;
+ }
+
+ g_strfreev (tokens);
+
+out:
+ g_free (filename);
+ g_free (contents);
+ return start_time;
+}
+
+#if 0
+static polkit_bool_t
+ensure_dir (const char *file)
+{
+ char *dirname;
+ polkit_bool_t ret;
+
+ ret = FALSE;
+
+ dirname = g_path_get_dirname (file);
+ if (dirname == NULL)
+ goto out;
+
+ if (g_file_test (dirname, G_FILE_TEST_EXISTS | G_FILE_TEST_IS_DIR)) {
+ /* TODO: check permissions? */
+ ret = TRUE;
+ goto out;
+ }
+
+ if (mkdir (dirname, 0570) != 0) {
+ fprintf (stderr, "Cannot create directory '%s': %s\n", dirname, strerror (errno));
+ goto out;
+ }
+
+ ret = TRUE;
+
+out:
+ return ret;
+}
+#endif
+
+static polkit_bool_t
+_polkit_grantdb_write (const char *grant_file)
+{
+ int fd;
+ polkit_bool_t ret;
+
+ ret = FALSE;
+
+#if 0
+ if (!ensure_dir (grant_file))
+ goto out;
+#endif
+
+ fd = open (grant_file, O_CREAT | O_RDWR, 0460);
+ if (fd < 0) {
+ fprintf (stderr, "Cannot create file '%s': %s\n", grant_file, strerror (errno));
+ goto out;
+ }
+ /* Yessir, the file is empty */
+ close (fd);
+
+ ret = TRUE;
+
+out:
+ return ret;
+}
+
+polkit_bool_t
+_polkit_grantdb_write_pid (const char *action_id, pid_t pid)
+{
+ char *grant_file;
+ polkit_bool_t ret = FALSE;
+ unsigned long long pid_start_time;
+
+ pid_start_time = get_start_time_for_pid (pid);
+ if (pid_start_time == 0)
+ goto out;
+
+ grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit/uid%d-pid-%d@%Lu-%s.grant",
+ getuid(), pid, pid_start_time, action_id);
+ if (grant_file == NULL) {
+ fprintf (stderr, "Out of memory\n");
+ goto out;
+ }
+
+ ret = _polkit_grantdb_write (grant_file);
+out:
+ return ret;
+}
+
+polkit_bool_t
+_polkit_grantdb_write_keep_session (const char *action_id, const char *session_id)
+{
+ char *grant_file;
+ polkit_bool_t ret = FALSE;
+
+ grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit/uid%d-session-%s-%s.grant",
+ getuid(), g_basename (session_id), action_id);
+ if (grant_file == NULL) {
+ fprintf (stderr, "Out of memory\n");
+ goto out;
+ }
+
+ ret = _polkit_grantdb_write (grant_file);
+out:
+ return ret;
+}
+
+polkit_bool_t
+_polkit_grantdb_write_keep_always (const char *action_id, uid_t uid)
+{
+ char *grant_file;
+ polkit_bool_t ret = FALSE;
+
+ grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit/uid%d/%s.grant",
+ getuid(), action_id);
+ if (grant_file == NULL) {
+ fprintf (stderr, "Out of memory\n");
+ goto out;
+ }
+
+ ret = _polkit_grantdb_write (grant_file);
+out:
+ return ret;
+}
+
+PolKitResult
+_polkit_grantdb_check_can_caller_do_action (PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitCaller *caller)
+{
+ char *grant_file;
+ PolKitResult result;
+ char *action_id;
+ uid_t invoking_user_id;
+ pid_t invoking_process_id;
+ PolKitSession *session;
+ char *session_objpath;
+ unsigned long long pid_start_time;
+
+ grant_file = NULL;
+ result = POLKIT_RESULT_UNKNOWN_ACTION;
+
+ if (caller == NULL)
+ goto out;
+
+ if (!polkit_action_get_action_id (action, &action_id))
+ goto out;
+
+ if (!polkit_caller_get_uid (caller, &invoking_user_id))
+ goto out;
+
+ if (!polkit_caller_get_pid (caller, &invoking_process_id))
+ goto out;
+
+ session_objpath = NULL;
+ if (polkit_caller_get_ck_session (caller, &session)) {
+ if (!polkit_session_get_ck_objref (session, &session_objpath))
+ session_objpath = NULL;
+ }
+
+ pid_start_time = get_start_time_for_pid (invoking_process_id);
+ if (pid_start_time == 0)
+ goto out;
+
+ /* first check what _write_pid may have left */
+ grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit/uid%d-pid-%d@%Lu-%s.grant",
+ invoking_user_id, invoking_process_id, pid_start_time, action_id);
+ if (grant_file == NULL) {
+ fprintf (stderr, "Out of memory\n");
+ g_free (grant_file);
+ goto out;
+ }
+ if (g_file_test (grant_file, G_FILE_TEST_EXISTS)) {
+ result = POLKIT_RESULT_YES;
+ g_free (grant_file);
+ goto out;
+ }
+ g_free (grant_file);
+
+ /* second, check what _keep_session may have left */
+ if (session_objpath != NULL) {
+ grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit/uid%d-session-%s-%s.grant",
+ invoking_user_id, g_basename (session_objpath), action_id);
+ if (grant_file == NULL) {
+ fprintf (stderr, "Out of memory\n");
+ g_free (grant_file);
+ goto out;
+ }
+ if (g_file_test (grant_file, G_FILE_TEST_EXISTS)) {
+ result = POLKIT_RESULT_YES;
+ g_free (grant_file);
+ goto out;
+ }
+ g_free (grant_file);
+ }
+
+ /* finally, check what _keep_always may have left */
+ if (session_objpath != NULL) {
+ grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit/uid%d/%s.grant",
+ invoking_user_id, action_id);
+ if (grant_file == NULL) {
+ fprintf (stderr, "Out of memory\n");
+ g_free (grant_file);
+ goto out;
+ }
+ if (g_file_test (grant_file, G_FILE_TEST_EXISTS)) {
+ result = POLKIT_RESULT_YES;
+ g_free (grant_file);
+ goto out;
+ }
+ g_free (grant_file);
+ }
+
+out:
+ return result;
+}
diff --git a/polkit-grant/polkit-grant-database.h b/polkit-grant/polkit-grant-database.h
new file mode 100644
index 0000000..dd53e8e
--- /dev/null
+++ b/polkit-grant/polkit-grant-database.h
@@ -0,0 +1,41 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-grant-database.h : simple interface for storing and checking grants
+ *
+ * (This is an internal and private interface to PolicyKit. Do not use.)
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#ifndef POLKIT_GRANT_DATABASE_H
+#define POLKIT_GRANT_DATABASE_H
+
+#include <polkit/polkit.h>
+
+PolKitResult _polkit_grantdb_check_can_caller_do_action (PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitCaller *caller);
+
+polkit_bool_t _polkit_grantdb_write_keep_always (const char *action_id, uid_t uid);
+
+polkit_bool_t _polkit_grantdb_write_keep_session (const char *action_id, const char *session_id);
+
+polkit_bool_t _polkit_grantdb_write_pid (const char *action_id, pid_t pid);
+
+#endif /* POLKIT_GRANT_DATABASE_H */
diff --git a/polkit-grant/polkit-grant-helper.c b/polkit-grant/polkit-grant-helper.c
index 7cbe07f..8d12f40 100644
--- a/polkit-grant/polkit-grant-helper.c
+++ b/polkit-grant/polkit-grant-helper.c
@@ -363,6 +363,7 @@ main (int argc, char *argv[])
gid_t egid;
struct group *group;
struct passwd *pw;
+ polkit_bool_t dbres;
ret = 3;
@@ -461,7 +462,35 @@ main (int argc, char *argv[])
goto out;
}
- fprintf (stderr, "OK; TODO: write to database\n");
+ fprintf (stderr, "OK; TODO: write to database: action_id=%s session_id=%s pid=%d\n",
+ action_name, session_objpath, caller_pid);
+
+ switch (result) {
+ case POLKIT_RESULT_ONLY_VIA_ROOT_AUTH:
+ case POLKIT_RESULT_ONLY_VIA_SELF_AUTH:
+ dbres = _polkit_grantdb_write_pid (action_name, caller_pid);
+ break;
+
+ case POLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_SESSION:
+ case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION:
+ dbres = _polkit_grantdb_write_keep_session (action_name, session_objpath);
+ break;
+
+ case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS:
+ case POLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_ALWAYS:
+ dbres = _polkit_grantdb_write_keep_always (action_name, invoking_user_id);
+ break;
+
+ default:
+ /* should never happen */
+ goto out;
+ }
+
+ if (!dbres) {
+ fprintf (stderr, "polkit-grant-helper: failed to write to grantdb\n");
+ goto out;
+ }
+
#if 0
/* TODO: FIXME: XXX: this format of storing granted privileges needs be redone
*
diff-tree 874fa499deb2a7457d3f369d09f9e3d2288301b0 (from 169c130d4e517371c64d2c2832d323592d38ea7b)
Author: David Zeuthen <davidz at redhat.com>
Date: Tue Jun 19 16:41:49 2007 -0400
remove the distinction for local vs. remote users
Again, we punt this to the applications/mechanisms - they know better.
diff --git a/polkit-grant/polkit-grant.c b/polkit-grant/polkit-grant.c
index fcd2511..39385eb 100644
--- a/polkit-grant/polkit-grant.c
+++ b/polkit-grant/polkit-grant.c
@@ -413,8 +413,8 @@ polkit_grant_initiate_auth (PolKitGrant
/* TODO: verify incoming args */
- helper_argv[0] = "/home/davidz/Hacking/PolicyKit/polkit-grant/.libs/polkit-grant-helper";
- // TODO FIXME: helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-grant-helper";
+ /* helper_argv[0] = "/home/davidz/Hacking/PolicyKit/polkit-grant/.libs/polkit-grant-helper"; */
+ helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-grant-helper";
if (dbus_name == NULL)
helper_argv[1] = "";
else
diff --git a/polkit/polkit-policy-default.c b/polkit/polkit-policy-default.c
index d9949cb..510d6ad 100644
--- a/polkit/polkit-policy-default.c
+++ b/polkit/polkit-policy-default.c
@@ -57,31 +57,23 @@
struct PolKitPolicyDefault
{
int refcount;
- PolKitResult default_remote_inactive;
- PolKitResult default_remote_active;
- PolKitResult default_local_inactive;
- PolKitResult default_local_active;
+ PolKitResult default_inactive;
+ PolKitResult default_active;
};
-extern PolKitPolicyDefault *_polkit_policy_default_new (PolKitResult defaults_allow_remote_inactive,
- PolKitResult defaults_allow_remote_active,
- PolKitResult defaults_allow_local_inactive,
- PolKitResult defaults_allow_local_active);
+extern PolKitPolicyDefault *_polkit_policy_default_new (PolKitResult defaults_allow_inactive,
+ PolKitResult defaults_allow_active);
PolKitPolicyDefault *
-_polkit_policy_default_new (PolKitResult defaults_allow_remote_inactive,
- PolKitResult defaults_allow_remote_active,
- PolKitResult defaults_allow_local_inactive,
- PolKitResult defaults_allow_local_active)
+_polkit_policy_default_new (PolKitResult defaults_allow_inactive,
+ PolKitResult defaults_allow_active)
{
PolKitPolicyDefault *pd;
pd = g_new0 (PolKitPolicyDefault, 1);
pd->refcount = 1;
- pd->default_remote_inactive = defaults_allow_remote_inactive;
- pd->default_remote_active = defaults_allow_remote_active;
- pd->default_local_inactive = defaults_allow_local_inactive;
- pd->default_local_active = defaults_allow_local_active;
+ pd->default_inactive = defaults_allow_inactive;
+ pd->default_active = defaults_allow_active;
return pd;
}
@@ -130,15 +122,11 @@ polkit_policy_default_debug (PolKitPolic
{
g_return_if_fail (policy_default != NULL);
_pk_debug ("PolKitPolicyDefault: refcount=%d\n"
- " default_remote_inactive=%s\n"
- " default_remote_active=%s\n"
- " default_local_inactive=%s\n"
- " default_local_active=%s",
+ " default_inactive=%s\n"
+ " default_active=%s",
policy_default->refcount,
- polkit_result_to_string_representation (policy_default->default_remote_inactive),
- polkit_result_to_string_representation (policy_default->default_remote_active),
- polkit_result_to_string_representation (policy_default->default_local_inactive),
- polkit_result_to_string_representation (policy_default->default_local_active));
+ polkit_result_to_string_representation (policy_default->default_inactive),
+ polkit_result_to_string_representation (policy_default->default_active));
}
@@ -175,18 +163,13 @@ polkit_policy_default_can_session_do_act
if (!polkit_session_get_ck_is_active (session, &is_active))
goto out;
- if (is_local) {
- if (is_active) {
- ret = policy_default->default_local_active;
- } else {
- ret = policy_default->default_local_inactive;
- }
+ if (!is_local)
+ goto out;
+
+ if (is_active) {
+ ret = policy_default->default_active;
} else {
- if (is_active) {
- ret = policy_default->default_remote_active;
- } else {
- ret = policy_default->default_remote_inactive;
- }
+ ret = policy_default->default_inactive;
}
out:
return ret;
@@ -230,55 +213,21 @@ polkit_policy_default_can_caller_do_acti
if (!polkit_session_get_ck_is_active (session, &is_active))
goto out;
- if (is_local) {
- if (is_active) {
- ret = policy_default->default_local_active;
- } else {
- ret = policy_default->default_local_inactive;
- }
+ if (!is_local)
+ goto out;
+
+ if (is_active) {
+ ret = policy_default->default_active;
} else {
- if (is_active) {
- ret = policy_default->default_remote_active;
- } else {
- ret = policy_default->default_remote_inactive;
- }
+ ret = policy_default->default_inactive;
}
+
out:
return ret;
}
/**
- * polkit_policy_default_get_allow_remote_inactive:
- * @policy_default: the object
- *
- * Get default policy.
- *
- * Returns: default policy
- **/
-PolKitResult
-polkit_policy_default_get_allow_remote_inactive (PolKitPolicyDefault *policy_default)
-{
- g_return_val_if_fail (policy_default != NULL, POLKIT_RESULT_NO);
- return policy_default->default_remote_inactive;
-}
-
-/**
- * polkit_policy_default_get_allow_remote_active:
- * @policy_default: the object
- *
- * Get default policy.
- *
- * Returns: default policy
- **/
-PolKitResult
-polkit_policy_default_get_allow_remote_active (PolKitPolicyDefault *policy_default)
-{
- g_return_val_if_fail (policy_default != NULL, POLKIT_RESULT_NO);
- return policy_default->default_remote_active;
-}
-
-/**
- * polkit_policy_default_get_allow_local_inactive:
+ * polkit_policy_default_get_allow_inactive:
* @policy_default: the object
*
* Get default policy.
@@ -286,14 +235,14 @@ polkit_policy_default_get_allow_remote_a
* Returns: default policy
**/
PolKitResult
-polkit_policy_default_get_allow_local_inactive (PolKitPolicyDefault *policy_default)
+polkit_policy_default_get_allow_inactive (PolKitPolicyDefault *policy_default)
{
g_return_val_if_fail (policy_default != NULL, POLKIT_RESULT_NO);
- return policy_default->default_local_inactive;
+ return policy_default->default_inactive;
}
/**
- * polkit_policy_default_get_allow_local_active:
+ * polkit_policy_default_get_allow_active:
* @policy_default: the object
*
* Get default policy.
@@ -301,9 +250,9 @@ polkit_policy_default_get_allow_local_in
* Returns: default policy
**/
PolKitResult
-polkit_policy_default_get_allow_local_active (PolKitPolicyDefault *policy_default)
+polkit_policy_default_get_allow_active (PolKitPolicyDefault *policy_default)
{
g_return_val_if_fail (policy_default != NULL, POLKIT_RESULT_NO);
- return policy_default->default_local_active;
+ return policy_default->default_active;
}
diff --git a/polkit/polkit-policy-default.h b/polkit/polkit-policy-default.h
index 68b6946..2a6b48a 100644
--- a/polkit/polkit-policy-default.h
+++ b/polkit/polkit-policy-default.h
@@ -51,10 +51,8 @@ PolKitResult polkit_policy_default_can_c
PolKitAction *action,
PolKitCaller *caller);
-PolKitResult polkit_policy_default_get_allow_remote_inactive (PolKitPolicyDefault *policy_default);
-PolKitResult polkit_policy_default_get_allow_remote_active (PolKitPolicyDefault *policy_default);
-PolKitResult polkit_policy_default_get_allow_local_inactive (PolKitPolicyDefault *policy_default);
-PolKitResult polkit_policy_default_get_allow_local_active (PolKitPolicyDefault *policy_default);
+PolKitResult polkit_policy_default_get_allow_inactive (PolKitPolicyDefault *policy_default);
+PolKitResult polkit_policy_default_get_allow_active (PolKitPolicyDefault *policy_default);
/* TODO: export knobs for "default policy" */
diff --git a/polkit/polkit-policy-file-entry.c b/polkit/polkit-policy-file-entry.c
index c0c7941..988b9c2 100644
--- a/polkit/polkit-policy-file-entry.c
+++ b/polkit/polkit-policy-file-entry.c
@@ -63,39 +63,27 @@ struct PolKitPolicyFileEntry
PolKitPolicyDefault *defaults;
char *group_description;
- char *group_description_short;
char *policy_description;
- char *policy_missing;
- char *policy_apply_all_mnemonic;
};
extern void _polkit_policy_file_entry_set_descriptions (PolKitPolicyFileEntry *pfe,
const char *group_description,
- const char *group_description_short,
- const char *policy_description,
- const char *policy_missing,
- const char *policy_apply_all_mnemonic);
+ const char *policy_description);
-extern PolKitPolicyDefault *_polkit_policy_default_new (PolKitResult defaults_allow_remote_inactive,
- PolKitResult defaults_allow_remote_active,
- PolKitResult defaults_allow_local_inactive,
- PolKitResult defaults_allow_local_active);
+extern PolKitPolicyDefault *_polkit_policy_default_new (PolKitResult defaults_allow_inactive,
+ PolKitResult defaults_allow_active);
extern PolKitPolicyFileEntry *_polkit_policy_file_entry_new (const char *action_group_id,
const char *action_id,
- PolKitResult defaults_allow_remote_inactive,
- PolKitResult defaults_allow_remote_active,
- PolKitResult defaults_allow_local_inactive,
- PolKitResult defaults_allow_local_active);
+ PolKitResult defaults_allow_inactive,
+ PolKitResult defaults_allow_active);
extern PolKitPolicyFileEntry *
_polkit_policy_file_entry_new (const char *action_group_id,
const char *action_id,
- PolKitResult defaults_allow_remote_inactive,
- PolKitResult defaults_allow_remote_active,
- PolKitResult defaults_allow_local_inactive,
- PolKitResult defaults_allow_local_active)
+ PolKitResult defaults_allow_inactive,
+ PolKitResult defaults_allow_active)
{
PolKitPolicyFileEntry *pfe;
@@ -104,10 +92,8 @@ _polkit_policy_file_entry_new (const c
pfe->action = g_strdup (action_id);
pfe->group = g_strdup (action_group_id);
- pfe->defaults = _polkit_policy_default_new (defaults_allow_remote_inactive,
- defaults_allow_remote_active,
- defaults_allow_local_inactive,
- defaults_allow_local_active);
+ pfe->defaults = _polkit_policy_default_new (defaults_allow_inactive,
+ defaults_allow_active);
if (pfe->defaults == NULL)
goto error;
@@ -121,17 +107,11 @@ error:
void
_polkit_policy_file_entry_set_descriptions (PolKitPolicyFileEntry *policy_file_entry,
const char *group_description,
- const char *group_description_short,
- const char *policy_description,
- const char *policy_missing,
- const char *policy_apply_all_mnemonic)
+ const char *policy_description)
{
g_return_if_fail (policy_file_entry != NULL);
policy_file_entry->group_description = g_strdup (group_description);
- policy_file_entry->group_description_short = g_strdup (group_description_short);
policy_file_entry->policy_description = g_strdup (policy_description);
- policy_file_entry->policy_missing = g_strdup (policy_missing);
- policy_file_entry->policy_apply_all_mnemonic = g_strdup (policy_apply_all_mnemonic);
}
/**
@@ -154,25 +134,6 @@ polkit_policy_file_get_group_description
}
/**
- * polkit_policy_file_get_group_description_short:
- * @policy_file_entry: the object
- *
- * Get the short description of the group that this policy entry describes.
- *
- * Note, if polkit_context_set_load_descriptions() on the
- * #PolKitContext object used to get this object wasn't called, this
- * method will return #NULL.
- *
- * Returns: string or #NULL if descriptions are not loaded - caller shall not free this string
- **/
-const char *
-polkit_policy_file_get_group_description_short (PolKitPolicyFileEntry *policy_file_entry)
-{
- g_return_val_if_fail (policy_file_entry != NULL, NULL);
- return policy_file_entry->group_description_short;
-}
-
-/**
* polkit_policy_file_get_action_description:
* @policy_file_entry: the object
*
@@ -192,54 +153,6 @@ polkit_policy_file_get_action_descriptio
}
/**
- * polkit_policy_file_get_action_missing:
- * @policy_file_entry: the object
- *
- * Get a phrase, for the policy entry in question, that can be shown
- * in the user interface explaining that the caller doesn't possess
- * the privilege to perform the given action.
- *
- * The returned string may contain a single %s entry - the caller
- * should use a printf-style function to replace this with a human
- * readable description of the resource in question.
- *
- * Note, if polkit_context_set_load_descriptions() on the
- * #PolKitContext object used to get this object wasn't called, this
- * method will return #NULL.
- *
- * Returns: string or #NULL if descriptions are not loaded - caller shall not free this string
- **/
-const char *
-polkit_policy_file_get_action_missing (PolKitPolicyFileEntry *policy_file_entry)
-{
- g_return_val_if_fail (policy_file_entry != NULL, NULL);
- return policy_file_entry->policy_missing;
-}
-
-/**
- * polkit_policy_file_get_action_apply_to_all_mnemonic:
- * @policy_file_entry: the object
- *
- * Get a phrase, for the policy entry in question, that can be shown
- * in the user interface for a checkbox whether the grant of a
- * privilege should apply to all resources. The string may contain a
- * single underscore to indicate a mnemonic shortcut.
- *
- * Note, if polkit_context_set_load_descriptions() on the
- * #PolKitContext object used to get this object wasn't called, this
- * method will return #NULL.
- *
- * Returns: string or #NULL if descriptions are not loaded - caller shall not free this string
- **/
-const char *
-polkit_policy_file_get_action_apply_to_all_mnemonic (PolKitPolicyFileEntry *policy_file_entry)
-{
- g_return_val_if_fail (policy_file_entry != NULL, NULL);
- return policy_file_entry->policy_apply_all_mnemonic;
-}
-
-
-/**
* polkit_policy_file_entry_ref:
* @policy_file_entry: the policy file object
*
@@ -275,10 +188,7 @@ polkit_policy_file_entry_unref (PolKitPo
polkit_policy_default_unref (policy_file_entry->defaults);
g_free (policy_file_entry->group_description);
- g_free (policy_file_entry->group_description_short);
g_free (policy_file_entry->policy_description);
- g_free (policy_file_entry->policy_missing);
- g_free (policy_file_entry->policy_apply_all_mnemonic);
g_free (policy_file_entry);
}
diff --git a/polkit/polkit-policy-file.c b/polkit/polkit-policy-file.c
index 043fe90..7e67a15 100644
--- a/polkit/polkit-policy-file.c
+++ b/polkit/polkit-policy-file.c
@@ -66,26 +66,19 @@ struct PolKitPolicyFile
extern PolKitPolicyFileEntry *_polkit_policy_file_entry_new (const char *action_group_id,
const char *action_id,
- PolKitResult defaults_allow_remote_inactive,
- PolKitResult defaults_allow_remote_active,
- PolKitResult defaults_allow_local_inactive,
- PolKitResult defaults_allow_local_active);
+ PolKitResult defaults_allow_inactive,
+ PolKitResult defaults_allow_active);
enum {
STATE_NONE,
STATE_IN_POLICY_CONFIG,
STATE_IN_GROUP,
STATE_IN_GROUP_DESCRIPTION,
- STATE_IN_GROUP_DESCRIPTION_SHORT,
STATE_IN_POLICY,
STATE_IN_POLICY_DESCRIPTION,
- STATE_IN_POLICY_MISSING,
- STATE_IN_POLICY_APPLY_TO_ALL_MNEMONIC,
STATE_IN_DEFAULTS,
- STATE_IN_DEFAULTS_ALLOW_REMOTE_INACTIVE,
- STATE_IN_DEFAULTS_ALLOW_REMOTE_ACTIVE,
- STATE_IN_DEFAULTS_ALLOW_LOCAL_INACTIVE,
- STATE_IN_DEFAULTS_ALLOW_LOCAL_ACTIVE
+ STATE_IN_DEFAULTS_ALLOW_INACTIVE,
+ STATE_IN_DEFAULTS_ALLOW_ACTIVE
};
typedef struct {
@@ -94,20 +87,15 @@ typedef struct {
char *group_id;
char *action_id;
- PolKitResult defaults_allow_remote_inactive;
- PolKitResult defaults_allow_remote_active;
- PolKitResult defaults_allow_local_inactive;
- PolKitResult defaults_allow_local_active;
+ PolKitResult defaults_allow_inactive;
+ PolKitResult defaults_allow_active;
PolKitPolicyFile *pf;
polkit_bool_t load_descriptions;
char *group_description;
- char *group_description_short;
char *policy_description;
- char *policy_missing;
- char *policy_apply_all_mnemonic;
} ParserData;
static void
@@ -137,9 +125,7 @@ _start (void *data, const char *el, cons
state = STATE_IN_GROUP;
g_free (pd->group_description);
- g_free (pd->group_description_short);
pd->group_description = NULL;
- pd->group_description_short = NULL;
}
break;
case STATE_IN_GROUP:
@@ -151,57 +137,33 @@ _start (void *data, const char *el, cons
state = STATE_IN_POLICY;
pd->policy_description = NULL;
- pd->policy_missing = NULL;
- pd->policy_apply_all_mnemonic = NULL;
/* initialize defaults */
- pd->defaults_allow_remote_inactive = POLKIT_RESULT_NO;
- pd->defaults_allow_remote_active = POLKIT_RESULT_NO;
- pd->defaults_allow_local_inactive = POLKIT_RESULT_NO;
- pd->defaults_allow_local_active = POLKIT_RESULT_NO;
+ pd->defaults_allow_inactive = POLKIT_RESULT_NO;
+ pd->defaults_allow_active = POLKIT_RESULT_NO;
}
else if (strcmp (el, "description") == 0)
state = STATE_IN_GROUP_DESCRIPTION;
- else if (strcmp (el, "description_short") == 0)
- state = STATE_IN_GROUP_DESCRIPTION_SHORT;
break;
case STATE_IN_GROUP_DESCRIPTION:
break;
- case STATE_IN_GROUP_DESCRIPTION_SHORT:
- break;
case STATE_IN_POLICY:
if (strcmp (el, "defaults") == 0)
state = STATE_IN_DEFAULTS;
else if (strcmp (el, "description") == 0)
state = STATE_IN_POLICY_DESCRIPTION;
- else if (strcmp (el, "missing") == 0)
- state = STATE_IN_POLICY_MISSING;
- else if (strcmp (el, "apply_to_all_mnemonic") == 0)
- state = STATE_IN_POLICY_APPLY_TO_ALL_MNEMONIC;
break;
case STATE_IN_POLICY_DESCRIPTION:
break;
- case STATE_IN_POLICY_MISSING:
- break;
- case STATE_IN_POLICY_APPLY_TO_ALL_MNEMONIC:
- break;
case STATE_IN_DEFAULTS:
- if (strcmp (el, "allow_remote_inactive") == 0)
- state = STATE_IN_DEFAULTS_ALLOW_REMOTE_INACTIVE;
- else if (strcmp (el, "allow_remote_active") == 0)
- state = STATE_IN_DEFAULTS_ALLOW_REMOTE_ACTIVE;
- else if (strcmp (el, "allow_local_inactive") == 0)
- state = STATE_IN_DEFAULTS_ALLOW_LOCAL_INACTIVE;
- else if (strcmp (el, "allow_local_active") == 0)
- state = STATE_IN_DEFAULTS_ALLOW_LOCAL_ACTIVE;
- break;
- case STATE_IN_DEFAULTS_ALLOW_REMOTE_INACTIVE:
+ if (strcmp (el, "allow_inactive") == 0)
+ state = STATE_IN_DEFAULTS_ALLOW_INACTIVE;
+ else if (strcmp (el, "allow_active") == 0)
+ state = STATE_IN_DEFAULTS_ALLOW_ACTIVE;
break;
- case STATE_IN_DEFAULTS_ALLOW_REMOTE_ACTIVE:
+ case STATE_IN_DEFAULTS_ALLOW_INACTIVE:
break;
- case STATE_IN_DEFAULTS_ALLOW_LOCAL_INACTIVE:
- break;
- case STATE_IN_DEFAULTS_ALLOW_LOCAL_ACTIVE:
+ case STATE_IN_DEFAULTS_ALLOW_ACTIVE:
break;
default:
break;
@@ -231,42 +193,17 @@ _cdata (void *data, const char *s, int l
pd->group_description = g_strdup (str);
break;
- case STATE_IN_GROUP_DESCRIPTION_SHORT:
- if (pd->load_descriptions)
- pd->group_description_short = g_strdup (str);
- break;
-
case STATE_IN_POLICY_DESCRIPTION:
if (pd->load_descriptions)
pd->policy_description = g_strdup (str);
break;
- case STATE_IN_POLICY_MISSING:
- if (pd->load_descriptions)
- pd->policy_missing = g_strdup (str);
- break;
-
- case STATE_IN_POLICY_APPLY_TO_ALL_MNEMONIC:
- if (pd->load_descriptions)
- pd->policy_apply_all_mnemonic = g_strdup (str);
- break;
-
-
-
- case STATE_IN_DEFAULTS_ALLOW_REMOTE_INACTIVE:
- if (!polkit_result_from_string_representation (str, &pd->defaults_allow_remote_inactive))
- goto error;
- break;
- case STATE_IN_DEFAULTS_ALLOW_REMOTE_ACTIVE:
- if (!polkit_result_from_string_representation (str, &pd->defaults_allow_remote_active))
- goto error;
- break;
- case STATE_IN_DEFAULTS_ALLOW_LOCAL_INACTIVE:
- if (!polkit_result_from_string_representation (str, &pd->defaults_allow_local_inactive))
+ case STATE_IN_DEFAULTS_ALLOW_INACTIVE:
+ if (!polkit_result_from_string_representation (str, &pd->defaults_allow_inactive))
goto error;
break;
- case STATE_IN_DEFAULTS_ALLOW_LOCAL_ACTIVE:
- if (!polkit_result_from_string_representation (str, &pd->defaults_allow_local_active))
+ case STATE_IN_DEFAULTS_ALLOW_ACTIVE:
+ if (!polkit_result_from_string_representation (str, &pd->defaults_allow_active))
goto error;
break;
default:
@@ -282,10 +219,7 @@ error:
extern void _polkit_policy_file_entry_set_descriptions (PolKitPolicyFileEntry *pfe,
const char *group_description,
- const char *group_description_short,
- const char *policy_description,
- const char *policy_missing,
- const char *policy_apply_all_mnemonic);
+ const char *policy_description);
static void
_end (void *data, const char *el)
@@ -307,28 +241,20 @@ _end (void *data, const char *el)
case STATE_IN_GROUP_DESCRIPTION:
state = STATE_IN_GROUP;
break;
- case STATE_IN_GROUP_DESCRIPTION_SHORT:
- state = STATE_IN_GROUP;
- break;
case STATE_IN_POLICY:
{
PolKitPolicyFileEntry *pfe;
pfe = _polkit_policy_file_entry_new (pd->group_id, pd->action_id,
- pd->defaults_allow_remote_inactive,
- pd->defaults_allow_remote_active,
- pd->defaults_allow_local_inactive,
- pd->defaults_allow_local_active);
+ pd->defaults_allow_inactive,
+ pd->defaults_allow_active);
if (pfe == NULL)
goto error;
if (pd->load_descriptions)
_polkit_policy_file_entry_set_descriptions (pfe,
pd->group_description,
- pd->group_description_short,
- pd->policy_description,
- pd->policy_missing,
- pd->policy_apply_all_mnemonic);
+ pd->policy_description);
pd->pf->entries = g_slist_prepend (pd->pf->entries, pfe);
@@ -338,25 +264,13 @@ _end (void *data, const char *el)
case STATE_IN_POLICY_DESCRIPTION:
state = STATE_IN_POLICY;
break;
- case STATE_IN_POLICY_MISSING:
- state = STATE_IN_POLICY;
- break;
- case STATE_IN_POLICY_APPLY_TO_ALL_MNEMONIC:
- state = STATE_IN_POLICY;
- break;
case STATE_IN_DEFAULTS:
state = STATE_IN_POLICY;
break;
- case STATE_IN_DEFAULTS_ALLOW_REMOTE_INACTIVE:
- state = STATE_IN_DEFAULTS;
- break;
- case STATE_IN_DEFAULTS_ALLOW_REMOTE_ACTIVE:
- state = STATE_IN_DEFAULTS;
- break;
- case STATE_IN_DEFAULTS_ALLOW_LOCAL_INACTIVE:
+ case STATE_IN_DEFAULTS_ALLOW_INACTIVE:
state = STATE_IN_DEFAULTS;
break;
- case STATE_IN_DEFAULTS_ALLOW_LOCAL_ACTIVE:
+ case STATE_IN_DEFAULTS_ALLOW_ACTIVE:
state = STATE_IN_DEFAULTS;
break;
default:
@@ -430,10 +344,7 @@ polkit_policy_file_new (const char *path
pd.group_id = NULL;
pd.action_id = NULL;
pd.group_description = NULL;
- pd.group_description_short = NULL;
pd.policy_description = NULL;
- pd.policy_missing = NULL;
- pd.policy_apply_all_mnemonic = NULL;
pd.pf = pf;
pd.load_descriptions = load_descriptions;
@@ -442,10 +353,7 @@ polkit_policy_file_new (const char *path
g_free (pd.group_id);
g_free (pd.action_id);
g_free (pd.group_description);
- g_free (pd.group_description_short);
g_free (pd.policy_description);
- g_free (pd.policy_missing);
- g_free (pd.policy_apply_all_mnemonic);
if (xml_res == 0) {
polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID,
diff --git a/tools/polkit-list-actions.c b/tools/polkit-list-actions.c
index 756c1d8..aab23a0 100644
--- a/tools/polkit-list-actions.c
+++ b/tools/polkit-list-actions.c
@@ -61,39 +61,28 @@ _print_entry (PolKitPolicyCache *policy_
const char *action_id;
const char *group_id;
PolKitPolicyDefault *def;
- PolKitResult default_remote_inactive;
- PolKitResult default_remote_active;
- PolKitResult default_local_inactive;
- PolKitResult default_local_active;
+ PolKitResult default_inactive;
+ PolKitResult default_active;
action_id = polkit_policy_file_entry_get_id (pfe);
group_id = polkit_policy_file_entry_get_group_id (pfe);
def = polkit_policy_file_entry_get_default (pfe);
- default_remote_inactive = polkit_policy_default_get_allow_remote_inactive (def);
- default_remote_active = polkit_policy_default_get_allow_remote_active (def);
- default_local_inactive = polkit_policy_default_get_allow_local_inactive (def);
- default_local_active = polkit_policy_default_get_allow_local_active (def);
+ default_inactive = polkit_policy_default_get_allow_inactive (def);
+ default_active = polkit_policy_default_get_allow_active (def);
printf ("Policy\n"
"------\n"
- "group = %s ('%s') ('%s')\n"
- "action = %s ('%s') ('%s') ('%s')\n"
- "default_remote_inactive = %s\n"
- "default_remote_active = %s\n"
- "default_local_inactive = %s\n"
- "default_local_active = %s\n"
+ "group = %s ('%s')\n"
+ "action = %s ('%s')\n"
+ "default_inactive = %s\n"
+ "default_active = %s\n"
"\n",
group_id,
polkit_policy_file_get_group_description (pfe),
- polkit_policy_file_get_group_description_short (pfe),
action_id,
polkit_policy_file_get_action_description (pfe),
- polkit_policy_file_get_action_missing (pfe),
- polkit_policy_file_get_action_apply_to_all_mnemonic (pfe),
- polkit_result_to_string_representation (default_remote_inactive),
- polkit_result_to_string_representation (default_remote_active),
- polkit_result_to_string_representation (default_local_inactive),
- polkit_result_to_string_representation (default_local_active));
+ polkit_result_to_string_representation (default_inactive),
+ polkit_result_to_string_representation (default_active));
}
int
diff-tree 169c130d4e517371c64d2c2832d323592d38ea7b (from b9cf5bca49a2a1fc68002c2a315d94a3adaed51e)
Author: David Zeuthen <davidz at redhat.com>
Date: Tue Jun 19 15:41:55 2007 -0400
rip out the notion of Resources
It makes things a _lot more_ complicated having to deal with resources
and there's a much nicer way to deal with it: Punt it to the apps:
It's much more natural for the application to have a notion about
about what resources are "trusted" (and e.g. requires lesser
privileges) and what resources aren't.
Consider dial-up networking; here the privileged application that
performs the dial-up operation consults a list (maintained by the
system administrator) of allowed numbers to dial. If the unprivileged
networking UI applet that requests a number to be dialed is on the
list it uses the PolicyKit action 'nm-dialup-trusted-location', if it
isn't then it uses the PolicyKit action 'nm-dialup-untrusted-location'.
diff --git a/doc/api/polkit/polkit-docs.xml b/doc/api/polkit/polkit-docs.xml
index 6ed6222..8358039 100644
--- a/doc/api/polkit/polkit-docs.xml
+++ b/doc/api/polkit/polkit-docs.xml
@@ -73,7 +73,6 @@
<xi:include href="xml/polkit-policy-file-entry.xml"/>
<xi:include href="xml/polkit-policy-default.xml"/>
<xi:include href="xml/polkit-policy-cache.xml"/>
- <xi:include href="xml/polkit-resource.xml"/>
<xi:include href="xml/polkit-seat.xml"/>
<xi:include href="xml/polkit-session.xml"/>
<xi:include href="xml/polkit-caller.xml"/>
diff --git a/modules/Makefile.am b/modules/Makefile.am
index 010ed66..700fa84 100644
--- a/modules/Makefile.am
+++ b/modules/Makefile.am
@@ -1,5 +1,6 @@
-SUBDIRS = default allow-all deny-all run-program grant
+#SUBDIRS = default allow-all deny-all run-program grant
+SUBDIRS = default grant
polkitconfdir = $(sysconfdir)/PolicyKit
dist_polkitconf_DATA = PolicyKit.conf
diff --git a/modules/default/polkit-module-default.c b/modules/default/polkit-module-default.c
index 7b73388..8ef02f8 100644
--- a/modules/default/polkit-module-default.c
+++ b/modules/default/polkit-module-default.c
@@ -47,11 +47,10 @@ _module_shutdown (PolKitModuleInterface
}
static PolKitResult
-_module_can_session_access_resource (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitSession *session)
+_module_can_session_do_action (PolKitModuleInterface *module_interface,
+ PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitSession *session)
{
PolKitResult result;
PolKitPolicyCache *cache;
@@ -60,19 +59,16 @@ _module_can_session_access_resource (Pol
result = POLKIT_RESULT_NO;
cache = polkit_context_get_policy_cache (pk_context);
pfe = polkit_policy_cache_get_entry (cache, action);
- return polkit_policy_default_can_session_access_resource (
- polkit_policy_file_entry_get_default (pfe),
- action,
- resource,
- session);
+ return polkit_policy_default_can_session_do_action (polkit_policy_file_entry_get_default (pfe),
+ action,
+ session);
}
static PolKitResult
-_module_can_caller_access_resource (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitCaller *caller)
+_module_can_caller_do_action (PolKitModuleInterface *module_interface,
+ PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitCaller *caller)
{
PolKitResult result;
PolKitPolicyCache *cache;
@@ -81,11 +77,9 @@ _module_can_caller_access_resource (PolK
result = POLKIT_RESULT_NO;
cache = polkit_context_get_policy_cache (pk_context);
pfe = polkit_policy_cache_get_entry (cache, action);
- return polkit_policy_default_can_caller_access_resource (
- polkit_policy_file_entry_get_default (pfe),
- action,
- resource,
- caller);
+ return polkit_policy_default_can_caller_do_action (polkit_policy_file_entry_get_default (pfe),
+ action,
+ caller);
}
polkit_bool_t
@@ -99,8 +93,8 @@ polkit_module_set_functions (PolKitModul
polkit_module_set_func_initialize (module_interface, _module_init);
polkit_module_set_func_shutdown (module_interface, _module_shutdown);
- polkit_module_set_func_can_session_access_resource (module_interface, _module_can_session_access_resource);
- polkit_module_set_func_can_caller_access_resource (module_interface, _module_can_caller_access_resource);
+ polkit_module_set_func_can_session_do_action (module_interface, _module_can_session_do_action);
+ polkit_module_set_func_can_caller_do_action (module_interface, _module_can_caller_do_action);
ret = TRUE;
out:
diff --git a/modules/grant/Makefile.am b/modules/grant/Makefile.am
index 6306ac5..2cea430 100644
--- a/modules/grant/Makefile.am
+++ b/modules/grant/Makefile.am
@@ -17,7 +17,11 @@ polkitmodule_LTLIBRARIES = \
$(NULL)
-polkit_module_grant_la_SOURCES = polkit-module-grant.c
+polkit_module_grant_la_SOURCES = \
+ $(top_srcdir)/polkit-grant/polkit-grant-database.h $(top_srcdir)/polkit-grant/polkit-grant-database.c \
+ polkit-module-grant.c
+
+
polkit_module_grant_la_LDFLAGS = -no-undefined -module -avoid-version
polkit_module_grant_la_LIBADD = $(top_builddir)/polkit/libpolkit.la @GLIB_LIBS@
diff --git a/modules/grant/polkit-module-grant.c b/modules/grant/polkit-module-grant.c
index d49c5a6..d1c3691 100644
--- a/modules/grant/polkit-module-grant.c
+++ b/modules/grant/polkit-module-grant.c
@@ -51,21 +51,19 @@ _module_shutdown (PolKitModuleInterface
static PolKitResult
-_module_can_session_access_resource (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitSession *session)
+_module_can_session_do_action (PolKitModuleInterface *module_interface,
+ PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitSession *session)
{
return POLKIT_RESULT_UNKNOWN_ACTION;
}
static PolKitResult
-_module_can_caller_access_resource (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitCaller *caller)
+_module_can_caller_do_action (PolKitModuleInterface *module_interface,
+ PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitCaller *caller)
{
char *grant_file;
PolKitSession *session;
@@ -73,6 +71,7 @@ _module_can_caller_access_resource (PolK
result = POLKIT_RESULT_UNKNOWN_ACTION;
+#if 0
/* file format:
*
* file: /var/[lib,run]/PolicyKit/grant/<action-name>.grant
@@ -106,22 +105,30 @@ _module_can_caller_access_resource (PolK
if (!polkit_caller_get_uid (caller, &invoking_user_id))
goto out;
- if (resource == NULL)
- goto out;
- if (!polkit_resource_get_resource_type (resource, &resource_type))
- goto out;
- if (!polkit_resource_get_resource_id (resource, &resource_id))
- goto out;
+ if (resource == NULL) {
+ resource_type = "";
+ resource_id = "";
+ } else {
+ if (!polkit_resource_get_resource_type (resource, &resource_type))
+ goto out;
+ if (!polkit_resource_get_resource_id (resource, &resource_id))
+ goto out;
+ }
session_name = NULL;
if (!polkit_caller_get_ck_session (caller, &session))
goto out;
if (!polkit_caller_get_dbus_name (caller, &dbus_name))
goto out;
- if (!polkit_session_get_ck_objref (session, &session_objpath))
- goto out;
+ if (session == NULL) {
+ session_objpath = NULL;
+ session_name = NULL;
+ } else {
+ if (!polkit_session_get_ck_objref (session, &session_objpath))
+ goto out;
+ session_name = g_basename (session_objpath);
+ }
- session_name = g_basename (session_objpath);
resource_str_to_hash = g_strdup_printf ("%s:%s", resource_type, resource_id);
resource_hash = g_str_hash (resource_str_to_hash);
g_free (resource_str_to_hash);
@@ -142,8 +149,14 @@ _module_can_caller_access_resource (PolK
* dbus_<dbusname>_<uid>_<action>_<resource-hash>.grant
*/
+ if (dbus_name == NULL)
+ dbus_name = "";
+
grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit/dbus_%s_%d_%s_%u.grant",
dbus_name, invoking_user_id, action_name, resource_hash);
+
+ fprintf (stdout, "testing for file '%s'\n", grant_file);
+
if (g_file_test (grant_file, G_FILE_TEST_EXISTS)) {
result = POLKIT_RESULT_YES;
g_free (grant_file);
@@ -151,14 +164,16 @@ _module_can_caller_access_resource (PolK
}
g_free (grant_file);
- grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit/session_%s_%d_%s_%u.grant",
- session_name, invoking_user_id, action_name, resource_hash);
- if (g_file_test (grant_file, G_FILE_TEST_EXISTS)) {
- result = POLKIT_RESULT_YES;
+ if (session_name != NULL) {
+ grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit/session_%s_%d_%s_%u.grant",
+ session_name, invoking_user_id, action_name, resource_hash);
+ if (g_file_test (grant_file, G_FILE_TEST_EXISTS)) {
+ result = POLKIT_RESULT_YES;
+ g_free (grant_file);
+ goto out;
+ }
g_free (grant_file);
- goto out;
}
- g_free (grant_file);
grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit/uid_%d_%s_%u.grant",
invoking_user_id, action_name, resource_hash);
@@ -168,7 +183,7 @@ _module_can_caller_access_resource (PolK
goto out;
}
g_free (grant_file);
-
+#endif
out:
return result;
@@ -185,8 +200,8 @@ polkit_module_set_functions (PolKitModul
polkit_module_set_func_initialize (module_interface, _module_init);
polkit_module_set_func_shutdown (module_interface, _module_shutdown);
- polkit_module_set_func_can_session_access_resource (module_interface, _module_can_session_access_resource);
- polkit_module_set_func_can_caller_access_resource (module_interface, _module_can_caller_access_resource);
+ polkit_module_set_func_can_session_do_action (module_interface, _module_can_session_do_action);
+ polkit_module_set_func_can_caller_do_action (module_interface, _module_can_caller_do_action);
ret = TRUE;
out:
diff --git a/polkit-dbus/polkit-dbus.c b/polkit-dbus/polkit-dbus.c
index 8609aac..d0c00f4 100644
--- a/polkit-dbus/polkit-dbus.c
+++ b/polkit-dbus/polkit-dbus.c
@@ -538,3 +538,134 @@ out:
g_free (ck_session_objpath);
return caller;
}
+
+PolKitCaller *
+polkit_caller_new_from_pid (DBusConnection *con, pid_t pid, DBusError *error)
+{
+ PolKitCaller *caller;
+ uid_t uid;
+ char *selinux_context;
+ char *ck_session_objpath;
+ PolKitSession *session;
+ DBusMessage *message;
+ DBusMessage *reply;
+ DBusMessageIter iter;
+ char *str;
+
+ g_return_val_if_fail (con != NULL, NULL);
+ g_return_val_if_fail (error != NULL, NULL);
+ g_return_val_if_fail (! dbus_error_is_set (error), NULL);
+
+ selinux_context = NULL;
+ ck_session_objpath = NULL;
+
+ caller = NULL;
+ session = NULL;
+
+ /* TODO: Verify that PID exists */
+
+ /* TODO: FIXME */
+ uid = 500;
+
+ /* TODO: FIXME */
+ selinux_context = g_strdup ("user_u:system_r:hald_t");
+
+ message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
+ "/org/freedesktop/ConsoleKit/Manager",
+ "org.freedesktop.ConsoleKit.Manager",
+ "GetSessionForUnixProcess");
+ dbus_message_iter_init_append (message, &iter);
+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_UINT32, &pid);
+ reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
+ if (reply == NULL || dbus_error_is_set (error)) {
+ g_warning ("Error doing GetSessionForUnixProcess on ConsoleKit: %s: %s", error->name, error->message);
+ dbus_message_unref (message);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ /* OK, this is not a catastrophe; just means the caller is not a
+ * member of any session or that ConsoleKit is not available..
+ */
+ goto not_in_session;
+ }
+ dbus_message_iter_init (reply, &iter);
+ dbus_message_iter_get_basic (&iter, &str);
+ ck_session_objpath = g_strdup (str);
+ dbus_message_unref (message);
+ dbus_message_unref (reply);
+
+ session = polkit_session_new_from_objpath (con, ck_session_objpath, uid, error);
+ if (session == NULL) {
+ g_warning ("Got a session objpath but couldn't construct session object!");
+ goto out;
+ }
+ if (!polkit_session_validate (session)) {
+ polkit_session_unref (session);
+ session = NULL;
+ goto out;
+ }
+
+not_in_session:
+
+ caller = polkit_caller_new ();
+ if (caller == NULL) {
+ if (session != NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ }
+ goto out;
+ }
+
+ if (!polkit_caller_set_uid (caller, uid)) {
+ if (session != NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ }
+ polkit_caller_unref (caller);
+ caller = NULL;
+ goto out;
+ }
+ if (!polkit_caller_set_pid (caller, pid)) {
+ if (session != NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ }
+ polkit_caller_unref (caller);
+ caller = NULL;
+ goto out;
+ }
+ if (selinux_context != NULL) {
+ if (!polkit_caller_set_selinux_context (caller, selinux_context)) {
+ if (session != NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ }
+ polkit_caller_unref (caller);
+ caller = NULL;
+ goto out;
+ }
+ }
+ if (session != NULL) {
+ if (!polkit_caller_set_ck_session (caller, session)) {
+ if (session != NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ }
+ polkit_caller_unref (caller);
+ caller = NULL;
+ goto out;
+ }
+ polkit_session_unref (session); /* caller object now own this object */
+ session = NULL;
+ }
+
+ if (!polkit_caller_validate (caller)) {
+ polkit_caller_unref (caller);
+ caller = NULL;
+ goto out;
+ }
+
+out:
+ g_free (selinux_context);
+ g_free (ck_session_objpath);
+ return caller;
+}
diff --git a/polkit-dbus/polkit-dbus.h b/polkit-dbus/polkit-dbus.h
index 39c00cb..b39e091 100644
--- a/polkit-dbus/polkit-dbus.h
+++ b/polkit-dbus/polkit-dbus.h
@@ -35,6 +35,8 @@ PolKitSession *polkit_session_new_from_c
PolKitCaller *polkit_caller_new_from_dbus_name (DBusConnection *con, const char *dbus_name, DBusError *error);
+PolKitCaller *polkit_caller_new_from_pid (DBusConnection *con, pid_t pid, DBusError *error);
+
#endif /* POLKIT_DBUS_H */
diff --git a/polkit-grant/Makefile.am b/polkit-grant/Makefile.am
index 17f07e5..d8a39d7 100644
--- a/polkit-grant/Makefile.am
+++ b/polkit-grant/Makefile.am
@@ -20,6 +20,7 @@ libpolkit_grantinclude_HEADERS =
polkit-grant.h
libpolkit_grant_la_SOURCES = \
+ polkit-grant-database.h polkit-grant-database.c \
polkit-grant.h polkit-grant.c
libpolkit_grant_la_LIBADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/polkit/libpolkit.la
diff --git a/polkit-grant/polkit-grant-helper.c b/polkit-grant/polkit-grant-helper.c
index 8b90107..7cbe07f 100644
--- a/polkit-grant/polkit-grant-helper.c
+++ b/polkit-grant/polkit-grant-helper.c
@@ -41,6 +41,8 @@
#include <polkit-dbus/polkit-dbus.h>
+#include "polkit-grant-database.h"
+
static int
conversation_function (int n,
const struct pam_message **msg,
@@ -146,12 +148,16 @@ do_auth (const char *user_to_auth)
goto error;
}
+#if 0
+ /* Hmm, this fails; TODO: investigate */
+
/* permitted access? */
rc = pam_acct_mgmt (pam_h, 0);
if (rc != PAM_SUCCESS) {
fprintf (stderr, "pam_acct_mgmt failed: %s\n", pam_strerror (pam_h, rc));
goto error;
}
+#endif
/* did we auth the right user? */
rc = pam_get_item (pam_h, PAM_USER, &authed_user);
@@ -174,9 +180,8 @@ error:
static polkit_bool_t
verify_with_polkit (const char *dbus_name,
+ pid_t caller_pid,
const char *action_name,
- const char *resource_type,
- const char *resource_name,
PolKitResult *result,
char **out_session_objpath)
{
@@ -187,7 +192,6 @@ verify_with_polkit (const char *dbus_nam
DBusError error;
PolKitContext *pol_ctx;
PolKitAction *action;
- PolKitResource *resource;
dbus_error_init (&error);
bus = dbus_bus_get (DBUS_BUS_SYSTEM, &error);
@@ -200,18 +204,18 @@ verify_with_polkit (const char *dbus_nam
action = polkit_action_new ();
polkit_action_set_action_id (action, action_name);
- if (resource_type != NULL && resource_name != NULL) {
- resource = polkit_resource_new ();
- polkit_resource_set_resource_type (resource, resource_type);
- polkit_resource_set_resource_id (resource, resource_name);
+ if (dbus_name != NULL && strlen (dbus_name) > 0) {
+ caller = polkit_caller_new_from_dbus_name (bus, dbus_name, &error);
+ if (caller == NULL) {
+ fprintf (stderr, "cannot get caller from dbus name\n");
+ goto out;
+ }
} else {
- resource = NULL;
- }
-
- caller = polkit_caller_new_from_dbus_name (bus, dbus_name, &error);
- if (caller == NULL) {
- fprintf (stderr, "cannot get caller from dbus name\n");
- goto out;
+ caller = polkit_caller_new_from_pid (bus, caller_pid, &error);
+ if (caller == NULL) {
+ fprintf (stderr, "cannot get caller from pid\n");
+ goto out;
+ }
}
if (!polkit_caller_get_ck_session (caller, &session)) {
@@ -234,7 +238,7 @@ verify_with_polkit (const char *dbus_nam
goto out;
}
- *result = polkit_context_can_caller_access_resource (pol_ctx, action, resource, caller);
+ *result = polkit_context_can_caller_do_action (pol_ctx, action, caller);
if (*result != POLKIT_RESULT_ONLY_VIA_ROOT_AUTH &&
*result != POLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_SESSION &&
@@ -242,7 +246,8 @@ verify_with_polkit (const char *dbus_nam
*result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH &&
*result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION &&
*result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS) {
- fprintf (stderr, "given auth type is bogus\n");
+ fprintf (stderr, "given auth type (%d -> %s) is bogus\n",
+ *result, polkit_result_to_string_representation (*result));
goto out;
}
@@ -329,12 +334,11 @@ error:
return FALSE;
}
-/* synopsis: /usr/libexec/polkit-grant-helper <auth-type> <dbus-name> <action-name> <resource-type> <resource-name>
+/* synopsis: polkit-grant-helper <auth-type> <dbus-name> <pid> <action-name>
*
- * <dbus-name> : unique name of caller on the system message bus to grant privilege to
+ * <dbus-name> : unique name of caller on the system message bus to grant privilege to (may be blank)
+ * <pid> : process id of caller to grant privilege to
* <action-name> : the PolicyKit action
- * <resource-type> : resource-type
- * <resource-name> : resource-name
*
* PAM interaction happens via stdin/stdout.
*
@@ -349,11 +353,10 @@ main (int argc, char *argv[])
{
int ret;
uid_t invoking_user_id;
+ pid_t caller_pid;
const char *invoking_user_name;
const char *dbus_name;
const char *action_name;
- const char *resource_type;
- const char *resource_name;
PolKitResult result;
const char *user_to_auth;
char *session_objpath;
@@ -363,7 +366,7 @@ main (int argc, char *argv[])
ret = 3;
- if (argc != 5) {
+ if (argc != 4) {
fprintf (stderr, "wrong use\n");
goto out;
}
@@ -408,14 +411,12 @@ main (int argc, char *argv[])
setenv ("PATH", "/bin:/usr/bin", 1);
dbus_name = argv[1];
- action_name = argv[2];
- resource_type = argv[3];
- resource_name = argv[4];
+ caller_pid = atoi(argv[2]); /* TODO: use safer function? */
+ action_name = argv[3];
fprintf (stderr, "dbus_name = %s\n", dbus_name);
+ fprintf (stderr, "caller_pid = %d\n", caller_pid);
fprintf (stderr, "action_name = %s\n", action_name);
- fprintf (stderr, "resource_type = %s\n", resource_type);
- fprintf (stderr, "resource_name = %s\n", resource_name);
ret = 2;
@@ -423,7 +424,7 @@ main (int argc, char *argv[])
*
* verify that the given thing to auth for really supports grant by auth in the requested way
*/
- if (!verify_with_polkit (dbus_name, action_name, resource_type, resource_name, &result, &session_objpath))
+ if (!verify_with_polkit (dbus_name, caller_pid, action_name, &result, &session_objpath))
goto out;
/* tell user about the grant details; e.g. whether it's auth_self_keep_always or auth_self etc. */
@@ -439,6 +440,8 @@ main (int argc, char *argv[])
user_to_auth = invoking_user_name;
}
+ ret = 1;
+
/* OK, start auth! */
if (!do_auth (user_to_auth))
goto out;
@@ -452,9 +455,14 @@ main (int argc, char *argv[])
polkit_result_to_string_representation (result));
fflush (stdout);
- if (!get_and_validate_override_details (&result))
+ if (!get_and_validate_override_details (&result)) {
+ /* if this fails it means bogus input from user */
+ ret = 2;
goto out;
+ }
+ fprintf (stderr, "OK; TODO: write to database\n");
+#if 0
/* TODO: FIXME: XXX: this format of storing granted privileges needs be redone
*
* this concerns these two files
@@ -507,8 +515,10 @@ main (int argc, char *argv[])
fprintf (stderr, "file is '%s'\n", grant_file);
FILE *f = fopen (grant_file, "w");
fclose (f);
+#endif
ret = 0;
out:
+ fprintf (stderr, "exiting with code %d\n", ret);
return ret;
}
diff --git a/polkit-grant/polkit-grant.c b/polkit-grant/polkit-grant.c
index d73a0aa..fcd2511 100644
--- a/polkit-grant/polkit-grant.c
+++ b/polkit-grant/polkit-grant.c
@@ -370,14 +370,12 @@ polkit_grant_cancel_auth (PolKitGrant *p
* polkit_grant_initiate_auth:
* @polkit_grant: the object
* @action: Action requested by caller
- * @resource: Resource in question
* @caller: Caller in question
*
* Initiate authentication to obtain the privilege for the given
- * @caller to perform the specified @action on the given
- * @resource. The caller of this method must have setup callback
- * functions using the method polkit_grant_set_functions() prior to
- * calling this method.
+ * @caller to perform the specified @action. The caller of this method
+ * must have setup callback functions using the method
+ * polkit_grant_set_functions() prior to calling this method.
*
* Implementation-wise, this class uses a secure (e.g. as in that it
* checks all information and fundamenally don't trust the caller;
@@ -390,43 +388,40 @@ polkit_grant_cancel_auth (PolKitGrant *p
* Returns: #TRUE only if authentication have been initiated.
**/
polkit_bool_t
-polkit_grant_initiate_auth (PolKitGrant *polkit_grant,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitCaller *caller)
+polkit_grant_initiate_auth (PolKitGrant *polkit_grant,
+ PolKitAction *action,
+ PolKitCaller *caller)
{
+ pid_t pid;
char *dbus_name;
char *action_id;
- char *resource_type;
- char *resource_id;
GError *g_error;
- const char *helper_argv[6];
+ char *helper_argv[5];
g_return_val_if_fail (polkit_grant != NULL, FALSE);
/* check that callback functions have been properly set up */
g_return_val_if_fail (polkit_grant->func_done != NULL, FALSE);
- if (!polkit_caller_get_dbus_name (caller, &dbus_name))
- goto error;
-
- if (!polkit_action_get_action_id (action, &action_id))
+ if (!polkit_caller_get_pid (caller, &pid))
goto error;
- if (!polkit_resource_get_resource_type (resource, &resource_type))
+ if (!polkit_caller_get_dbus_name (caller, &dbus_name))
goto error;
- if (!polkit_resource_get_resource_id (resource, &resource_id))
+ if (!polkit_action_get_action_id (action, &action_id))
goto error;
/* TODO: verify incoming args */
- //helper_argv[0] = "/home/davidz/Hacking/PolicyKit/polkit-grant/.libs/polkit-grant-helper";
- helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-grant-helper";
- helper_argv[1] = dbus_name;
- helper_argv[2] = action_id;
- helper_argv[3] = resource_type;
- helper_argv[4] = resource_id;
- helper_argv[5] = NULL;
+ helper_argv[0] = "/home/davidz/Hacking/PolicyKit/polkit-grant/.libs/polkit-grant-helper";
+ // TODO FIXME: helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-grant-helper";
+ if (dbus_name == NULL)
+ helper_argv[1] = "";
+ else
+ helper_argv[1] = dbus_name;
+ helper_argv[2] = g_strdup_printf ("%d", pid);
+ helper_argv[3] = action_id;
+ helper_argv[4] = NULL;
polkit_grant->child_stdin = -1;
polkit_grant->child_stdout = -1;
@@ -446,8 +441,10 @@ polkit_grant_initiate_auth (PolKitGrant
&g_error)) {
fprintf (stderr, "Cannot spawn helper: %s.\n", g_error->message);
g_error_free (g_error);
+ g_free (helper_argv[2]);
goto error;
}
+ g_free (helper_argv[2]);
polkit_grant->child_watch_id = polkit_grant->func_add_child_watch (polkit_grant, polkit_grant->child_pid);
if (polkit_grant->child_watch_id == 0)
diff --git a/polkit-grant/polkit-grant.h b/polkit-grant/polkit-grant.h
index cc04d42..63c6e79 100644
--- a/polkit-grant/polkit-grant.h
+++ b/polkit-grant/polkit-grant.h
@@ -330,9 +330,9 @@ void polkit_grant_set_functions
PolKitGrantOverrideGrantType func_override_grant_type,
PolKitGrantDone func_done,
void *user_data);
-polkit_bool_t polkit_grant_initiate_auth (PolKitGrant *polkit_grant,
+
+polkit_bool_t polkit_grant_initiate_auth (PolKitGrant *polkit_grant,
PolKitAction *action,
- PolKitResource *resource,
PolKitCaller *caller);
void polkit_grant_cancel_auth (PolKitGrant *polkit_grant);
diff --git a/polkit/Makefile.am b/polkit/Makefile.am
index 5313952..c3968b4 100644
--- a/polkit/Makefile.am
+++ b/polkit/Makefile.am
@@ -24,7 +24,6 @@ libpolkitinclude_HEADERS =
polkit-result.h \
polkit-context.h \
polkit-action.h \
- polkit-resource.h \
polkit-seat.h \
polkit-session.h \
polkit-caller.h \
@@ -41,7 +40,6 @@ libpolkit_la_SOURCES =
polkit-result.h polkit-result.c \
polkit-context.h polkit-context.c \
polkit-action.h polkit-action.c \
- polkit-resource.h polkit-resource.c \
polkit-seat.h polkit-seat.c \
polkit-session.h polkit-session.c \
polkit-caller.h polkit-caller.c \
diff --git a/polkit/polkit-caller.c b/polkit/polkit-caller.c
index e096d0b..b690445 100644
--- a/polkit/polkit-caller.c
+++ b/polkit/polkit-caller.c
@@ -339,7 +339,5 @@ polkit_caller_validate (PolKitCaller *ca
{
g_return_val_if_fail (caller != NULL, FALSE);
g_return_val_if_fail (caller->pid > 0, FALSE);
- g_return_val_if_fail (caller->dbus_name != NULL, FALSE);
- /* NOTE TODO FIXME: remove need to have a dbus name set */
return TRUE;
}
diff --git a/polkit/polkit-context.c b/polkit/polkit-context.c
index 0e17aa2..a63d9c9 100644
--- a/polkit/polkit-context.c
+++ b/polkit/polkit-context.c
@@ -464,78 +464,22 @@ polkit_context_get_policy_cache (PolKitC
return pk_context->priv_cache;
}
-
-/**
- * polkit_context_get_seat_resource_association:
- * @pk_context: the PolicyKit context
- * @visitor: visitor function
- * @user_data: user data
- *
- * Retrieve information about what resources are associated to what
- * seats. Note that a resource may be associated to more than one
- * seat. This information stems from user configuration and consumers
- * of this information that know better (e.g. HAL) may choose to
- * override it.
- *
- * Typically, this information is used to e.g. bootstrap the system
- * insofar that it can be used to start login greeters on the given
- * video hardware (e.g. resources) on the given user-configured seats.
- *
- * If a resource is not associated with any seat, it is assumed to be
- * available to any local seat.
- *
- * Returns: A #PolKitResult - can only be one of
- * #POLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW or
- * #POLKIT_RESULT_YES (if the callback was invoked)
- */
-PolKitResult
-polkit_context_get_seat_resource_association (PolKitContext *pk_context,
- PolKitSeatVisitorCB visitor,
- void *user_data)
-{
- return POLKIT_RESULT_YES;
-}
-
/**
- * polkit_context_is_resource_associated_with_seat:
- * @pk_context: the PolicyKit context
- * @resource: the resource in question
- * @seat: the seat
- *
- * Determine if a given resource is associated with a given seat. The
- * same comments noted in polkit_get_seat_resource_association() about the
- * source purely being user configuration applies here as well.
- *
- * Returns: A #PolKitResult - can only be one of
- * #POLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW,
- * #POLKIT_RESULT_YES, #POLKIT_RESULT_NO.
- */
-PolKitResult
-polkit_context_is_resource_associated_with_seat (PolKitContext *pk_context,
- PolKitResource *resource,
- PolKitSeat *seat)
-{
- return POLKIT_RESULT_NO;
-}
-
-/**
- * polkit_context_can_session_access_resource:
+ * polkit_context_can_session_do_action:
* @pk_context: the PolicyKit context
* @action: the type of access to check for
- * @resource: the resource in question or #NULL to test for all resources
* @session: the session in question
*
- * Determine if a given session can access a given resource in a given way.
+ * Determine if a given session can do a given action.
*
* Returns: A #PolKitResult - can only be one of
* #POLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW,
* #POLKIT_RESULT_YES, #POLKIT_RESULT_NO.
*/
PolKitResult
-polkit_context_can_session_access_resource (PolKitContext *pk_context,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitSession *session)
+polkit_context_can_session_do_action (PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitSession *session)
{
PolKitPolicyCache *cache;
PolKitPolicyFileEntry *pfe;
@@ -546,17 +490,12 @@ polkit_context_can_session_access_resour
current_result = POLKIT_RESULT_NO;
g_return_val_if_fail (pk_context != NULL, current_result);
- /* resource may actually by NULL */
if (action == NULL || session == NULL)
goto out;
-
/* now validate the incoming objects */
if (!polkit_action_validate (action))
goto out;
- if (resource == NULL)
- if (!polkit_resource_validate (resource))
- goto out;
if (!polkit_session_validate (session))
goto out;
@@ -564,10 +503,8 @@ polkit_context_can_session_access_resour
if (cache == NULL)
goto out;
- _pk_debug ("entering polkit_can_session_access_resource()");
+ _pk_debug ("entering polkit_can_session_do_action()");
polkit_action_debug (action);
- if (resource != NULL)
- polkit_resource_debug (resource);
polkit_session_debug (session);
pfe = polkit_policy_cache_get_entry (cache, action);
@@ -590,9 +527,9 @@ polkit_context_can_session_access_resour
/* visit modules */
for (i = pk_context->modules; i != NULL; i = g_slist_next (i)) {
PolKitModuleInterface *module_interface = i->data;
- PolKitModuleCanSessionAccessResource func;
+ PolKitModuleCanSessionDoAction func;
- func = polkit_module_get_func_can_session_access_resource (module_interface);
+ func = polkit_module_get_func_can_session_do_action (module_interface);
if (func != NULL) {
PolKitModuleControl module_control;
PolKitResult module_result;
@@ -605,7 +542,6 @@ polkit_context_can_session_access_resour
module_interface,
pk_context,
action,
- resource,
session)) {
/* module is confined by built-in options */
module_result = POLKIT_RESULT_UNKNOWN_ACTION;
@@ -615,7 +551,6 @@ polkit_context_can_session_access_resour
module_result = func (module_interface,
pk_context,
action,
- resource,
session);
}
@@ -657,22 +592,20 @@ out:
}
/**
- * polkit_context_can_caller_access_resource:
+ * polkit_context_can_caller_do_action:
* @pk_context: the PolicyKit context
* @action: the type of access to check for
- * @resource: the resource in question or #NULL to test for all resources
- * @caller: the resource in question
+ * @caller: the caller in question
*
- * Determine if a given caller can access a given resource in a given way.
+ * Determine if a given caller can do a given action.
*
* Returns: A #PolKitResult specifying if, and how, the caller can
- * access the resource in the given way
+ * do a specific action
*/
PolKitResult
-polkit_context_can_caller_access_resource (PolKitContext *pk_context,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitCaller *caller)
+polkit_context_can_caller_do_action (PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitCaller *caller)
{
PolKitPolicyCache *cache;
PolKitPolicyFileEntry *pfe;
@@ -683,7 +616,6 @@ polkit_context_can_caller_access_resourc
current_result = POLKIT_RESULT_NO;
g_return_val_if_fail (pk_context != NULL, current_result);
- /* resource may actually by NULL */
if (action == NULL || caller == NULL)
goto out;
@@ -694,16 +626,11 @@ polkit_context_can_caller_access_resourc
/* now validate the incoming objects */
if (!polkit_action_validate (action))
goto out;
- if (resource == NULL)
- if (!polkit_resource_validate (resource))
- goto out;
if (!polkit_caller_validate (caller))
goto out;
- _pk_debug ("entering polkit_can_caller_access_resource()");
+ _pk_debug ("entering polkit_can_caller_do_action()");
polkit_action_debug (action);
- if (resource != NULL)
- polkit_resource_debug (resource);
polkit_caller_debug (caller);
pfe = polkit_policy_cache_get_entry (cache, action);
@@ -726,9 +653,9 @@ polkit_context_can_caller_access_resourc
/* visit modules */
for (i = pk_context->modules; i != NULL; i = g_slist_next (i)) {
PolKitModuleInterface *module_interface = i->data;
- PolKitModuleCanCallerAccessResource func;
+ PolKitModuleCanCallerDoAction func;
- func = polkit_module_get_func_can_caller_access_resource (module_interface);
+ func = polkit_module_get_func_can_caller_do_action (module_interface);
if (func != NULL) {
PolKitModuleControl module_control;
PolKitResult module_result;
@@ -741,7 +668,6 @@ polkit_context_can_caller_access_resourc
module_interface,
pk_context,
action,
- resource,
caller)) {
/* module is confined by built-in options */
module_result = POLKIT_RESULT_UNKNOWN_ACTION;
@@ -751,7 +677,6 @@ polkit_context_can_caller_access_resourc
module_result = func (module_interface,
pk_context,
action,
- resource,
caller);
}
diff --git a/polkit/polkit-context.h b/polkit/polkit-context.h
index 13d53bf..0261338 100644
--- a/polkit/polkit-context.h
+++ b/polkit/polkit-context.h
@@ -35,7 +35,6 @@
#include <polkit/polkit-result.h>
#include <polkit/polkit-context.h>
#include <polkit/polkit-action.h>
-#include <polkit/polkit-resource.h>
#include <polkit/polkit-seat.h>
#include <polkit/polkit-session.h>
#include <polkit/polkit-caller.h>
@@ -148,39 +147,15 @@ void polkit_context_unref
PolKitPolicyCache *polkit_context_get_policy_cache (PolKitContext *pk_context);
-/**
- * PolKitSeatVisitorCB:
- * @seat: the seat
- * @resources_associated_with_seat: A NULL terminated array of resources associated with the seat
- * @user_data: user data
- *
- * Visitor function for polkit_get_seat_resource_association(). The caller should _not_ unref the passed objects.
- */
-typedef void (*PolKitSeatVisitorCB) (PolKitSeat *seat,
- PolKitResource **resources_associated_with_seat,
- void *user_data);
-
-PolKitResult
-polkit_context_get_seat_resource_association (PolKitContext *pk_context,
- PolKitSeatVisitorCB visitor,
- void *user_data);
-
-PolKitResult
-polkit_context_is_resource_associated_with_seat (PolKitContext *pk_context,
- PolKitResource *resource,
- PolKitSeat *seat);
-
PolKitResult
-polkit_context_can_session_access_resource (PolKitContext *pk_context,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitSession *session);
+polkit_context_can_session_do_action (PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitSession *session);
PolKitResult
-polkit_context_can_caller_access_resource (PolKitContext *pk_context,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitCaller *caller);
+polkit_context_can_caller_do_action (PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitCaller *caller);
#endif /* POLKIT_CONTEXT_H */
diff --git a/polkit/polkit-module.c b/polkit/polkit-module.c
index aab1fc4..833cc22 100644
--- a/polkit/polkit-module.c
+++ b/polkit/polkit-module.c
@@ -59,10 +59,8 @@ struct PolKitModuleInterface
PolKitModuleInitialize func_initialize;
PolKitModuleShutdown func_shutdown;
- PolKitModuleGetSeatResourceAssociation func_get_seat_resource_association;
- PolKitModuleIsResourceAssociatedWithSeat func_is_resource_associated_with_seat;
- PolKitModuleCanSessionAccessResource func_can_session_access_resource;
- PolKitModuleCanCallerAccessResource func_can_caller_access_resource;
+ PolKitModuleCanSessionDoAction func_can_session_do_action;
+ PolKitModuleCanCallerDoAction func_can_caller_do_action;
polkit_bool_t builtin_have_action_regex;
regex_t builtin_action_regex_compiled;
@@ -348,67 +346,38 @@ polkit_module_set_func_initialize (PolKi
**/
void
polkit_module_set_func_shutdown (PolKitModuleInterface *module_interface,
- PolKitModuleShutdown func)
+ PolKitModuleShutdown func)
{
g_return_if_fail (module_interface != NULL);
module_interface->func_shutdown = func;
}
/**
- * polkit_module_set_func_get_seat_resource_association:
+ * polkit_module_set_func_can_session_do_action:
* @module_interface: the module interface
* @func: the function pointer
*
* Set the function pointer.
**/
-void
-polkit_module_set_func_get_seat_resource_association (PolKitModuleInterface *module_interface,
- PolKitModuleGetSeatResourceAssociation func)
-{
- g_return_if_fail (module_interface != NULL);
- module_interface->func_get_seat_resource_association = func;
-}
-
-/**
- * polkit_module_set_func_is_resource_associated_with_seat:
- * @module_interface: the module interface
- * @func: the function pointer
- *
- * Set the function pointer.
- **/
-void polkit_module_set_func_is_resource_associated_with_seat (PolKitModuleInterface *module_interface,
- PolKitModuleIsResourceAssociatedWithSeat func)
+void polkit_module_set_func_can_session_do_action (PolKitModuleInterface *module_interface,
+ PolKitModuleCanSessionDoAction func)
{
g_return_if_fail (module_interface != NULL);
- module_interface->func_is_resource_associated_with_seat = func;
+ module_interface->func_can_session_do_action = func;
}
/**
- * polkit_module_set_func_can_session_access_resource:
+ * polkit_module_set_func_can_caller_do_action:
* @module_interface: the module interface
* @func: the function pointer
*
* Set the function pointer.
**/
-void polkit_module_set_func_can_session_access_resource (PolKitModuleInterface *module_interface,
- PolKitModuleCanSessionAccessResource func)
+void polkit_module_set_func_can_caller_do_action (PolKitModuleInterface *module_interface,
+ PolKitModuleCanCallerDoAction func)
{
g_return_if_fail (module_interface != NULL);
- module_interface->func_can_session_access_resource = func;
-}
-
-/**
- * polkit_module_set_func_can_caller_access_resource:
- * @module_interface: the module interface
- * @func: the function pointer
- *
- * Set the function pointer.
- **/
-void polkit_module_set_func_can_caller_access_resource (PolKitModuleInterface *module_interface,
- PolKitModuleCanCallerAccessResource func)
-{
- g_return_if_fail (module_interface != NULL);
- module_interface->func_can_caller_access_resource = func;
+ module_interface->func_can_caller_do_action = func;
}
/**
@@ -442,63 +411,33 @@ polkit_module_get_func_shutdown (PolKitM
}
/**
- * polkit_module_get_func_get_seat_resource_association:
- * @module_interface: the module interface
- *
- * Get the function pointer.
- *
- * Returns: Function pointer or #NULL if it's unavailable or an error occured
- **/
-PolKitModuleGetSeatResourceAssociation
-polkit_module_get_func_get_seat_resource_association (PolKitModuleInterface *module_interface)
-{
- g_return_val_if_fail (module_interface != NULL, NULL);
- return module_interface->func_get_seat_resource_association;
-}
-
-/**
- * polkit_module_get_func_is_resource_associated_with_seat:
- * @module_interface: the module interface
- *
- * Get the function pointer.
- *
- * Returns: Function pointer or #NULL if it's unavailable or an error occured
- **/
-PolKitModuleIsResourceAssociatedWithSeat
-polkit_module_get_func_is_resource_associated_with_seat (PolKitModuleInterface *module_interface)
-{
- g_return_val_if_fail (module_interface != NULL, NULL);
- return module_interface->func_is_resource_associated_with_seat;
-}
-
-/**
- * polkit_module_get_func_can_session_access_resource:
+ * polkit_module_get_func_can_session_do_action:
* @module_interface: the module interface
*
* Get the function pointer.
*
* Returns: Function pointer or #NULL if it's unavailable or an error occured
**/
-PolKitModuleCanSessionAccessResource
-polkit_module_get_func_can_session_access_resource (PolKitModuleInterface *module_interface)
+PolKitModuleCanSessionDoAction
+polkit_module_get_func_can_session_do_action (PolKitModuleInterface *module_interface)
{
g_return_val_if_fail (module_interface != NULL, NULL);
- return module_interface->func_can_session_access_resource;
+ return module_interface->func_can_session_do_action;
}
/**
- * polkit_module_get_func_can_caller_access_resource:
+ * polkit_module_get_func_can_caller_do_action:
* @module_interface: the module interface
*
* Get the function pointer.
*
* Returns: Function pointer or #NULL if it's unavailable or an error occured
**/
-PolKitModuleCanCallerAccessResource
-polkit_module_get_func_can_caller_access_resource (PolKitModuleInterface *module_interface)
+PolKitModuleCanCallerDoAction
+polkit_module_get_func_can_caller_do_action (PolKitModuleInterface *module_interface)
{
g_return_val_if_fail (module_interface != NULL, NULL);
- return module_interface->func_can_caller_access_resource;
+ return module_interface->func_can_caller_do_action;
}
@@ -680,7 +619,6 @@ _check_users_for_caller (PolKitModuleInt
* @module_interface: the given module
* @pk_context: the PolicyKit context
* @action: the type of access to check for
- * @resource: the resource in question
* @session: the session in question
*
* Check whether some of the built-in module options (e.g. action="hal-storage-*",
@@ -690,10 +628,9 @@ _check_users_for_caller (PolKitModuleInt
**/
polkit_bool_t
polkit_module_interface_check_builtin_confinement_for_session (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitSession *session)
+ PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitSession *session)
{
polkit_bool_t ret;
ret = TRUE;
@@ -716,8 +653,7 @@ out:
* @module_interface: the given module
* @pk_context: the PolicyKit context
* @action: the type of access to check for
- * @resource: the resource in question
- * @caller: the resource in question
+ * @caller: the caller in question
*
* Check whether some of the built-in module options (e.g. action="hal-storage-*",
* user=davidz) confines the given module, e.g. whether it should be skipped.
@@ -726,10 +662,9 @@ out:
**/
polkit_bool_t
polkit_module_interface_check_builtin_confinement_for_caller (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitCaller *caller)
+ PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitCaller *caller)
{
polkit_bool_t ret;
ret = TRUE;
diff --git a/polkit/polkit-module.h b/polkit/polkit-module.h
index 3e6fed7..02dd9ca 100644
--- a/polkit/polkit-module.h
+++ b/polkit/polkit-module.h
@@ -59,72 +59,36 @@ typedef polkit_bool_t (*PolKitModule
typedef void (*PolKitModuleShutdown) (PolKitModuleInterface *module_interface);
/**
- * PolKitModuleGetSeatResourceAssociation:
- * @module_interface: the module interface
- * @pk_context: the PolicyKit context
- * @visitor: visitor function
- * @user_data: user data
- *
- * Type of PolicyKit module function to implement polkit_get_seat_resource_association().
- *
- * Returns: the #PolKitResult
- **/
-typedef PolKitResult (*PolKitModuleGetSeatResourceAssociation) (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitSeatVisitorCB visitor,
- void *user_data);
-
-/**
- * PolKitModuleIsResourceAssociatedWithSeat:
- * @module_interface: the module interface
- * @pk_context: the PolicyKit context
- * @resource: the resource in question
- * @seat: the seat
- *
- * Type of PolicyKit module function to implement polkit_is_resource_associated_with_seat().
- *
- * Returns: the #PolKitResult
- **/
-typedef PolKitResult (*PolKitModuleIsResourceAssociatedWithSeat) (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitResource *resource,
- PolKitSeat *seat);
-
-/**
- * PolKitModuleCanSessionAccessResource:
+ * PolKitModuleCanSessionAccessDoAction:
* @module_interface: the module interface
* @pk_context: the PolicyKit context
* @action: the type of access to check for
- * @resource: the resource in question
* @session: the session in question
*
- * Type of PolicyKit module function to implement polkit_can_session_access_resource().
+ * Type of PolicyKit module function to implement polkit_can_session_access_do_action().
*
* Returns: the #PolKitResult
**/
-typedef PolKitResult (*PolKitModuleCanSessionAccessResource) (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitSession *session);
+typedef PolKitResult (*PolKitModuleCanSessionDoAction) (PolKitModuleInterface *module_interface,
+ PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitSession *session);
/**
- * PolKitModuleCanCallerAccessResource:
+ * PolKitModuleCanCallerAccessDoAction:
* @module_interface: the module interface
* @pk_context: the PolicyKit context
* @action: the type of access to check for
- * @resource: the resource in question
- * @caller: the resource in question
+ * @caller: the caller in question
*
- * Type of PolicyKit module function to implement polkit_can_caller_access_resource().
+ * Type of PolicyKit module function to implement polkit_can_caller_do_action().
*
* Returns: the #PolKitResult
**/
-typedef PolKitResult (*PolKitModuleCanCallerAccessResource) (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitCaller *caller);
+typedef PolKitResult (*PolKitModuleCanCallerDoAction) (PolKitModuleInterface *module_interface,
+ PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitCaller *caller);
PolKitModuleInterface *polkit_module_interface_new (void);
PolKitModuleInterface *polkit_module_interface_ref (PolKitModuleInterface *module_interface);
@@ -134,25 +98,19 @@ const char *polkit_module_get
void polkit_module_set_user_data (PolKitModuleInterface *module_interface, void *user_data);
void *polkit_module_get_user_data (PolKitModuleInterface *module_interface);
-void polkit_module_set_func_initialize (PolKitModuleInterface *module_interface,
- PolKitModuleInitialize func);
-void polkit_module_set_func_shutdown (PolKitModuleInterface *module_interface,
- PolKitModuleShutdown func);
-void polkit_module_set_func_get_seat_resource_association (PolKitModuleInterface *module_interface,
- PolKitModuleGetSeatResourceAssociation func);
-void polkit_module_set_func_is_resource_associated_with_seat (PolKitModuleInterface *module_interface,
- PolKitModuleIsResourceAssociatedWithSeat func);
-void polkit_module_set_func_can_session_access_resource (PolKitModuleInterface *module_interface,
- PolKitModuleCanSessionAccessResource func);
-void polkit_module_set_func_can_caller_access_resource (PolKitModuleInterface *module_interface,
- PolKitModuleCanCallerAccessResource func);
+void polkit_module_set_func_initialize (PolKitModuleInterface *module_interface,
+ PolKitModuleInitialize func);
+void polkit_module_set_func_shutdown (PolKitModuleInterface *module_interface,
+ PolKitModuleShutdown func);
+void polkit_module_set_func_can_session_do_action (PolKitModuleInterface *module_interface,
+ PolKitModuleCanSessionDoAction func);
+void polkit_module_set_func_can_caller_do_action (PolKitModuleInterface *module_interface,
+ PolKitModuleCanCallerDoAction func);
PolKitModuleInitialize polkit_module_get_func_initialize (PolKitModuleInterface *module_interface);
PolKitModuleShutdown polkit_module_get_func_shutdown (PolKitModuleInterface *module_interface);
-PolKitModuleGetSeatResourceAssociation polkit_module_get_func_get_seat_resource_association (PolKitModuleInterface *module_interface);
-PolKitModuleIsResourceAssociatedWithSeat polkit_module_get_func_is_resource_associated_with_seat (PolKitModuleInterface *module_interface);
-PolKitModuleCanSessionAccessResource polkit_module_get_func_can_session_access_resource (PolKitModuleInterface *module_interface);
-PolKitModuleCanCallerAccessResource polkit_module_get_func_can_caller_access_resource (PolKitModuleInterface *module_interface);
+PolKitModuleCanSessionDoAction polkit_module_get_func_can_session_do_action (PolKitModuleInterface *module_interface);
+PolKitModuleCanCallerDoAction polkit_module_get_func_can_caller_do_action (PolKitModuleInterface *module_interface);
/**
* PolKitModuleControl:
@@ -193,15 +151,13 @@ PolKitModuleControl polkit_module_interf
polkit_bool_t
polkit_module_interface_check_builtin_confinement_for_session (PolKitModuleInterface *module_interface,
PolKitContext *pk_context,
- PolKitAction *action,
- PolKitResource *resource,
+ PolKitAction *action,
PolKitSession *session);
polkit_bool_t
polkit_module_interface_check_builtin_confinement_for_caller (PolKitModuleInterface *module_interface,
PolKitContext *pk_context,
- PolKitAction *action,
- PolKitResource *resource,
+ PolKitAction *action,
PolKitCaller *caller);
#endif /* POLKIT_MODULE_H */
diff --git a/polkit/polkit-policy-default.c b/polkit/polkit-policy-default.c
index 074fb93..d9949cb 100644
--- a/polkit/polkit-policy-default.c
+++ b/polkit/polkit-policy-default.c
@@ -143,24 +143,22 @@ polkit_policy_default_debug (PolKitPolic
/**
- * polkit_policy_default_can_session_access_resource:
+ * polkit_policy_default_can_session_do_action:
* @policy_default: the object
* @action: the type of access to check for
- * @resource: the resource in question
* @session: the session in question
*
* Using the default policy for an action, determine if a given
- * session can access a given resource in a given way.
+ * session can do a given action.
*
* Returns: A #PolKitResult - can only be one of
* #POLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW,
* #POLKIT_RESULT_YES, #POLKIT_RESULT_NO.
**/
PolKitResult
-polkit_policy_default_can_session_access_resource (PolKitPolicyDefault *policy_default,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitSession *session)
+polkit_policy_default_can_session_do_action (PolKitPolicyDefault *policy_default,
+ PolKitAction *action,
+ PolKitSession *session)
{
polkit_bool_t is_local;
polkit_bool_t is_active;
@@ -195,23 +193,21 @@ out:
}
/**
- * polkit_policy_default_can_caller_access_resource:
+ * polkit_policy_default_can_caller_do_action:
* @policy_default: the object
* @action: the type of access to check for
- * @resource: the resource in question
- * @caller: the resource in question
+ * @caller: the caller in question
*
* Using the default policy for an action, determine if a given
- * caller can access a given resource in a given way.
+ * caller can do a given action.
*
* Returns: A #PolKitResult specifying if, and how, the caller can
- * access the resource in the given way
+ * do the given action.
**/
PolKitResult
-polkit_policy_default_can_caller_access_resource (PolKitPolicyDefault *policy_default,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitCaller *caller)
+polkit_policy_default_can_caller_do_action (PolKitPolicyDefault *policy_default,
+ PolKitAction *action,
+ PolKitCaller *caller)
{
polkit_bool_t is_local;
polkit_bool_t is_active;
diff --git a/polkit/polkit-policy-default.h b/polkit/polkit-policy-default.h
index 9dad92c..68b6946 100644
--- a/polkit/polkit-policy-default.h
+++ b/polkit/polkit-policy-default.h
@@ -32,7 +32,6 @@
#include <polkit/polkit-result.h>
#include <polkit/polkit-action.h>
-#include <polkit/polkit-resource.h>
#include <polkit/polkit-session.h>
#include <polkit/polkit-caller.h>
#include <polkit/polkit-error.h>
@@ -44,14 +43,13 @@ PolKitPolicyDefault *polkit_policy_de
void polkit_policy_default_unref (PolKitPolicyDefault *policy_default);
void polkit_policy_default_debug (PolKitPolicyDefault *policy_default);
-PolKitResult polkit_policy_default_can_session_access_resource (PolKitPolicyDefault *policy_default,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitSession *session);
-PolKitResult polkit_policy_default_can_caller_access_resource (PolKitPolicyDefault *policy_default,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitCaller *caller);
+PolKitResult polkit_policy_default_can_session_do_action (PolKitPolicyDefault *policy_default,
+ PolKitAction *action,
+ PolKitSession *session);
+
+PolKitResult polkit_policy_default_can_caller_do_action (PolKitPolicyDefault *policy_default,
+ PolKitAction *action,
+ PolKitCaller *caller);
PolKitResult polkit_policy_default_get_allow_remote_inactive (PolKitPolicyDefault *policy_default);
PolKitResult polkit_policy_default_get_allow_remote_active (PolKitPolicyDefault *policy_default);
diff --git a/polkit/polkit-policy-file-entry.c b/polkit/polkit-policy-file-entry.c
index f72c87c..c0c7941 100644
--- a/polkit/polkit-policy-file-entry.c
+++ b/polkit/polkit-policy-file-entry.c
@@ -197,7 +197,7 @@ polkit_policy_file_get_action_descriptio
*
* Get a phrase, for the policy entry in question, that can be shown
* in the user interface explaining that the caller doesn't possess
- * the privilege to perform the given action on the given resource.
+ * the privilege to perform the given action.
*
* The returned string may contain a single %s entry - the caller
* should use a printf-style function to replace this with a human
diff --git a/polkit/polkit-policy-file-entry.h b/polkit/polkit-policy-file-entry.h
index 5e0b310..70be923 100644
--- a/polkit/polkit-policy-file-entry.h
+++ b/polkit/polkit-policy-file-entry.h
@@ -45,10 +45,7 @@ const char *polkit_policy_fil
PolKitPolicyDefault *polkit_policy_file_entry_get_default (PolKitPolicyFileEntry *policy_file_entry);
const char *polkit_policy_file_get_group_description (PolKitPolicyFileEntry *policy_file_entry);
-const char *polkit_policy_file_get_group_description_short (PolKitPolicyFileEntry *policy_file_entry);
const char *polkit_policy_file_get_action_description (PolKitPolicyFileEntry *policy_file_entry);
-const char *polkit_policy_file_get_action_missing (PolKitPolicyFileEntry *policy_file_entry);
-const char *polkit_policy_file_get_action_apply_to_all_mnemonic (PolKitPolicyFileEntry *policy_file_entry);
#endif /* POLKIT_POLICY_FILE_ENTRY_H */
diff --git a/polkit/polkit-resource.c b/polkit/polkit-resource.c
deleted file mode 100644
index 70d7d53..0000000
--- a/polkit/polkit-resource.c
+++ /dev/null
@@ -1,232 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-resource.c : resources
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <glib.h>
-#include "polkit-debug.h"
-#include "polkit-resource.h"
-#include "polkit-utils.h"
-
-/**
- * SECTION:polkit-resource
- * @short_description: Resources.
- *
- * This class is used to represent a resource. TODO: describe what a resource really is.
- **/
-
-/**
- * PolKitResource:
- *
- * Objects of this class are used to record information about a
- * resource. TODO: describe what a resource really is.
- **/
-struct PolKitResource
-{
- int refcount;
- char *type;
- char *id;
-};
-
-/**
- * polkit_resource_new:
- *
- * Create a new #PolKitResource object.
- *
- * Returns: the new object
- **/
-PolKitResource *
-polkit_resource_new (void)
-{
- PolKitResource *resource;
- resource = g_new0 (PolKitResource, 1);
- resource->refcount = 1;
- return resource;
-}
-
-/**
- * polkit_resource_ref:
- * @resource: the resource object
- *
- * Increase reference count
- *
- * Returns: the object
- **/
-PolKitResource *
-polkit_resource_ref (PolKitResource *resource)
-{
- g_return_val_if_fail (resource != NULL, resource);
- resource->refcount++;
- return resource;
-}
-
-
-/**
- * polkit_resource_unref:
- * @resource: the resource object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-polkit_resource_unref (PolKitResource *resource)
-{
- g_return_if_fail (resource != NULL);
-
- resource->refcount--;
- if (resource->refcount > 0)
- return;
-
- g_free (resource->type);
- g_free (resource->id);
- g_free (resource);
-}
-
-
-/**
- * polkit_resource_set_resource_type:
- * @resource: the resource object
- * @resource_type: type of resource
- *
- * Set the type of the resource. TODO: link to wtf this is.
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-polkit_resource_set_resource_type (PolKitResource *resource, const char *resource_type)
-{
- g_return_val_if_fail (resource != NULL, FALSE);
- g_return_val_if_fail (_pk_validate_identifier (resource_type), FALSE);
- if (resource->type != NULL)
- g_free (resource->type);
- resource->type = g_strdup (resource_type);
- return TRUE;
-}
-
-/**
- * polkit_resource_set_resource_id:
- * @resource: the resource object
- * @resource_id: identifier of resource
- *
- * set the identifier of the resource. TODO: link to wtf this is.
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-polkit_resource_set_resource_id (PolKitResource *resource, const char *resource_id)
-{
- g_return_val_if_fail (resource != NULL, FALSE);
- g_return_val_if_fail (_pk_validate_identifier (resource_id), FALSE);
- if (resource->id != NULL)
- g_free (resource->id);
- resource->id = g_strdup (resource_id);
- return TRUE;
-}
-
-/**
- * polkit_resource_get_resource_type:
- * @resource: the resource object
- * @out_resource_type: Returns the resource type. The caller shall not free this string.
- *
- * Get the type of the resource.
- *
- * Returns: TRUE iff the value was returned.
- **/
-polkit_bool_t
-polkit_resource_get_resource_type (PolKitResource *resource, char **out_resource_type)
-{
- g_return_val_if_fail (resource != NULL, FALSE);
- g_return_val_if_fail (out_resource_type != NULL, FALSE);
-
- if (resource->type == NULL)
- return FALSE;
-
- *out_resource_type = resource->type;
- return TRUE;
-}
-
-/**
- * polkit_resource_get_resource_id:
- * @resource: the resource object
- * @out_resource_id: Returns the resource identifier. The caller shall not free this string.
- *
- * Get the identifier of the resource
- *
- * Returns: TRUE iff the value was returned.
- **/
-polkit_bool_t
-polkit_resource_get_resource_id (PolKitResource *resource, char **out_resource_id)
-{
- g_return_val_if_fail (resource != NULL, FALSE);
- g_return_val_if_fail (out_resource_id != NULL, FALSE);
-
- if (resource->id == NULL)
- return FALSE;
-
- *out_resource_id = resource->id;
- return TRUE;
-}
-
-/**
- * polkit_resource_debug:
- * @resource: the object
- *
- * Print debug details
- **/
-void
-polkit_resource_debug (PolKitResource *resource)
-{
- g_return_if_fail (resource != NULL);
- _pk_debug ("PolKitResource: refcount=%d type=%s id=%s", resource->refcount, resource->type, resource->id);
-}
-
-/**
- * polkit_resource_validate:
- * @resource: the object
- *
- * Validate the object
- *
- * Returns: #TRUE iff the object is valid.
- **/
-polkit_bool_t
-polkit_resource_validate (PolKitResource *resource)
-{
- g_return_val_if_fail (resource != NULL, FALSE);
- g_return_val_if_fail (resource->type != NULL, FALSE);
- g_return_val_if_fail (resource->id != NULL, FALSE);
- return TRUE;
-}
diff --git a/polkit/polkit-resource.h b/polkit/polkit-resource.h
deleted file mode 100644
index 636e730..0000000
--- a/polkit/polkit-resource.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-resource.h : resources
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_RESOURCE_H
-#define POLKIT_RESOURCE_H
-
-#include <polkit/polkit-types.h>
-
-struct PolKitResource;
-typedef struct PolKitResource PolKitResource;
-
-PolKitResource *polkit_resource_new (void);
-PolKitResource *polkit_resource_ref (PolKitResource *resource);
-void polkit_resource_unref (PolKitResource *resource);
-polkit_bool_t polkit_resource_set_resource_type (PolKitResource *resource, const char *resource_type);
-polkit_bool_t polkit_resource_set_resource_id (PolKitResource *resource, const char *resource_id);
-polkit_bool_t polkit_resource_get_resource_type (PolKitResource *resource, char **out_resource_type);
-polkit_bool_t polkit_resource_get_resource_id (PolKitResource *resource, char **out_resource_id);
-
-void polkit_resource_debug (PolKitResource *resource);
-
-polkit_bool_t polkit_resource_validate (PolKitResource *resource);
-
-#endif /* POLKIT_RESOURCE_H */
-
-
diff --git a/polkit/polkit.h b/polkit/polkit.h
index 3ce6947..148ee25 100644
--- a/polkit/polkit.h
+++ b/polkit/polkit.h
@@ -32,7 +32,6 @@
#include <polkit/polkit-result.h>
#include <polkit/polkit-context.h>
#include <polkit/polkit-action.h>
-#include <polkit/polkit-resource.h>
#include <polkit/polkit-seat.h>
#include <polkit/polkit-session.h>
#include <polkit/polkit-caller.h>
diff --git a/tools/polkit-check-caller.c b/tools/polkit-check-caller.c
index bfb3ffa..0c960b3 100644
--- a/tools/polkit-check-caller.c
+++ b/tools/polkit-check-caller.c
@@ -46,28 +46,22 @@ usage (int argc, char *argv[])
"\n"
"usage : polkit-check-caller\n"
" --caller <dbus-name> --action <action>\n"
- " --resource-type <type> --resource-id <id>\n"
" [--version] [--help]\n");
fprintf (stderr,
"\n"
" --caller Unique name of caller on the system bus\n"
" --action Requested action\n"
- " --resource-type Type of resource\n"
- " --resource-id Identifier of resource\n"
" --version Show version and exit\n"
" --help Show this information and exit\n"
"\n"
- "Determine if a given caller can access a given resource in a given\n"
- "way. If access is allowed, this program exits with exit code 0. If\n"
- "no access is allowed or an error occurs, the program exits with\n"
- "a non-zero exit code.\n");
+ "Determine if a given caller can do a given action. If access is \n"
+ "allowed, this program exits with exit code 0. If no access is allowed\n"
+ "or an error occurs, the program exits with a non-zero exit code.\n");
}
int
main (int argc, char *argv[])
{
- char *resource_type = NULL;
- char *resource_id = NULL;
char *action_id = NULL;
char *dbus_name = NULL;
gboolean is_version = FALSE;
@@ -75,7 +69,6 @@ main (int argc, char *argv[])
DBusError error;
PolKitContext *pol_ctx;
PolKitCaller *caller;
- PolKitResource *resource;
PolKitAction *action;
gboolean allowed;
PolKitError *p_error;
@@ -90,8 +83,6 @@ main (int argc, char *argv[])
int option_index = 0;
const char *opt;
static struct option long_options[] = {
- {"resource-type", 1, NULL, 0},
- {"resource-id", 1, NULL, 0},
{"action", 1, NULL, 0},
{"caller", 1, NULL, 0},
{"version", 0, NULL, 0},
@@ -113,10 +104,6 @@ main (int argc, char *argv[])
return 0;
} else if (strcmp (opt, "version") == 0) {
is_version = TRUE;
- } else if (strcmp (opt, "resource-type") == 0) {
- resource_type = strdup (optarg);
- } else if (strcmp (opt, "resource-id") == 0) {
- resource_id = strdup (optarg);
} else if (strcmp (opt, "action") == 0) {
action_id = strdup (optarg);
} else if (strcmp (opt, "caller") == 0) {
@@ -136,7 +123,7 @@ main (int argc, char *argv[])
return 0;
}
- if (resource_type == NULL || resource_id == NULL || action_id == NULL || dbus_name == NULL) {
+ if (action_id == NULL || dbus_name == NULL) {
usage (argc, argv);
return 1;
}
@@ -159,10 +146,6 @@ main (int argc, char *argv[])
action = polkit_action_new ();
polkit_action_set_action_id (action, action_id);
- resource = polkit_resource_new ();
- polkit_resource_set_resource_type (resource, resource_type);
- polkit_resource_set_resource_id (resource, resource_id);
-
caller = polkit_caller_new_from_dbus_name (bus, dbus_name, &error);
if (caller == NULL) {
if (dbus_error_is_set (&error)) {
@@ -172,7 +155,7 @@ main (int argc, char *argv[])
}
}
- allowed = polkit_context_can_caller_access_resource (pol_ctx, action, resource, caller);
+ allowed = polkit_context_can_caller_do_action (pol_ctx, action, caller);
if (allowed)
return 0;
diff --git a/tools/polkit-check-session.c b/tools/polkit-check-session.c
index b232737..fd9f467 100644
--- a/tools/polkit-check-session.c
+++ b/tools/polkit-check-session.c
@@ -46,28 +46,23 @@ usage (int argc, char *argv[])
"\n"
"usage : polkit-check-session\n"
" [--session <session>] --action <action>\n"
- " --resource-type <type> --resource-id <id>\n"
" [--version] [--help]\n");
fprintf (stderr,
"\n"
" --session ConsoleKit object path of session\n"
" --action Requested action\n"
- " --resource-type Type of resource\n"
- " --resource-id Identifier of resource\n"
" --version Show version and exit\n"
" --help Show this information and exit\n"
"\n"
- "Determine if a given session can access a given resource in a given\n"
- "way. If no session is given, the current session is used. If access\n"
- "is allowed, this program exits with exit code 0. If no access is allowed\n"
+ "Determine if a given callers in a given session can do a given action.\n"
+ "If no session is given, the current session is used. If access is\n"
+ "allowed, this program exits with exit code 0. If no access is allowed\n"
"or an error occurs, the program exits with a non-zero exit code.\n");
}
int
main (int argc, char *argv[])
{
- char *resource_type = NULL;
- char *resource_id = NULL;
char *action_id = NULL;
char *session_id = NULL;
char *cookie = NULL;
@@ -76,7 +71,6 @@ main (int argc, char *argv[])
DBusError error;
PolKitContext *pol_ctx;
PolKitSession *session;
- PolKitResource *resource;
PolKitAction *action;
gboolean allowed;
PolKitError *p_error;
@@ -93,8 +87,6 @@ main (int argc, char *argv[])
int option_index = 0;
const char *opt;
static struct option long_options[] = {
- {"resource-type", 1, NULL, 0},
- {"resource-id", 1, NULL, 0},
{"action", 1, NULL, 0},
{"session", 1, NULL, 0},
{"version", 0, NULL, 0},
@@ -116,10 +108,6 @@ main (int argc, char *argv[])
return 0;
} else if (strcmp (opt, "version") == 0) {
is_version = TRUE;
- } else if (strcmp (opt, "resource-type") == 0) {
- resource_type = strdup (optarg);
- } else if (strcmp (opt, "resource-id") == 0) {
- resource_id = strdup (optarg);
} else if (strcmp (opt, "action") == 0) {
action_id = strdup (optarg);
} else if (strcmp (opt, "session") == 0) {
@@ -139,7 +127,7 @@ main (int argc, char *argv[])
return 0;
}
- if (resource_type == NULL || resource_id == NULL || action_id == NULL) {
+ if (action_id == NULL) {
usage (argc, argv);
return 1;
}
@@ -176,11 +164,7 @@ main (int argc, char *argv[])
action = polkit_action_new ();
polkit_action_set_action_id (action, action_id);
- resource = polkit_resource_new ();
- polkit_resource_set_resource_type (resource, resource_type);
- polkit_resource_set_resource_id (resource, resource_id);
-
- allowed = polkit_context_can_session_access_resource (pol_ctx, action, resource, session);
+ allowed = polkit_context_can_session_do_action (pol_ctx, action, session);
if (allowed)
return 0;
diff --git a/tools/polkit-grant.c b/tools/polkit-grant.c
index 0c5181d..0bf2665 100644
--- a/tools/polkit-grant.c
+++ b/tools/polkit-grant.c
@@ -49,13 +49,10 @@ usage (int argc, char *argv[])
"\n"
"usage : polkit-grant\n"
" --action <action>\n"
- " --resource-type <type> --resource-id <id>\n"
" [--version] [--help]\n");
fprintf (stderr,
"\n"
" --action Requested action\n"
- " --resource-type Type of resource\n"
- " --resource-id Identifier of resource\n"
" --version Show version and exit\n"
" --help Show this information and exit\n"
"\n"
@@ -285,15 +282,12 @@ int
main (int argc, char *argv[])
{
char *action_id = NULL;
- char *resource_type = NULL;
- char *resource_id = NULL;
gboolean is_version = FALSE;
DBusConnection *bus;
DBusError error;
PolKitContext *pol_ctx;
PolKitCaller *caller;
PolKitAction *action;
- PolKitResource *resource;
PolKitError *p_error;
PolKitGrant *polkit_grant;
int ret;
@@ -312,8 +306,6 @@ main (int argc, char *argv[])
const char *opt;
static struct option long_options[] = {
{"action", 1, NULL, 0},
- {"resource-type", 1, NULL, 0},
- {"resource-id", 1, NULL, 0},
{"version", 0, NULL, 0},
{"help", 0, NULL, 0},
{NULL, 0, NULL, 0}
@@ -335,10 +327,6 @@ main (int argc, char *argv[])
is_version = TRUE;
} else if (strcmp (opt, "action") == 0) {
action_id = strdup (optarg);
- } else if (strcmp (opt, "resource-type") == 0) {
- resource_type = strdup (optarg);
- } else if (strcmp (opt, "resource-id") == 0) {
- resource_id = strdup (optarg);
}
break;
@@ -353,7 +341,7 @@ main (int argc, char *argv[])
return 0;
}
- if (action_id == NULL || resource_type == NULL || resource_id == NULL) {
+ if (action_id == NULL) {
usage (argc, argv);
goto error;
}
@@ -378,10 +366,6 @@ main (int argc, char *argv[])
action = polkit_action_new ();
polkit_action_set_action_id (action, action_id);
- resource = polkit_resource_new ();
- polkit_resource_set_resource_type (resource, resource_type);
- polkit_resource_set_resource_id (resource, resource_id);
-
caller = polkit_caller_new_from_dbus_name (bus, dbus_bus_get_unique_name (bus), &error);
if (caller == NULL) {
if (dbus_error_is_set (&error)) {
@@ -406,9 +390,8 @@ main (int argc, char *argv[])
&ud);
if (!polkit_grant_initiate_auth (polkit_grant,
- action,
- resource,
- caller)) {
+ action,
+ caller)) {
printf ("Failed to initiate privilege grant.\n");
ret = 1;
goto error;
More information about the hal-commit
mailing list