PolicyKit: Branch 'master'
David Zeuthen
david at kemper.freedesktop.org
Wed Mar 28 10:04:48 PDT 2007
COPYING | 4
Makefile.am | 11
NEWS | 2
configure.in | 263 ------
dev/null |binary
doc/Makefile.am | 2
doc/TODO | 40 -
doc/api/Makefile.am | 47 -
doc/api/libpolkit/Makefile.am | 67 +
doc/api/libpolkit/libpolkit-docs.xml | 109 ++
doc/api/libpolkit/version.xml.in | 1
doc/api/polkit-docs.xml | 15
doc/api/tmpl/libpolkit.sgml | 114 --
doc/man/Makefile.am | 13
doc/spec/Makefile.am | 30
doc/spec/config.xsl | 6
doc/spec/docbook.css | 18
doc/spec/polkit-arch.dia | 0
doc/spec/polkit-arch.png | 0
doc/spec/polkit-spec-introduction.xml | 15
doc/spec/polkit-spec.html | 384 ----------
doc/spec/polkit-spec.xml.in | 628 ----------------
doc/spec/polkit-spec.xml.in.in | 24
libpolkit.pc.in | 2
libpolkit/Makefile.am | 31
libpolkit/libpolkit-grant.c | 407 ----------
libpolkit/libpolkit-grant.h | 125 ---
libpolkit/libpolkit.c | 376 ---------
libpolkit/libpolkit.h | 46 -
pam-polkit-console/.gitignore | 7
pam-polkit-console/Makefile.am | 18
pam-polkit-console/pam-polkit-console.c | 262 ------
policy-kit.in | 8
polkit-interface-manager.xml | 48 -
polkit-interface-session.xml | 50 -
polkitd/.gitignore | 13
polkitd/Makefile.am | 94 --
polkitd/PolicyKit.conf.in | 20
polkitd/PolicyKit.in | 80 --
polkitd/debug-polkitd.sh | 9
polkitd/main.c | 303 -------
polkitd/policy.c | 1217 --------------------------------
polkitd/policy.h | 103 --
polkitd/polkit-manager.c | 1089 ----------------------------
polkitd/polkit-manager.h | 132 ---
polkitd/polkit-marshal.list | 1
polkitd/polkit-session.c | 1013 --------------------------
polkitd/polkit-session.h | 122 ---
polkitd/polkitd-test.c | 275 -------
polkitd/run-polkitd.sh | 7
polkitd/valgrind-polkitd.sh | 4
privileges/.gitignore | 3
privileges/Makefile.am | 7
privileges/desktop-console.privilege | 14
tools/Makefile.am | 21
tools/polkit-grant-privilege.c | 331 --------
tools/polkit-is-privileged.c | 203 -----
tools/polkit-list-privileges.c | 209 -----
tools/polkit-revoke-privilege.c | 198 -----
59 files changed, 318 insertions(+), 8323 deletions(-)
New commits:
diff-tree 5e55b4a226590b18bebc65b864ba323e69769939 (from e97e945ee59320cb15ec81958b2fa1c08653a8f6)
Author: David Zeuthen <davidz at redhat.com>
Date: Wed Mar 28 13:01:37 2007 -0400
reset project and remove all existing code
Some of the code, e.g. the daemon, will be brought back in other forms.
diff --git a/COPYING b/COPYING
index 5ca1af9..2edfa2c 100644
--- a/COPYING
+++ b/COPYING
@@ -1,5 +1,5 @@
-The PolicyKit daemon and associated command-line tools polkit-* is
-licensed to you under the GNU General Public License version 2.
+The PolicyKit command-line tools are licensed to you under the GNU
+General Public License version 2.
libpolkit is licensed to you under your choice of the Academic Free
License version 2.1, or the GNU General Public License version 2.
diff --git a/Makefile.am b/Makefile.am
index dc38d3f..422aece 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,12 +1,9 @@
## Process this file with automake to produce Makefile.in
-SUBDIRS = libpolkit pam-polkit-console polkitd doc tools privileges
-
-pamdir = $(sysconfdir)/pam.d
-pam_DATA = policy-kit
+SUBDIRS = libpolkit doc tools
pkgconfigdir = $(libdir)/pkgconfig
-pkgconfig_DATA = polkit.pc
+pkgconfig_DATA = libpolkit.pc
# Creating ChangeLog from git log (taken from cairo/Makefile.am):
@@ -28,9 +25,9 @@ $(srcdir)/ChangeLog:
.PHONY: ChangeLog $(srcdir)/ChangeLog
-DISTCLEANFILES = polkit.pc
+DISTCLEANFILES = libpolkit.pc
-EXTRA_DIST = HACKING polkit-interface-manager.xml polkit-interface-session.xml polkit.pc.in policy-kit.in mkinstalldirs ChangeLog
+EXTRA_DIST = HACKING libpolkit.pc.in mkinstalldirs ChangeLog
clean-local :
rm -f *~
diff --git a/NEWS b/NEWS
index 43a464a..7e1b37f 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,6 @@ PolicyKit 0.1 ""
WRITE ME
-Requirements for PolicyKit 0.1 "" (and CVS HEAD)
+Requirements for PolicyKit 0.1 "" (and git master)
- glib >= 2.6.0
diff --git a/configure.in b/configure.in
index 9443c86..4cde2d3 100644
--- a/configure.in
+++ b/configure.in
@@ -1,8 +1,8 @@
dnl Process this file with autoconf to produce a configure script.
AC_PREREQ(2.57)
-AC_INIT(PolicyKit, 0.2, david at fubar.dk)
-AM_INIT_AUTOMAKE(PolicyKit, 0.2)
+AC_INIT(PolicyKit, 0.3, david at fubar.dk)
+AM_INIT_AUTOMAKE(PolicyKit, 0.3)
AM_CONFIG_HEADER(config.h)
AM_MAINTAINER_MODE
@@ -10,7 +10,7 @@ AM_MAINTAINER_MODE
#
# See http://sources.redhat.com/autobook/autobook/autobook_91.html#SEC91 for details
#
-LT_CURRENT=0
+LT_CURRENT=1
LT_REVISION=0
LT_AGE=0
AC_SUBST(LT_CURRENT)
@@ -26,29 +26,12 @@ AC_PROG_MAKE_SET
AC_PROG_LN_S
AC_SYS_LARGEFILE
-AC_ARG_WITH(polkit_user,[ --with-polkit-user=<user> user for PolicyKit])
-if test -z "$with_polkit_user" ; then
- POLKIT_USER=polkit
-else
- POLKIT_USER=$with_polkit_user
-fi
-AC_SUBST(POLKIT_USER)
-AC_DEFINE_UNQUOTED(POLKIT_USER, "$POLKIT_USER", [User for PolicyKit])
-
-AC_ARG_WITH(polkit_group,[ --with-polkit-group=<grp> group for PolicyKit])
-if test -z "$with_polkit_group" ; then
- POLKIT_GROUP=polkit
-else
- POLKIT_GROUP=$with_polkit_group
-fi
-AC_SUBST(POLKIT_GROUP)
-AC_DEFINE_UNQUOTED(POLKIT_GROUP,"$POLKIT_GROUP", [Group for PolicyKit])
-
-
# Taken from dbus
AC_ARG_ENABLE(ansi, [ --enable-ansi enable -ansi -pedantic gcc flags],enable_ansi=$enableval,enable_ansi=no)
AC_ARG_ENABLE(verbose-mode, [ --enable-verbose-mode support verbose debug mode],enable_verbose_mode=$enableval,enable_verbose_mode=$USE_MAINTAINER_MODE)
-AC_ARG_ENABLE(docbook-docs, [ --enable-docbook-docs build documentation (requires xmlto)],enable_docbook_docs=$enableval,enable_docbook_docs=auto)
+AC_ARG_ENABLE(docbook-docs, [ --enable-docbook-docs build documentation (requires xmlto)],enable_docbook_docs=$enableval,enable_docbook_docs=no)
+AC_ARG_ENABLE(man-pages, [ --enable-man-pages build manual pages],enable_man_pages=$enableval,enable_man_pages=yes)
+AM_CONDITIONAL(MAN_PAGES_ENABLED, test x$enable_man_pages = xyes)
GTK_DOC_CHECK([1.3])
@@ -138,30 +121,23 @@ PKG_CHECK_MODULES(GLIB, [glib-2.0 >= 2.6
AC_SUBST(GLIB_CFLAGS)
AC_SUBST(GLIB_LIBS)
-PKG_CHECK_MODULES(DBUS, [dbus-1 >= 0.60])
-AC_SUBST(DBUS_CFLAGS)
-AC_SUBST(DBUS_LIBS)
-
-PKG_CHECK_MODULES(DBUS_GLIB, [dbus-glib-1 >= 0.60])
-AC_SUBST(DBUS_GLIB_CFLAGS)
-AC_SUBST(DBUS_GLIB_LIBS)
-
AC_CHECK_FUNCS(getgrouplist)
# DocBook Documentation
-AC_PATH_PROG(XMLTO, xmlto, no)
-
AC_MSG_CHECKING([whether to build DocBook documentation])
-if test x$DOCBOOK = xno ; then
- have_docbook=no
+AC_PATH_PROG(XMLTO, xmlto, no)
+AC_PATH_PROG(XMLLINT, xmllint, no)
+
+if test x$XMLLINT = xno ; then
+ have_xmllint=no
else
- have_docbook=yes
+ have_xmllint=yes
fi
if test x$enable_docbook_docs = xauto ; then
- if test x$have_docbook = xno ; then
+ if test x$have_xmlto = xno || test x$have_xmllint = xno ; then
enable_docbook_docs=no
else
enable_docbook_docs=yes
@@ -169,8 +145,8 @@ if test x$enable_docbook_docs = xauto ;
fi
if test x$enable_docbook_docs = xyes; then
- if test x$have_docbook = xno; then
- AC_MSG_ERROR([Building DocBook docs explicitly required, but DocBook not found])
+ if test x$have_xmlto = xno; then
+ AC_MSG_ERROR([Building DocBook docs explicitly required, but xmlto not found])
fi
fi
@@ -195,186 +171,22 @@ fi
AC_SUBST(DOCDIR)
-# PAM stuff borrowed from gnome-screensaver
-
-# Determine PAM prefix
-
-withval=""
-AC_ARG_WITH(pam-prefix,
-[ --with-pam-prefix=<prefix> specify where pam files go],[
-if test x$withval != x; then
- AC_MSG_RESULT("PAM files will be installed in prefix ${withval}.")
-fi])
-if test x$withval != x; then
- PAM_PREFIX_UNEXPANDED="$withval"
-else
- PAM_PREFIX_UNEXPANDED="$sysconfdir"
-fi
-PAM_PREFIX=`eval echo $PAM_PREFIX_UNEXPANDED`
-AC_SUBST(PAM_PREFIX)
-
-
-dnl ---------------------------------------------------------------------------
-dnl - Check for PAM
-dnl ---------------------------------------------------------------------------
-
-have_pam=no
-AC_CHECK_LIB(pam, pam_start, have_pam=yes)
-if test x$have_pam = xno; then
- AC_ERROR([Could not find pam/pam-devel, please install the needed packages.])
-else
- AUTH_LIBS="${AUTH_LIBS} -lpam"
- AC_DEFINE(HAVE_PAM, 1, [Define if PAM support is included])
-
- # On Linux, sigtimedwait() is in libc; on Solaris, it's in librt.
- have_timedwait=no
- AC_CHECK_LIB(c, sigtimedwait, [have_timedwait=yes])
- if test "$have_timedwait" = no ; then
- AC_CHECK_LIB(rt, sigtimedwait, [AUTH_LIBS="${AUTH_LIBS} -lrt"])
- fi
-
- AC_MSG_CHECKING(how to call pam_strerror)
- AC_CACHE_VAL(ac_cv_pam_strerror_args,
- [AC_TRY_COMPILE([#include <stdio.h>
- #include <stdlib.h>
- #include <security/pam_appl.h>],
- [pam_handle_t *pamh = 0;
- char *s = pam_strerror(pamh, PAM_SUCCESS);],
- [ac_pam_strerror_args=2],
- [AC_TRY_COMPILE([#include <stdio.h>
- #include <stdlib.h>
- #include <security/pam_appl.h>],
- [char *s =
- pam_strerror(PAM_SUCCESS);],
- [ac_pam_strerror_args=1],
- [ac_pam_strerror_args=0])])
- ac_cv_pam_strerror_args=$ac_pam_strerror_args])
- ac_pam_strerror_args=$ac_cv_pam_strerror_args
- if test "$ac_pam_strerror_args" = 1 ; then
- AC_MSG_RESULT(one argument)
- elif test "$ac_pam_strerror_args" = 2 ; then
- AC_DEFINE(PAM_STRERROR_TWO_ARGS, 1, [Define if pam_strerror takes two arguments])
- AC_MSG_RESULT(two arguments)
- else
- AC_MSG_RESULT(unknown)
- fi
-
-fi
-
-AM_CONDITIONAL(HAVE_PAM, test x$have_pam = xyes)
-AC_SUBST(HAVE_PAM)
-AC_SUBST(AUTH_LIBS)
-
-AC_CHECK_HEADER(security/pam_modutil.h, [AC_DEFINE(HAVE_PAM_MODUTIL_H, [], "Have pam_modutil.h")])
-AC_CHECK_HEADER(security/pam_ext.h, [AC_DEFINE(HAVE_PAM_EXT_H, [], "Have pam_ext.h")])
-AC_CHECK_LIB(pam, pam_vsyslog, [AC_DEFINE(HAVE_PAM_VSYSLOG, [], "Have pam_vsyslog")])
-
-
-AC_ARG_WITH(pam-module-dir, [ --with-pam-module-dir=[dirname] directory to install PAM security module])
-if ! test -z "$with_pam_module_dir"; then
- PAM_MODULE_DIR=$with_pam_module_dir
-else
- PAM_MODULE_DIR="/lib/security"
-fi
-
-AC_SUBST(PAM_MODULE_DIR)
-
-
-AC_ARG_WITH(os-type, [ --with-os-type=<os> distribution or OS (redhat)])
-
-#### Check our operating system (distro-tweaks required)
-if test "z$with_os_type" = "z"; then
- AC_CHECK_FILE(/etc/redhat-release,distro_type="redhat")
- AC_CHECK_FILE(/etc/SuSE-release,distro_type="suse")
- if test "z$distro_type" = "z"; then
- echo "Linux distribution autodetection failed, specify the distribution to target using --with-os-type="
- else
- operating_system=`echo ${distro_type} | tr '[[:upper:]]' '[[:lower:]]' `
- fi
-fi
-
-#### Sort out OS (distro-tweaks required)
-if test x$with_os_type = x; then
- if test x$operating_system = xredhat ; then
- with_os_type=redhat
- elif test x$operating_system = xsuse ; then
- with_os_type=suse
- else
- with_os_type=unknown
- fi
-fi
-
-# (distro-tweaks required)
-AM_CONDITIONAL(OS_TYPE_UNKNOWN, test x$with_os_type = xunknown, [Running on unknown OS])
-AM_CONDITIONAL(OS_TYPE_RED_HAT, test x$with_os_type = xredhat, [Running on Red Hat OS'es])
-AM_CONDITIONAL(OS_TYPE_SUSE, test x$with_os_type = xsuse, [Running on SUSE OS'es])
-
-AC_ARG_WITH(pid-file, [ --with-pid-file=<file> pid file for polkitd])
-
-#### Set up the pid file (distro-tweaks required)
-if ! test -z "$with_pid_file"; then
- POLKITD_PID_FILE=$with_pid_file
-elif test x$with_os_type = xredhat ; then
- POLKITD_PID_FILE=${LOCALSTATEDIR}/run/polkitd.pid
-elif test x$with_os_type = xsuse ; then
- POLKITD_PID_FILE=${LOCALSTATEDIR}/run/polkitd.pid
-else
- POLKITD_PID_FILE=${LOCALSTATEDIR}/run/polkitd/pid
-fi
-
-AC_SUBST(POLKITD_PID_FILE)
-AC_DEFINE_UNQUOTED(POLKITD_PID_FILE, "$POLKITD_PID_FILE", [pid file])
-
-AC_ARG_WITH(pam-include, [ --with-pam-include=<file> pam file to include])
-
-#### Set up pam file to include (distro-tweaks required)
-if ! test -z "$with_pam_include"; then
- PAM_FILE_INCLUDE_AUTH=$with_pam_include
- PAM_FILE_INCLUDE_ACCOUNT=$with_pam_include
- PAM_FILE_INCLUDE_PASSWORD=$with_pam_include
- PAM_FILE_INCLUDE_SESSION=$with_pam_include
-elif test x$with_os_type = xredhat ; then
- PAM_FILE_INCLUDE_AUTH=system-auth
- PAM_FILE_INCLUDE_ACCOUNT=system-auth
- PAM_FILE_INCLUDE_PASSWORD=system-auth
- PAM_FILE_INCLUDE_SESSION=system-auth
-elif test x$with_os_type = xsuse ; then
- PAM_FILE_INCLUDE_AUTH=common-auth
- PAM_FILE_INCLUDE_ACCOUNT=common-account
- PAM_FILE_INCLUDE_PASSWORD=common-password
- PAM_FILE_INCLUDE_SESSION=common-session
-else
- PAM_FILE_INCLUDE_AUTH=system-auth
- PAM_FILE_INCLUDE_ACCOUNT=system-auth
- PAM_FILE_INCLUDE_PASSWORD=system-auth
- PAM_FILE_INCLUDE_SESSION=system-auth
+if test "x$GCC" = "xyes"; then
+ LDFLAGS="-Wl,--as-needed $LDFLAGS"
fi
-AC_SUBST(PAM_FILE_INCLUDE_AUTH)
-AC_SUBST(PAM_FILE_INCLUDE_ACCOUNT)
-AC_SUBST(PAM_FILE_INCLUDE_PASSWORD)
-AC_SUBST(PAM_FILE_INCLUDE_SESSION)
-AC_DEFINE_UNQUOTED(PAM_FILE_INCLUDE_AUTH, "$PAM_FILE_INCLUDE_AUTH", [pam file auth])
-AC_DEFINE_UNQUOTED(PAM_FILE_INCLUDE_ACCOUNT, "$PAM_FILE_INCLUDE_ACCOUNT", [pam file account])
-AC_DEFINE_UNQUOTED(PAM_FILE_INCLUDE_PASSWORD, "$PAM_FILE_INCLUDE_PASSWORD", [pam file password])
-AC_DEFINE_UNQUOTED(PAM_FILE_INCLUDE_SESSION, "$PAM_FILE_INCLUDE_SESSION", [pam file session])
-
-
AC_OUTPUT([
-policy-kit
-polkit.pc
+libpolkit.pc
Makefile
-pam-polkit-console/Makefile
-polkitd/Makefile
-polkitd/PolicyKit
-polkitd/PolicyKit.conf
libpolkit/Makefile
tools/Makefile
doc/Makefile
doc/api/Makefile
+doc/api/libpolkit/Makefile
+doc/api/libpolkit/version.xml
doc/spec/Makefile
-doc/spec/polkit-spec.xml
-privileges/Makefile
+doc/spec/polkit-spec.xml.in
+doc/man/Makefile
])
dnl ==========================================================================
@@ -391,41 +203,16 @@ echo "
sysconfdir: ${SYSCONFDIR}
localstatedir: ${LOCALSTATEDIR}
docdir: ${DOCDIR}
- PAM prefix: ${PAM_PREFIX}
- PAM module dir: ${PAM_MODULE_DIR}
compiler: ${CC}
cflags: ${CFLAGS}
cppflags: ${CPPFLAGS}
- DocBook: ${DOCBOOK}
- user for PolicyKit: ${POLKIT_USER}
- group for PolicyKit: ${POLKIT_GROUP}
- pidfile for polkitd: ${POLKITD_PID_FILE}
-
- Distribution/OS: ${with_os_type}
-
- PAM support: ${have_pam}
- PAM file auth: ${PAM_FILE_INCLUDE_AUTH}
- PAM file account: ${PAM_FILE_INCLUDE_ACCOUNT}
- PAM file password: ${PAM_FILE_INCLUDE_PASSWORD}
- PAM file session: ${PAM_FILE_INCLUDE_SESSION}
+ xmlto: ${XMLTO}
+ xmllint: ${XMLLINT}
Maintainer mode: ${USE_MAINTAINER_MODE}
Building verbose mode: ${enable_verbose_mode}
Building api docs: ${enable_gtk_doc}
Building docs: ${enable_docbook_docs}
+ Building man pages: ${enable_man_pages}
"
-
-# (distro-tweaks required)
-if test x$with_os_type = xredhat; then
- echo "NOTE: Red Hat style init scripts and pam file will be installed"
-elif test x$with_os_type = xsuse; then
- echo "NOTE: SUSE style init scripts and pam file will be installed"
-else
- echo "NOTE: You have to install init scripts yourself and tweak your own pam file"
-fi
-echo
-
-echo "NOTE: Remember to create user ${POLKIT_USER} and group ${POLKIT_GROUP} before make install"
-echo
-
diff --git a/doc/Makefile.am b/doc/Makefile.am
index ba72554..6d27607 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -1,7 +1,7 @@
EXTRA_DIST = TODO
-SUBDIRS = api spec
+SUBDIRS = api spec man
clean-local:
rm -f *~
diff --git a/doc/TODO b/doc/TODO
index 9458bd7..eaa58c4 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -1,40 +1,2 @@
-DONE
-
- - Write up a nice spec about how all this works since it can be a bit
- confusing
-
- - Refine the .privilege file format so e.g. user 'foo' is always
- allowed to grant privilege 'bar' to other users. Also other stuff.
-
- - write polkit-revoke-privilege
-
- - make polkit-list-privileges and polkit-is-privileged display if a
- privilege is granted permanently or temporary. Also display if it's
- confined to a certain D-BUS connection.
-
- - Factor out auth code in polkit-is-privileged into a GObject and put
- it in a libpolkit-gobject library (since the interaction is pretty
- hairy (see interaction diagram in polkitd/polkit-session.c) I will
- not put this in libpolkit as I want to use the glib bindings and
- these require the glib main loop => not suitable for Qt etc.)
-
-PENDING
-
- - Make polkitd emit signals on an interface such that privileged apps
- can be notified when privileges are granted and revoked. Also
- export other useful query operations.
-
- - make D-BUS interface in general and polkit-grant-privilege in
- particular capable of granting privs permanently
-
- - write some man pages
-
- - write libpolkit-gnome that GNOME apps can consume
-
- - implement D-BUS interfaces suitable for a GUI privilege editor
-
- - write more tests; audit code
-
- - Maybe use straight vsyslog from pam-polkit-console.c if pam_vsyslog
- is missing (as recommened by Frederic Peters <fpeters at entrouvert.com>)
+TODO: write me
diff --git a/doc/api/Makefile.am b/doc/api/Makefile.am
index 5b6818b..3c12eb0 100644
--- a/doc/api/Makefile.am
+++ b/doc/api/Makefile.am
@@ -1,46 +1,9 @@
-
## Process this file with automake to create Makefile.in.
-AUTOMAKE_OPTIONS = 1.7
-
-# The name of the module.
-DOC_MODULE=polkit
-
-# The top-level SGML file.
-DOC_MAIN_SGML_FILE=polkit-docs.xml
-
-# Extra options to supply to gtkdoc-scan
-#SCAN_OPTIONS=--deprecated-guards="CAIRO_DISABLE_DEPRECATED"
-
-# The directory containing the source code. Relative to $(srcdir)
-DOC_SOURCE_DIR=../../libpolkit
-
-# Used for dependencies
-HFILE_GLOB=$(top_srcdir)/libpolkit/*.h
-CFILE_GLOB=$(top_srcdir)/libpolkit/*.c
-
-# Headers to ignore
-IGNORE_HFILES=
-
-# CFLAGS and LDFLAGS for compiling scan program. Only needed
-# if $(DOC_MODULE).types is non-empty.
-INCLUDES =
-GTKDOC_LIBS =
-
-# Extra options to supply to gtkdoc-mkdb
-MKDB_OPTIONS=--sgml-mode --output-format=xml
-
-# Extra options to supply to gtkdoc-mktmpl
-MKTMPL_OPTIONS=
-
-# Non-autogenerated SGML files to be included in $(DOC_MAIN_SGML_FILE)
-content_files =
-
-# Images to copy into HTML directory
-HTML_IMAGES =
-
-# Extra options to supply to gtkdoc-fixref
-FIXXREF_OPTIONS=
+SUBDIRS = libpolkit
-include $(top_srcdir)/gtk-doc.make
+MAINTAINERCLEANFILES = \
+ *~ \
+ Makefile.in \
+ $(NULL)
diff --git a/doc/api/libpolkit/Makefile.am b/doc/api/libpolkit/Makefile.am
new file mode 100644
index 0000000..6c3d6f9
--- /dev/null
+++ b/doc/api/libpolkit/Makefile.am
@@ -0,0 +1,67 @@
+## Process this file with automake to create Makefile.in.
+
+NULL =
+
+AUTOMAKE_OPTIONS = 1.7
+
+# The name of the module.
+DOC_MODULE=libpolkit
+
+# The top-level SGML file.
+DOC_MAIN_SGML_FILE=libpolkit-docs.xml
+
+# Extra options to supply to gtkdoc-scan
+#SCAN_OPTIONS=--deprecated-guards="CAIRO_DISABLE_DEPRECATED"
+
+# The directory containing the source code. Relative to $(srcdir)
+DOC_SOURCE_DIR=../../../libpolkit
+
+# Used for dependencies
+HFILE_GLOB=$(top_srcdir)/libpolkit/*.h
+CFILE_GLOB=$(top_srcdir)/libpolkit/*.c
+
+# Headers to ignore
+IGNORE_HFILES= \
+ $(NULL)
+
+# CFLAGS and LDFLAGS for compiling scan program. Only needed
+# if $(DOC_MODULE).types is non-empty.
+INCLUDES = \
+ $(GLIB_CFLAGS) \
+ -I$(top_srcdir) \
+ -I$(top_builddir) \
+ $(NULL)
+
+GTKDOC_LIBS = \
+ $(GLIB_LIBS) \
+ $(top_builddir)/libpolkit/libpolkit.la \
+ $(NULL)
+
+# Extra options to supply to gtkdoc-mkdb
+MKDB_OPTIONS=--sgml-mode --output-format=xml
+
+# Extra options to supply to gtkdoc-mktmpl
+MKTMPL_OPTIONS=
+
+# Non-autogenerated SGML files to be included in $(DOC_MAIN_SGML_FILE)
+content_files = \
+ version.xml \
+ $(NULL)
+
+# Images to copy into HTML directory
+HTML_IMAGES =
+
+# Extra options to supply to gtkdoc-fixref
+FIXXREF_OPTIONS=
+
+MAINTAINERCLEANFILES = \
+ *~ \
+ Makefile.in \
+ libpolkit.types \
+ libpolkit-*.txt \
+ $(NULL)
+
+include $(top_srcdir)/gtk-doc.make
+
+# Version information for marking the documentation
+EXTRA_DIST += version.xml.in
diff --git a/doc/api/libpolkit/libpolkit-docs.xml b/doc/api/libpolkit/libpolkit-docs.xml
new file mode 100644
index 0000000..10f3fcf
--- /dev/null
+++ b/doc/api/libpolkit/libpolkit-docs.xml
@@ -0,0 +1,109 @@
+<?xml version="1.0"?>
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd" [
+<!ENTITY version SYSTEM "version.xml">
+]>
+<book id="index" xmlns:xi="http://www.w3.org/2003/XInclude">
+ <bookinfo>
+ <title>PolicyKit Library Reference Manual</title>
+ <releaseinfo>Version &version;</releaseinfo>
+ <authorgroup>
+ <author>
+ <firstname>David</firstname>
+ <surname>Zeuthen</surname>
+ <affiliation>
+ <address>
+ <email>david at fubar.dk</email>
+ </address>
+ </affiliation>
+ </author>
+ </authorgroup>
+
+ <copyright>
+ <year>2007</year>
+ <holder>The PolicyKit Authors</holder>
+ </copyright>
+
+ <legalnotice>
+ <para>
+ Permission is granted to copy, distribute and/or modify this
+ document under the terms of the <citetitle>GNU Free
+ Documentation License</citetitle>, Version 1.1 or any later
+ version published by the Free Software Foundation with no
+ Invariant Sections, no Front-Cover Texts, and no Back-Cover
+ Texts. You may obtain a copy of the <citetitle>GNU Free
+ Documentation License</citetitle> from the Free Software
+ Foundation by visiting <ulink type="http"
+ url="http://www.fsf.org">their Web site</ulink> or by writing
+ to:
+
+ <address>
+ The Free Software Foundation, Inc.,
+ <street>59 Temple Place</street> - Suite 330,
+ <city>Boston</city>, <state>MA</state> <postcode>02111-1307</postcode>,
+ <country>USA</country>
+ </address>
+ </para>
+
+ <para>
+ Many of the names used by companies to distinguish their
+ products and services are claimed as trademarks. Where those
+ names appear in any GNOME documentation, and those trademarks
+ are made aware to the members of the GNOME Documentation
+ Project, the names have been printed in caps or initial caps.
+ </para>
+ </legalnotice>
+ </bookinfo>
+
+ <reference>
+ <title>API Reference</title>
+
+ <partintro>
+ <para>
+ This part presents the class and function reference for the
+ PolicyKit library.
+ </para>
+ </partintro>
+ <xi:include href="xml/libpolkit.xml"/>
+ </reference>
+
+ <index>
+ <title>Index</title>
+ </index>
+
+ <!-- License -->
+
+ <appendix id="license">
+ <title>License</title>
+
+ <para>
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the <citetitle>GNU General
+ Public License</citetitle> as published by the Free Software
+ Foundation; either version 2 of the License, or (at your option)
+ any later version.
+ </para>
+
+ <para>
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ <citetitle>GNU Library General Public License</citetitle> for
+ more details.
+ </para>
+
+ <para>
+ You may obtain a copy of the <citetitle>GNU General
+ Public License</citetitle> from the Free Software Foundation by
+ visiting <ulink type="http" url="http://www.fsf.org">their Web
+ site</ulink> or by writing to:
+
+ <address>
+ Free Software Foundation, Inc.
+ <street>59 Temple Place</street> - Suite 330
+ <city>Boston</city>, <state>MA</state> <postcode>02111-1307</postcode>
+ <country>USA</country>
+ </address>
+ </para>
+ </appendix>
+</book>
diff --git a/doc/api/libpolkit/libpolkit.types b/doc/api/libpolkit/libpolkit.types
new file mode 100644
index 0000000..e69de29
diff --git a/doc/api/libpolkit/version.xml.in b/doc/api/libpolkit/version.xml.in
new file mode 100644
index 0000000..d78bda9
--- /dev/null
+++ b/doc/api/libpolkit/version.xml.in
@@ -0,0 +1 @@
+ at VERSION@
diff --git a/doc/api/polkit-docs.xml b/doc/api/polkit-docs.xml
deleted file mode 100644
index 6d2245b..0000000
--- a/doc/api/polkit-docs.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<?xml version="1.0"?>
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
-<book id="index" xmlns:xi="http://www.w3.org/2003/XInclude">
- <bookinfo>
- <title>PolicyKit Reference Manual</title>
- </bookinfo>
-
- <chapter>
- <title>Client libraries</title>
- <xi:include href="xml/libpolkit.xml"/>
- <xi:include href="xml/libpolkit-grant.xml"/>
- </chapter>
-
-</book>
diff --git a/doc/api/tmpl/libpolkit.sgml b/doc/api/tmpl/libpolkit.sgml
deleted file mode 100644
index a19e86c..0000000
--- a/doc/api/tmpl/libpolkit.sgml
+++ /dev/null
@@ -1,114 +0,0 @@
-<!-- ##### SECTION Title ##### -->
-libpolkit
-
-<!-- ##### SECTION Short_Description ##### -->
-
-
-<!-- ##### SECTION Long_Description ##### -->
-<para>
-
-</para>
-
-<!-- ##### SECTION See_Also ##### -->
-<para>
-
-</para>
-
-<!-- ##### SECTION Stability_Level ##### -->
-
-
-<!-- ##### ENUM LibPolKitResult ##### -->
-<para>
-
-</para>
-
- at LIBPOLKIT_RESULT_OK:
- at LIBPOLKIT_RESULT_ERROR:
- at LIBPOLKIT_RESULT_INVALID_CONTEXT:
- at LIBPOLKIT_RESULT_NOT_PRIVILEGED:
- at LIBPOLKIT_RESULT_NO_SUCH_PRIVILEGE:
- at LIBPOLKIT_RESULT_NO_SUCH_USER:
-
-<!-- ##### STRUCT LibPolKitContext_s ##### -->
-<para>
-
-</para>
-
-
-<!-- ##### TYPEDEF LibPolKitContext ##### -->
-<para>
-
-</para>
-
-
-<!-- ##### FUNCTION libpolkit_new_context ##### -->
-<para>
-
-</para>
-
- at connection:
- at Returns:
-
-
-<!-- ##### FUNCTION libpolkit_free_context ##### -->
-<para>
-
-</para>
-
- at ctx:
- at Returns:
-
-
-<!-- ##### FUNCTION libpolkit_get_privilege_list ##### -->
-<para>
-
-</para>
-
- at ctx:
- at result:
- at Returns:
-
-
-<!-- ##### FUNCTION libpolkit_is_uid_allowed_for_privilege ##### -->
-<para>
-
-</para>
-
- at ctx:
- at system_bus_unique_name:
- at user:
- at privilege:
- at resource:
- at out_is_allowed:
- at out_is_temporary:
- at out_is_privileged_but_restricted_to_system_bus_unique_name:
- at Returns:
-
-
-<!-- ##### FUNCTION libpolkit_revoke_temporary_privilege ##### -->
-<para>
-
-</para>
-
- at ctx:
- at user:
- at privilege:
- at resource:
- at result:
- at Returns:
-
-
-<!-- ##### FUNCTION libpolkit_get_allowed_resources_for_privilege_for_uid ##### -->
-<para>
-
-</para>
-
- at ctx:
- at user:
- at privilege:
- at resources:
- at ions:
- at num_non_temporary:
- at Returns:
-
-
diff --git a/doc/api/tmpl/polkit-unused.sgml b/doc/api/tmpl/polkit-unused.sgml
deleted file mode 100644
index e69de29..0000000
diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am
new file mode 100644
index 0000000..56847f8
--- /dev/null
+++ b/doc/man/Makefile.am
@@ -0,0 +1,13 @@
+
+if MAN_PAGES_ENABLED
+
+MAN_IN_FILES =
+
+man_MANS =
+
+endif # MAN_PAGES_ENABLED
+
+EXTRA_DIST=$(man_MANS) $(MAN_IN_FILES)
+
+clean-local:
+ rm -f *~
diff --git a/doc/spec/Makefile.am b/doc/spec/Makefile.am
index e64c56d..8abc430 100644
--- a/doc/spec/Makefile.am
+++ b/doc/spec/Makefile.am
@@ -1,24 +1,28 @@
+FIGURE_FILES =
-FIGURE_FILES = \
- polkit-arch.png
+SPEC_XML_EXTRA_FILES = \
+ polkit-spec-introduction.xml
if DOCBOOK_DOCS_ENABLED
htmldocdir = $(DOCDIR)/spec
-htmldoc_DATA = polkit-spec.html $(FIGURE_FILES)
+htmldoc_DATA = polkit-spec.html $(FIGURE_FILES) docbook.css
-polkit-spec.html : polkit-spec.xml $(FIGURE_FILES)
- $(XMLTO) html-nochunks polkit-spec.xml
+polkit-spec.html : polkit-spec.xml.in $(FIGURE_FILES) $(SPEC_XML_EXTRA_FILES)
+ ${XMLLINT} --xinclude polkit-spec.xml.in > polkit-spec.xml
+ $(XMLTO) html-nochunks -m config.xsl polkit-spec.xml
+
+endif # DOCBOOK_DOCS_ENABLED
clean-local:
rm -f *~
- rm -f polkit-spec.html polkit-spec.xml
-
-
-endif # DOCBOOK_DOCS_ENABLED
+ rm -f *.html
+ rm -f polkit-spec.xml
-EXTRA_DIST = polkit-spec.html \
- polkit-spec.xml.in \
- polkit-arch.dia \
- $(FIGURE_FILES)
+EXTRA_DIST = \
+ polkit-spec.xml.in \
+ config.xsl \
+ docbook.css \
+ $(SPEC_XML_EXTRA_FILES) \
+ $(FIGURE_FILES)
diff --git a/doc/spec/config.xsl b/doc/spec/config.xsl
new file mode 100644
index 0000000..7aa9def
--- /dev/null
+++ b/doc/spec/config.xsl
@@ -0,0 +1,6 @@
+<?xml version='1.0'?>
+<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+ xmlns:fo="http://www.w3.org/1999/XSL/Format"
+ version="1.0">
+ <xsl:param name="html.stylesheet" select="'docbook.css'"/>
+</xsl:stylesheet>
diff --git a/doc/spec/docbook.css b/doc/spec/docbook.css
new file mode 100644
index 0000000..9a0e72a
--- /dev/null
+++ b/doc/spec/docbook.css
@@ -0,0 +1,18 @@
+body {
+ font-family: luxi sans,sans-serif;
+}
+
+table {
+ border: solid 1pt;
+ border-collapse: collapse;
+}
+
+th {
+ background: #eeeeee;
+ padding: 5px;
+}
+
+td {
+ border: solid 1pt;
+ padding: 5px;
+}
diff --git a/doc/spec/polkit-arch.dia b/doc/spec/polkit-arch.dia
deleted file mode 100644
index d7e4417..0000000
Binary files a/doc/spec/polkit-arch.dia and /dev/null differ
diff --git a/doc/spec/polkit-arch.png b/doc/spec/polkit-arch.png
deleted file mode 100644
index 786221b..0000000
Binary files a/doc/spec/polkit-arch.png and /dev/null differ
diff --git a/doc/spec/polkit-spec-introduction.xml b/doc/spec/polkit-spec-introduction.xml
new file mode 100644
index 0000000..32a575e
--- /dev/null
+++ b/doc/spec/polkit-spec-introduction.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
+
+<chapter id="introduction">
+ <title>Introduction</title>
+
+ <sect1>
+ <title>About</title>
+
+ <para>
+ TODO; write me!
+ </para>
+
+ </sect1>
+</chapter>
diff --git a/doc/spec/polkit-spec.html b/doc/spec/polkit-spec.html
deleted file mode 100644
index 17282a6..0000000
--- a/doc/spec/polkit-spec.html
+++ /dev/null
@@ -1,384 +0,0 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>PolicyKit 0.2 Specification</title><meta name="generator" content="DocBook XSL Stylesheets V1.69.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="book" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="index"></a>PolicyKit 0.2 Specification</h1></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">David</span> <span class="surname">Zeuthen</span></h3><div class="affiliation"><div class="address"><p><br>
- <code class="email"><<a href="mailto:david at fubar.dk">david at fubar.dk</a>></code><br>
- </p></div></div></div></div></div><div><p class="releaseinfo">Version 0.2</p></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="chapter"><a href="#introduction">1. Introduction</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2689259">About</a></span></dt></dl></dd><dt><span class="chapter"><a href="#operation">2. Theory of operation</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2689283">Privileges</a></span></dt><dt><span class="sect1"><a href="#id2719970">Architecture</a></span></dt><dt><span class="sect1"><a href="#id2684484">Example</a></span></dt></dl></dd><dt><span class="chapter"><a href="#resources">3. Resources</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2684709">Resource Identifiers</a></span></dt></dl></dd><dt><span class="chapter"><a href="#privileges">4. Privileges</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2688519">Privilege Descriptors</a></span></dt><dt><span class="sect1"><a href="#id2688596">File Format</a></span></dt><dd><dl><dt><span class="sect2"><a href="#id2688622"><code class="literal">RequiredPrivileges</code>: Required Privileges</a></span></dt><dt><span class="sect2"><a href="#id2688650"><code class="literal">SufficientPrivileges</code>: Sufficient Privileges</a></span></dt><dt><span class="sect2"><a href="#id2688683"><code class="literal">Allow, Deny</code>: Criteria for Possesing a Privilege</a></span></dt><dt><span class="sect2"><a href="#can-obtain"><code class="literal">CanObtain</code>: Obtaining Privileges</a></span></dt><dt><span class="sect2"><a href="#id2684304"><code class="literal">CanGrant</code>: Granting Privileges</a></span></dt><dt><span class="sect2"><a href="#id2728947"><code class="literal">ObtainRequireRoot</code>: Authentication Requirements</a></span></dt></dl></dd><dt><span class="sect1"><a href="#privs-by-polkit">Privileges defined by PolicyKit</a></span></dt><dd><dl><dt><span class="sect2"><a href="#priv-desktop-console"><code class="literal">desktop-console</code> : Users at a local console</a></span></dt></dl></dd></dl></dd></dl></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="introduction"></a>Chapter 1. Introduction</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2689259">About</a></span></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2689259"></a>About</h2></div></div></div><p>
- PolicyKit is a system for enabling unprivileged desktop
- applications to invoke privileged methods on system-wide
- components in a controlled manner.
- </p></div></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="operation"></a>Chapter 2. Theory of operation</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2689283">Privileges</a></span></dt><dt><span class="sect1"><a href="#id2719970">Architecture</a></span></dt><dt><span class="sect1"><a href="#id2684484">Example</a></span></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2689283"></a>Privileges</h2></div></div></div><p>
- One major concept of the PolicyKit system is the notion of
- privileges; a <span class="emphasis"><em>PolicyKit privilege</em></span>
- (referred to simply as
- <span class="emphasis"><em>privilege</em></span> in the following) is something
- that a given user may or may not possess. The thinking behind
- PolicyKit is that privileged system level components offer
- functionality to unprivileged desktop applications as D-BUS
- method calls through the system message bus. In order to have
- a flexible security policy defining the set of users that are
- allowed to invoke a method, the system level component defines
- a set of
- <span class="emphasis"><em>privileges</em></span>.
- </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2719970"></a>Architecture</h2></div></div></div><p>
- The PolicyKit system is basically client/server and is
- implemented as the
- system-wide <code class="literal">org.freedesktop.PolicyKit</code> D-BUS
- service. This D-BUS service serves two purposes
- </p><div class="itemizedlist"><ul type="disc"><li><p>
- System-level components may used D-BUS methods on this
- service to determine if a given caller of their methods
- are privileged.
- </p></li><li><p>
- Desktop level applications may initiate a dialogue with
- this service to (temporarily) obtain a privilege through
- authorization.
- </p></li></ul></div><p>
- In addition, the PolicyKit system includes client side
- libraries and command-line utilities wrapping the D-BUS API of
- the <code class="literal">org.freedesktop.PolicyKit</code> service.
- </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2684484"></a>Example</h2></div></div></div><p>
- As an example, HAL exports the method <code class="literal">Mount</code>
- on the
- <code class="literal">org.freedesktop.Hal.Device.Volume</code> interface
- for each hal device object of
- capability <span class="emphasis"><em>volume</em></span>. HAL defines a number
- of privileges for mounting
- including <span class="emphasis"><em>hal-storage-fixed-mount</em></span>
- and <span class="emphasis"><em>hal-storage-removable-mount</em></span>. Depending
- on the whether the volume stems from a fixed hard disk or a
- hotpluggable/removable drive, HAL requires the calling user to
- possess either
- the <span class="emphasis"><em>hal-storage-fixed-mount</em></span>
- or <span class="emphasis"><em>hal-storage-removable-mount</em></span> privilege
- in order to carry out the <code class="literal">Mount</code> method.
- </p><p>
- Upon a user invoking the <code class="literal">Mount</code> method, HAL
- simply asks the <code class="literal">org.freedesktop.PolicyKit</code>
- D-BUS service if the calling user possess this privilege and if
- this is not the case the <code class="literal">Mount</code> method
- throws
- the <code class="literal">org.freedesktop.Hal.Device.PermissionDeniedByPolicy</code>
- exception. Notably, this exception will tell the caller what
- privilege the calling user needs to possess,
- e.g. either <span class="emphasis"><em>hal-storage-fixed-mount</em></span>
- or <span class="emphasis"><em>hal-storage-removable-mount</em></span>.
- </p><p>
- Should the <code class="literal">Mount</code> method fail with the
- exception <code class="literal">PermissionDeniedByPolicy</code> the
- caller now knows what privilege is required. The caller can
- now initiate a dialogue with the <code class="literal">PolicyKit</code>
- service to obtain this privilege. This conversation is
- basically equivalent to a PAM authentication; in fact the
- <code class="literal">PolicyKit</code> service uses PAM under the hood
- and wraps it in D-BUS calls. For details (like what user to
- authenticate as) see XXX. When the caller obtains the
- privilege (after successful authentication) he can now
- invoke <code class="literal">Mount</code> and after this succeeds he may
- tell the <code class="literal">PolicyKit</code> service to release the
- privilege for the user as it is no longer needed. Should the
- process crash while holding a privilege,
- the <code class="literal">PolicyKit</code> service will be notifed and
- the privilege will automatically be revoked.
- </p><p>
- Hence, <code class="literal">PolicyKit</code> has the notion of
- both <span class="emphasis"><em>permament</em></span>
- and <span class="emphasis"><em>temporary</em></span> privileges. The latter may
- even be restricted such that only callers from the D-BUS
- connection (remember, D-BUS connections has unique names)
- obtaining the privilege may use the obtained
- privilege. Consequently, if a temporary privilege is
- restricted to a certain D-BUS connection, it is revoked when
- the owner of this connection disconnects from the system
- message bus.
- </p><p>
- In addition, privileges may be restricted to
- certain <span class="emphasis"><em>resources</em></span>; this is discussed in
- more detail in XXX.
- </p><p>
- <img src="polkit-arch.png">
- </p><p>
- The whole example is outlined in the diagram above.
- </p></div></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="resources"></a>Chapter 3. Resources</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2684709">Resource Identifiers</a></span></dt></dl></div><p>
- PolicyKit allows granting privileges only on
- certain <span class="emphasis"><em>resources</em></span>. For example, for HAL, it
- is possible to grant the
- privilege <span class="emphasis"><em>hal-storage-fixed-mount</em></span> to the
- user with uid 500 but only for the HAL device object
- representing e.g. the <code class="literal">/dev/hda3</code> partition.
- </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2684709"></a>Resource Identifiers</h2></div></div></div><p> Resource identifers are prefixed with a name identifying
- what service they belong to. The following resource
- identifiers are defined
- </p><div class="itemizedlist"><ul type="disc"><li><p>
- <code class="literal">hal://</code>
- HAL Unique Device Identifiers also known as HAL UID's. Example: <code class="literal">hal:///org/freedesktop/Hal/devices/volume_uuid_1a28b356_9955_44f9_b268_6ed6639978f5</code>
- </p></li></ul></div></div></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="privileges"></a>Chapter 4. Privileges</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2688519">Privilege Descriptors</a></span></dt><dt><span class="sect1"><a href="#id2688596">File Format</a></span></dt><dd><dl><dt><span class="sect2"><a href="#id2688622"><code class="literal">RequiredPrivileges</code>: Required Privileges</a></span></dt><dt><span class="sect2"><a href="#id2688650"><code class="literal">SufficientPrivileges</code>: Sufficient Privileges</a></span></dt><dt><span class="sect2"><a href="#id2688683"><code class="literal">Allow, Deny</code>: Criteria for Possesing a Privilege</a></span></dt><dt><span class="sect2"><a href="#can-obtain"><code class="literal">CanObtain</code>: Obtaining Privileges</a></span></dt><dt><span class="sect2"><a href="#id2684304"><code class="literal">CanGrant</code>: Granting Privileges</a></span></dt><dt><span class="sect2"><a href="#id2728947"><code class="literal">ObtainRequireRoot</code>: Authentication Requirements</a></span></dt></dl></dd><dt><span class="sect1"><a href="#privs-by-polkit">Privileges defined by PolicyKit</a></span></dt><dd><dl><dt><span class="sect2"><a href="#priv-desktop-console"><code class="literal">desktop-console</code> : Users at a local console</a></span></dt></dl></dd></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2688519"></a>Privilege Descriptors</h2></div></div></div><p>
- Applications, such as HAL, installs <span class="emphasis"><em>privilege
- descriptors</em></span> into
- the <code class="literal">/etc/PolicyKit/privilege.d</code> directory
- (or more correct, into
- the <code class="literal">$sysconfdir/PolicyKit/privilege.d</code>
- directory depending on where PolicyKit is built).
- </p><p>
- A policy descriptor contains the following information:
- </p><div class="itemizedlist"><ul type="disc"><li><p>
- Criteria for determining if a given user possess the privilege on a given resource.
- </p></li><li><p>
- What privileges are required to possess a given privilege.
- </p></li><li><p>
- What privileges are sufficient to possess to automatically possess a given privilege.
- </p></li><li><p>
- Information on whether the user can obtain the privilege, and if he can, whether only temporarily or permanently.
- </p></li><li><p>
- Whether a user with the privilege may permanently grant it to other users.
- </p></li></ul></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2688596"></a>File Format</h2></div></div></div><p>
- A developer of a system-wide application wanting to define a
- privilege must create a privilege descriptor. This is a a
- simple <code class="literal">.ini</code>-like config file. Here is what
- the skeleton looks like:
- </p><pre class="programlisting">
- [Policy]
- RequiredPrivileges=
- SufficientPrivileges=
- Allow=
- Deny=
- CanObtain=
- CanGrant=
- ObtainRequireRoot=
- </pre><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2688622"></a><code class="literal">RequiredPrivileges</code>: Required Privileges</h3></div></div></div><p>
- This is a list of privileges the user must possess in order
- to possess the given privilege. If the user doesn't possess
- all of these privileges he is not considered to possess the
- given privilege. The list may be empty. A privilege in this
- list is considered being possessed if the user is privileged
- for one or more resources. E.g., if <code class="literal">foo</code>
- is a required privilege then just having this privilege on
- one resource is sufficient.
- </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2688650"></a><code class="literal">SufficientPrivileges</code>: Sufficient Privileges</h3></div></div></div><p>
- This is a list of privileges that, if a user possess any of
- these, he is consider to possess the given privilege. The
- list may be empty. A privilege in this list is considered
- being possessed if the user is privileged for one or more
- resources. As with <code class="literal">RequiredPrivileges</code>,
- if <code class="literal">foo</code> is a sufficient privilege then
- just having this privilege on one resource is sufficient.
- </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2688683"></a><code class="literal">Allow, Deny</code>: Criteria for Possesing a Privilege</h3></div></div></div><p>
- Both <code class="literal">Allow</code> and <code class="literal">Deny</code>
- contains lists describing what users are allowed
- respectively denied the privilege. The elements of in each
- list are of the form
- <code class="literal">type:value[:resource]</code>. where the last
- part, resource, may be omitted. The following types are
- supported:
- </p><div class="itemizedlist"><ul type="disc"><li><p><code class="literal">uid</code>: Unix user identifer; either
- a positive integer or Unix username. Special values
- include <code class="literal">__all__</code> (for denoting all
- users) and <code class="literal">__none__</code> (for denoting no
- users).</p></li><li><p><code class="literal">gid</code>: Unix group identifier,
- either a positive integer or Unix groupname. Special
- values include <code class="literal">__all__</code> (for denoting
- all groups) and <code class="literal">__none__</code> (for denoting
- no groups).</p></li></ul></div><p>
- To determine if a given user is allowed for a given
- privilege (for a given resource), first
- the <code class="literal">SufficientPrivileges</code> list is
- consulted as described above. If the user possesses one or
- more of the listed privileges we're done; the user is
- automatically allowed for the given privilege. If this is
- not the case, the <code class="literal">RequiredPrivileges</code> list
- is consulted as described above. If the user possess all of
- the listed privileges, the <code class="literal">Allow</code> list is
- now consulted. For each element it is tested whether the
- user matches. If there are no elements for which the user is
- matches, the user is said not to possess the given privilege
- (for the given resource).
- </p><p>
- If there is a match in the <code class="literal">Allow</code> list,
- the <code class="literal">Deny</code> list is now consulted. If the
- user matches any of the elements we know he doesn't possess
- the given privilege. If no elements match we can conclude
- that the user indeed possesses the given privilege (for the
- given resource).
- </p><p>
- This logic is best described by a few examples
- </p><div class="itemizedlist"><ul type="disc"><li><p>
- <code class="literal">
- Allow="uid:davidz uid:501:hal:///deviceFoo gid:admins
- uid:502"
- </code>
- </p><p>
- <code class="literal">
- Deny="gid:dooders uid:502:hal:///deviceBar"
- </code>
- </p><p>
- User <code class="literal">davidz</code> possess this
- privilege. All members of
- the <code class="literal">dooders</code> group is denied this
- privilege. User 501 is allowed this privilege but only
- on the <code class="literal">hal:///deviceFoo</code>
- resource. All users in the <code class="literal">admin</code>
- group posseses the privilege. User 502 is allowed this
- privilege but not on
- the <code class="literal">hal:///deviceBar</code>
- resource.
- </p></li><li><p>
- <code class="literal">
- Allow="uid:__all__"
- </code>
- </p><p>
- <code class="literal">
- Deny="gid:normalstaff"
- </code>
- </p><p>
- All users expect those in
- the <code class="literal">normalstaff</code> group posseses this
- privilege.
- </p></li></ul></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="can-obtain"></a><code class="literal">CanObtain</code>: Obtaining Privileges</h3></div></div></div><p>
- This property denotes whether an user can obtain the
- privilege by authentication. This is useful when either
- either the privilege in question or one of the privileges
- listed in <code class="literal">RequiredPrivileges</code> is not
- possessed.
- </p><p>
- The property can assume the values
- <code class="literal">True</code> (the user can obtain the privilege
- permanently), <code class="literal">Temporary</code> (the user can
- only obtain the privilege temporarily) and
- <code class="literal">False</code> (the user can never obtain the
- privilege through authentication).
- </p><p>
- Whether the user needs to autenticate as himself or the
- super user is specified in
- the <code class="literal">ObtainRequireRoot</code> property. Note that
- if the user is lacking one or more of the privileges listed
- in <code class="literal">RequiredPrivileges</code> and one of these
- has <code class="literal">ObtainRequireRoot=True</code> the user will
- have to authenticate as the super user nonwithstanding that
- the privilege he attempts to obtain
- has <code class="literal">ObtainRequireRoot=False</code>. Moreover, if
- any of the lacking privileges
- in <code class="literal">RequiredPrivileges</code>
- has <code class="literal">CanObtain</code> set
- to <code class="literal">False</code>, the user will always have to
- authenticate as the super user.
- </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2684304"></a><code class="literal">CanGrant</code>: Granting Privileges</h3></div></div></div><p>
- This property (it can assume the
- values <code class="literal">True</code> and <code class="literal">False</code>)
- describes whether an user with the given privilege can
- permanently grant it to himself and/or other users,.
- </p><p>
- Typically, the construct is used in the following kind of UI
- dialogs:
- </p><pre class="programlisting">
- +----------------------------------------------------+
- | You are not privileged to access the volume |
- | 'Dave's USB key'. You need to authenticate as the |
- | system administrator |
- | |
- | Super user password: [_______________] |
- | |
- | Would you also like to automatically allow |
- | |
- | (*) This user to mount 'Dave's USB key' |
- | ( ) Any user to mount 'Dave's USB key' |
- | ( ) This user to mount a removable storage device |
- | ( ) Any user to mount a removable storage device |
- | |
- | [Cancel] [Mount] |
- +----------------------------------------------------+
- (TODO: replace with screenshot from gnome-mount)
- </pre><p>
- The property <code class="literal">CanObtain</code> needs to assume
- the value <code class="literal">True</code> if this property assumes
- the value <code class="literal">True</code>. Otherwise this property
- effectively assumes the value <code class="literal">False</code>.
- </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2728947"></a><code class="literal">ObtainRequireRoot</code>: Authentication Requirements</h3></div></div></div><p>
- If the property <code class="literal">CanObtain</code> assumes the
- value <code class="literal">True</code>
- or <code class="literal">Temporary</code> it means the user can
- authenticate to gain a
- privilege. The <code class="literal">ObtainRequireRoot</code> property
- specifies whether authentication requires the super user
- password (<code class="literal">True</code>) or the users own password
- (<code class="literal">False</code>).
- </p><p>
- See <a href="#can-obtain" title="CanObtain: Obtaining Privileges">the section called “<code class="literal">CanObtain</code>: Obtaining Privileges”</a> for discussion on how
- the <code class="literal">RequiredPrivileges</code> property affects
- the effective value of this property.
- </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="privs-by-polkit"></a>Privileges defined by PolicyKit</h2></div></div></div><p>
- This section describe privileges defined by PolicyKit and how
- they can be used by other pieces of software. Some privileges
- have special meaning and affects how PolicyKit works.
- </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="priv-desktop-console"></a><code class="literal">desktop-console</code> : Users at a local console</h3></div></div></div><pre class="programlisting">
-desktop-console.privilege:
-
-# This privilege signfies that users holding it are logged into a
-# physical console attached to the system. Thus, it is useful for
-# other privileges for manipulating local devices to simply require
-# this privilege.
-
-[Privilege]
-RequiredPrivileges=
-SufficientPrivileges=
-Allow=
-Deny=
-CanObtain=Temporary
-CanGrant=False
-ObtainRequireRoot=True
- </pre><p>
- This privilege signifies that the user holding it is logged
- in at a local console. In this context, "local console"
- means that the display / keyboard / pointing device is local
- to the system which implies the user got physical access to
- the box.
- </p><p>
- The PAM module <code class="literal">pam-polkit-console</code> shipped
- with PolicyKit is used to maintain files
- in <code class="literal">/var/run/polkit-console</code> for users
- logging in and out, and signal the PolicyKit daemon to
- reread these files and dynamically grant / revoke
- the <code class="literal">desktop-console</code> privilege. Typically,
- graphical login managers such as the GNOME Display Manager
- (gdm) will want include this in it's stack of PAM modules.
- </p><p>
- Remote users (e.g. those not at a local console) can obtain
- the <code class="literal">desktop-console</code> only by
- authenticating as the super user.
- </p><p>
- The <code class="literal">desktop-console</code> privilege can be used
- in conjunction with
- the <code class="literal">RequiredPrivileges</code> property in a
- privilege descriptor to ensure only users at a local console
- is entitled to a privilege for putting a system to sleep
- without having to autenticate. This is achieved by e.g. this
- privilege descriptor:
- </p><pre class="programlisting">
-hal-system-suspend.privilege:
-
-# This privilege specifies who is allowed to suspend the system.
-
-[Privilege]
-RequiredPrivileges=desktop-console
-SufficientPrivileges=
-Allow=uid:__all__
-Deny=
-CanObtain=True
-CanGrant=True
-ObtainRequireRoot=False
- </pre><p>
- For a remote user with the
- privilege <code class="literal">hal-system-suspend</code> it means
- that authentication as the super user is required
- as <code class="literal">desktop-console</code>
- has <code class="literal">ObtainRequireRoot=True</code> and this
- trumps the <code class="literal">ObtainRequireRoot=False</code>
- property that is in
- the <code class="literal">hal-system-suspend</code> privilege (see
- <a href="#can-obtain" title="CanObtain: Obtaining Privileges">the section called “<code class="literal">CanObtain</code>: Obtaining Privileges”</a>). Of course, if the user is
- logged in at a local console no authentication is required.
- </p><p>
- Typically, the <code class="literal">desktop-console</code> privilege
- is granted on a specific resource, namely what console the
- user is logged into. At the time of writing, this resource
- can only be consider an opaque identifier (such
- as <code class="literal">console://:0</code> which refers to X11
- display ":0") and one cannot assign meaning to it. In the
- future, it may be possible to assign meaning to it.
- </p></div></div></div></div></body></html>
diff --git a/doc/spec/polkit-spec.xml.in b/doc/spec/polkit-spec.xml.in
deleted file mode 100644
index ddc4277..0000000
--- a/doc/spec/polkit-spec.xml.in
+++ /dev/null
@@ -1,628 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<!-- CVSID: $Id$ -->
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
-
-<!-- THIS FILE IS AUTOGENERATED FROM polkit-spec.xml.in -->
-
-<book id="index">
- <bookinfo>
- <title>PolicyKit 0.2 Specification</title>
- <releaseinfo>Version 0.2</releaseinfo>
- <date>May 12th, 2006</date> <!-- Update this manually -->
- <authorgroup>
- <author>
- <firstname>David</firstname>
- <surname>Zeuthen</surname>
- <affiliation>
- <address>
- <email>david at fubar.dk</email>
- </address>
- </affiliation>
- </author>
- </authorgroup>
- </bookinfo>
-
- <chapter id="introduction">
- <title>Introduction</title>
-
- <sect1>
- <title>About</title>
-
- <para>
- PolicyKit is a system for enabling unprivileged desktop
- applications to invoke privileged methods on system-wide
- components in a controlled manner.
- </para>
-
- </sect1>
- </chapter>
-
- <chapter id="operation">
- <title>Theory of operation</title>
-
- <sect1>
- <title>Privileges</title>
-
- <para>
- One major concept of the PolicyKit system is the notion of
- privileges; a <emphasis>PolicyKit privilege</emphasis>
- (referred to simply as
- <emphasis>privilege</emphasis> in the following) is something
- that a given user may or may not possess. The thinking behind
- PolicyKit is that privileged system level components offer
- functionality to unprivileged desktop applications as D-BUS
- method calls through the system message bus. In order to have
- a flexible security policy defining the set of users that are
- allowed to invoke a method, the system level component defines
- a set of
- <emphasis>privileges</emphasis>.
- </para>
-
- </sect1>
-
- <sect1>
- <title>Architecture</title>
-
- <para>
- The PolicyKit system is basically client/server and is
- implemented as the
- system-wide <literal>org.freedesktop.PolicyKit</literal> D-BUS
- service. This D-BUS service serves two purposes
- </para>
-
-
- <itemizedlist>
- <listitem>
- <para>
- System-level components may used D-BUS methods on this
- service to determine if a given caller of their methods
- are privileged.
- </para>
- </listitem>
-
- <listitem>
- <para>
- Desktop level applications may initiate a dialogue with
- this service to (temporarily) obtain a privilege through
- authorization.
- </para>
- </listitem>
- </itemizedlist>
-
- <para>
- In addition, the PolicyKit system includes client side
- libraries and command-line utilities wrapping the D-BUS API of
- the <literal>org.freedesktop.PolicyKit</literal> service.
- </para>
-
- </sect1>
-
- <sect1>
- <title>Example</title>
-
- <para>
- As an example, HAL exports the method <literal>Mount</literal>
- on the
- <literal>org.freedesktop.Hal.Device.Volume</literal> interface
- for each hal device object of
- capability <emphasis>volume</emphasis>. HAL defines a number
- of privileges for mounting
- including <emphasis>hal-storage-fixed-mount</emphasis>
- and <emphasis>hal-storage-removable-mount</emphasis>. Depending
- on the whether the volume stems from a fixed hard disk or a
- hotpluggable/removable drive, HAL requires the calling user to
- possess either
- the <emphasis>hal-storage-fixed-mount</emphasis>
- or <emphasis>hal-storage-removable-mount</emphasis> privilege
- in order to carry out the <literal>Mount</literal> method.
- </para>
-
- <para>
- Upon a user invoking the <literal>Mount</literal> method, HAL
- simply asks the <literal>org.freedesktop.PolicyKit</literal>
- D-BUS service if the calling user possess this privilege and if
- this is not the case the <literal>Mount</literal> method
- throws
- the <literal>org.freedesktop.Hal.Device.PermissionDeniedByPolicy</literal>
- exception. Notably, this exception will tell the caller what
- privilege the calling user needs to possess,
- e.g. either <emphasis>hal-storage-fixed-mount</emphasis>
- or <emphasis>hal-storage-removable-mount</emphasis>.
- </para>
-
- <para>
- Should the <literal>Mount</literal> method fail with the
- exception <literal>PermissionDeniedByPolicy</literal> the
- caller now knows what privilege is required. The caller can
- now initiate a dialogue with the <literal>PolicyKit</literal>
- service to obtain this privilege. This conversation is
- basically equivalent to a PAM authentication; in fact the
- <literal>PolicyKit</literal> service uses PAM under the hood
- and wraps it in D-BUS calls. For details (like what user to
- authenticate as) see XXX. When the caller obtains the
- privilege (after successful authentication) he can now
- invoke <literal>Mount</literal> and after this succeeds he may
- tell the <literal>PolicyKit</literal> service to release the
- privilege for the user as it is no longer needed. Should the
- process crash while holding a privilege,
- the <literal>PolicyKit</literal> service will be notifed and
- the privilege will automatically be revoked.
- </para>
-
- <para>
- Hence, <literal>PolicyKit</literal> has the notion of
- both <emphasis>permament</emphasis>
- and <emphasis>temporary</emphasis> privileges. The latter may
- even be restricted such that only callers from the D-BUS
- connection (remember, D-BUS connections has unique names)
- obtaining the privilege may use the obtained
- privilege. Consequently, if a temporary privilege is
- restricted to a certain D-BUS connection, it is revoked when
- the owner of this connection disconnects from the system
- message bus.
- </para>
-
- <para>
- In addition, privileges may be restricted to
- certain <emphasis>resources</emphasis>; this is discussed in
- more detail in XXX.
- </para>
-
- <para>
- <inlinegraphic fileref="polkit-arch.png" format="PNG"/>
- </para>
-
- <para>
- The whole example is outlined in the diagram above.
- </para>
-
- </sect1>
- </chapter>
-
-
- <chapter id="resources">
- <title>Resources</title>
-
- <para>
- PolicyKit allows granting privileges only on
- certain <emphasis>resources</emphasis>. For example, for HAL, it
- is possible to grant the
- privilege <emphasis>hal-storage-fixed-mount</emphasis> to the
- user with uid 500 but only for the HAL device object
- representing e.g. the <literal>/dev/hda3</literal> partition.
- </para>
-
- <sect1>
- <title>Resource Identifiers</title>
- <para> Resource identifers are prefixed with a name identifying
- what service they belong to. The following resource
- identifiers are defined
- </para>
-
- <itemizedlist>
- <listitem>
- <para>
- <literal>hal://</literal>
- HAL Unique Device Identifiers also known as HAL UID's. Example: <literal>hal:///org/freedesktop/Hal/devices/volume_uuid_1a28b356_9955_44f9_b268_6ed6639978f5</literal>
- </para>
- </listitem>
- </itemizedlist>
-
- </sect1>
-
- </chapter>
-
-
-
- <chapter id="privileges">
- <title>Privileges</title>
-
- <sect1>
- <title>Privilege Descriptors</title>
- <para>
- Applications, such as HAL, installs <emphasis>privilege
- descriptors</emphasis> into
- the <literal>/etc/PolicyKit/privilege.d</literal> directory
- (or more correct, into
- the <literal>$sysconfdir/PolicyKit/privilege.d</literal>
- directory depending on where PolicyKit is built).
- </para>
-
- <para>
- A policy descriptor contains the following information:
- </para>
-
- <itemizedlist>
- <listitem>
- <para>
- Criteria for determining if a given user possess the privilege on a given resource.
- </para>
- </listitem>
-
- <listitem>
- <para>
- What privileges are required to possess a given privilege.
- </para>
- </listitem>
-
- <listitem>
- <para>
- What privileges are sufficient to possess to automatically possess a given privilege.
- </para>
- </listitem>
-
- <listitem>
- <para>
- Information on whether the user can obtain the privilege, and if he can, whether only temporarily or permanently.
- </para>
- </listitem>
-
- <listitem>
- <para>
- Whether a user with the privilege may permanently grant it to other users.
- </para>
- </listitem>
- </itemizedlist>
-
- </sect1>
-
- <sect1>
- <title>File Format</title>
- <para>
- A developer of a system-wide application wanting to define a
- privilege must create a privilege descriptor. This is a a
- simple <literal>.ini</literal>-like config file. Here is what
- the skeleton looks like:
- </para>
-
- <programlisting>
- [Policy]
- RequiredPrivileges=
- SufficientPrivileges=
- Allow=
- Deny=
- CanObtain=
- CanGrant=
- ObtainRequireRoot=
- </programlisting>
-
- <sect2>
- <title><literal>RequiredPrivileges</literal>: Required Privileges</title>
- <para>
- This is a list of privileges the user must possess in order
- to possess the given privilege. If the user doesn't possess
- all of these privileges he is not considered to possess the
- given privilege. The list may be empty. A privilege in this
- list is considered being possessed if the user is privileged
- for one or more resources. E.g., if <literal>foo</literal>
- is a required privilege then just having this privilege on
- one resource is sufficient.
- </para>
- </sect2>
-
- <sect2>
- <title><literal>SufficientPrivileges</literal>: Sufficient Privileges</title>
- <para>
- This is a list of privileges that, if a user possess any of
- these, he is consider to possess the given privilege. The
- list may be empty. A privilege in this list is considered
- being possessed if the user is privileged for one or more
- resources. As with <literal>RequiredPrivileges</literal>,
- if <literal>foo</literal> is a sufficient privilege then
- just having this privilege on one resource is sufficient.
- </para>
- </sect2>
-
- <sect2>
- <title><literal>Allow, Deny</literal>: Criteria for Possesing a Privilege</title>
- <para>
- Both <literal>Allow</literal> and <literal>Deny</literal>
- contains lists describing what users are allowed
- respectively denied the privilege. The elements of in each
- list are of the form
- <literal>type:value[:resource]</literal>. where the last
- part, resource, may be omitted. The following types are
- supported:
- </para>
- <itemizedlist>
- <listitem>
- <para><literal>uid</literal>: Unix user identifer; either
- a positive integer or Unix username. Special values
- include <literal>__all__</literal> (for denoting all
- users) and <literal>__none__</literal> (for denoting no
- users).</para>
- </listitem>
-
- <listitem>
- <para><literal>gid</literal>: Unix group identifier,
- either a positive integer or Unix groupname. Special
- values include <literal>__all__</literal> (for denoting
- all groups) and <literal>__none__</literal> (for denoting
- no groups).</para>
- </listitem>
- </itemizedlist>
- <para>
- To determine if a given user is allowed for a given
- privilege (for a given resource), first
- the <literal>SufficientPrivileges</literal> list is
- consulted as described above. If the user possesses one or
- more of the listed privileges we're done; the user is
- automatically allowed for the given privilege. If this is
- not the case, the <literal>RequiredPrivileges</literal> list
- is consulted as described above. If the user possess all of
- the listed privileges, the <literal>Allow</literal> list is
- now consulted. For each element it is tested whether the
- user matches. If there are no elements for which the user is
- matches, the user is said not to possess the given privilege
- (for the given resource).
- </para>
- <para>
- If there is a match in the <literal>Allow</literal> list,
- the <literal>Deny</literal> list is now consulted. If the
- user matches any of the elements we know he doesn't possess
- the given privilege. If no elements match we can conclude
- that the user indeed possesses the given privilege (for the
- given resource).
- </para>
- <para>
- This logic is best described by a few examples
- </para>
- <itemizedlist>
-
- <listitem>
- <para>
- <literal>
- Allow="uid:davidz uid:501:hal:///deviceFoo gid:admins
- uid:502"
- </literal>
- </para>
- <para>
- <literal>
- Deny="gid:dooders uid:502:hal:///deviceBar"
- </literal>
- </para>
- <para>
- User <literal>davidz</literal> possess this
- privilege. All members of
- the <literal>dooders</literal> group is denied this
- privilege. User 501 is allowed this privilege but only
- on the <literal>hal:///deviceFoo</literal>
- resource. All users in the <literal>admin</literal>
- group posseses the privilege. User 502 is allowed this
- privilege but not on
- the <literal>hal:///deviceBar</literal>
- resource.
- </para>
- </listitem>
-
- <listitem>
- <para>
- <literal>
- Allow="uid:__all__"
- </literal>
- </para>
- <para>
- <literal>
- Deny="gid:normalstaff"
- </literal>
- </para>
- <para>
- All users expect those in
- the <literal>normalstaff</literal> group posseses this
- privilege.
- </para>
- </listitem>
-
- </itemizedlist>
-
- </sect2>
-
-
- <sect2 id="can-obtain">
- <title><literal>CanObtain</literal>: Obtaining Privileges</title>
- <para>
- This property denotes whether an user can obtain the
- privilege by authentication. This is useful when either
- either the privilege in question or one of the privileges
- listed in <literal>RequiredPrivileges</literal> is not
- possessed.
- </para>
-
- <para>
- The property can assume the values
- <literal>True</literal> (the user can obtain the privilege
- permanently), <literal>Temporary</literal> (the user can
- only obtain the privilege temporarily) and
- <literal>False</literal> (the user can never obtain the
- privilege through authentication).
- </para>
-
- <para>
- Whether the user needs to autenticate as himself or the
- super user is specified in
- the <literal>ObtainRequireRoot</literal> property. Note that
- if the user is lacking one or more of the privileges listed
- in <literal>RequiredPrivileges</literal> and one of these
- has <literal>ObtainRequireRoot=True</literal> the user will
- have to authenticate as the super user nonwithstanding that
- the privilege he attempts to obtain
- has <literal>ObtainRequireRoot=False</literal>. Moreover, if
- any of the lacking privileges
- in <literal>RequiredPrivileges</literal>
- has <literal>CanObtain</literal> set
- to <literal>False</literal>, the user will always have to
- authenticate as the super user.
- </para>
-
- </sect2>
-
- <sect2>
- <title><literal>CanGrant</literal>: Granting Privileges</title>
- <para>
- This property (it can assume the
- values <literal>True</literal> and <literal>False</literal>)
- describes whether an user with the given privilege can
- permanently grant it to himself and/or other users,.
- </para>
- <para>
- Typically, the construct is used in the following kind of UI
- dialogs:
- </para>
-
- <programlisting>
- +----------------------------------------------------+
- | You are not privileged to access the volume |
- | 'Dave's USB key'. You need to authenticate as the |
- | system administrator |
- | |
- | Super user password: [_______________] |
- | |
- | Would you also like to automatically allow |
- | |
- | (*) This user to mount 'Dave's USB key' |
- | ( ) Any user to mount 'Dave's USB key' |
- | ( ) This user to mount a removable storage device |
- | ( ) Any user to mount a removable storage device |
- | |
- | [Cancel] [Mount] |
- +----------------------------------------------------+
- (TODO: replace with screenshot from gnome-mount)
- </programlisting>
-
- <para>
- The property <literal>CanObtain</literal> needs to assume
- the value <literal>True</literal> if this property assumes
- the value <literal>True</literal>. Otherwise this property
- effectively assumes the value <literal>False</literal>.
- </para>
- </sect2>
-
- <sect2>
- <title><literal>ObtainRequireRoot</literal>: Authentication Requirements</title>
- <para>
- If the property <literal>CanObtain</literal> assumes the
- value <literal>True</literal>
- or <literal>Temporary</literal> it means the user can
- authenticate to gain a
- privilege. The <literal>ObtainRequireRoot</literal> property
- specifies whether authentication requires the super user
- password (<literal>True</literal>) or the users own password
- (<literal>False</literal>).
- </para>
- <para>
- See <xref linkend="can-obtain"/> for discussion on how
- the <literal>RequiredPrivileges</literal> property affects
- the effective value of this property.
- </para>
- </sect2>
-
- </sect1>
-
- <sect1 id="privs-by-polkit">
- <title>Privileges defined by PolicyKit</title>
- <para>
- This section describe privileges defined by PolicyKit and how
- they can be used by other pieces of software. Some privileges
- have special meaning and affects how PolicyKit works.
- </para>
-
- <sect2 id="priv-desktop-console">
- <title><literal>desktop-console</literal> : Users at a local console</title>
-
- <programlisting>
-desktop-console.privilege:
-
-# This privilege signfies that users holding it are logged into a
-# physical console attached to the system. Thus, it is useful for
-# other privileges for manipulating local devices to simply require
-# this privilege.
-
-[Privilege]
-RequiredPrivileges=
-SufficientPrivileges=
-Allow=
-Deny=
-CanObtain=Temporary
-CanGrant=False
-ObtainRequireRoot=True
- </programlisting>
-
- <para>
- This privilege signifies that the user holding it is logged
- in at a local console. In this context, "local console"
- means that the display / keyboard / pointing device is local
- to the system which implies the user got physical access to
- the box.
- </para>
-
- <para>
- The PAM module <literal>pam-polkit-console</literal> shipped
- with PolicyKit is used to maintain files
- in <literal>/var/run/polkit-console</literal> for users
- logging in and out, and signal the PolicyKit daemon to
- reread these files and dynamically grant / revoke
- the <literal>desktop-console</literal> privilege. Typically,
- graphical login managers such as the GNOME Display Manager
- (gdm) will want include this in it's stack of PAM modules.
- </para>
-
- <para>
- Remote users (e.g. those not at a local console) can obtain
- the <literal>desktop-console</literal> only by
- authenticating as the super user.
- </para>
-
- <para>
- The <literal>desktop-console</literal> privilege can be used
- in conjunction with
- the <literal>RequiredPrivileges</literal> property in a
- privilege descriptor to ensure only users at a local console
- is entitled to a privilege for putting a system to sleep
- without having to autenticate. This is achieved by e.g. this
- privilege descriptor:
- </para>
-
- <programlisting>
-hal-system-suspend.privilege:
-
-# This privilege specifies who is allowed to suspend the system.
-
-[Privilege]
-RequiredPrivileges=desktop-console
-SufficientPrivileges=
-Allow=uid:__all__
-Deny=
-CanObtain=True
-CanGrant=True
-ObtainRequireRoot=False
- </programlisting>
-
- <para>
- For a remote user with the
- privilege <literal>hal-system-suspend</literal> it means
- that authentication as the super user is required
- as <literal>desktop-console</literal>
- has <literal>ObtainRequireRoot=True</literal> and this
- trumps the <literal>ObtainRequireRoot=False</literal>
- property that is in
- the <literal>hal-system-suspend</literal> privilege (see
- <xref linkend="can-obtain"/>). Of course, if the user is
- logged in at a local console no authentication is required.
- </para>
-
- <para>
- Typically, the <literal>desktop-console</literal> privilege
- is granted on a specific resource, namely what console the
- user is logged into. At the time of writing, this resource
- can only be consider an opaque identifier (such
- as <literal>console://:0</literal> which refers to X11
- display ":0") and one cannot assign meaning to it. In the
- future, it may be possible to assign meaning to it.
- </para>
- </sect2>
-
- </sect1>
-
- </chapter>
-
-</book>
diff --git a/doc/spec/polkit-spec.xml.in.in b/doc/spec/polkit-spec.xml.in.in
new file mode 100644
index 0000000..ff6ec40
--- /dev/null
+++ b/doc/spec/polkit-spec.xml.in.in
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
+
+<book id="index">
+ <bookinfo>
+ <title>PolicyKit @VERSION@ Specification</title>
+ <releaseinfo>Version @VERSION@</releaseinfo>
+ <date>March 28th, 2007</date> <!-- Update this manually -->
+ <authorgroup>
+ <author>
+ <firstname>David</firstname>
+ <surname>Zeuthen</surname>
+ <affiliation>
+ <address>
+ <email>david at fubar.dk</email>
+ </address>
+ </affiliation>
+ </author>
+ </authorgroup>
+ </bookinfo>
+
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="polkit-spec-introduction.xml" />
+
+</book>
diff --git a/libpolkit.pc.in b/libpolkit.pc.in
new file mode 100644
index 0000000..1d8d60a
--- /dev/null
+++ b/libpolkit.pc.in
@@ -0,0 +1,11 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: libpolkit
+Description: library for querying system-wide policy
+Version: @VERSION@
+Requires: glib-2.0
+Libs: -L${libdir} -lpolkit
+Cflags: -I${includedir}/libpolkit
diff --git a/libpolkit/Makefile.am b/libpolkit/Makefile.am
index a533e86..68338b8 100644
--- a/libpolkit/Makefile.am
+++ b/libpolkit/Makefile.am
@@ -8,11 +8,9 @@ INCLUDES = \
-DPACKAGE_LOCALSTATEDIR=\""$(localstatedir)"\" \
-DPACKAGE_LOCALE_DIR=\""$(prefix)/$(DATADIRNAME)/locale"\" \
-D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \
- -DDBUS_API_SUBJECT_TO_CHANGE \
- @GLIB_CFLAGS@ \
- @DBUS_GLIB_CFLAGS@
+ @GLIB_CFLAGS@
-lib_LTLIBRARIES=libpolkit.la libpolkit-grant.la
+lib_LTLIBRARIES=libpolkit.la
libpolkitincludedir=$(includedir)/libpolkit
@@ -22,33 +20,10 @@ libpolkitinclude_HEADERS =
libpolkit_la_SOURCES = \
libpolkit.c libpolkit.h
-libpolkit_la_LIBADD = @DBUS_GLIB_LIBS@ @GLIB_LIBS@
+libpolkit_la_LIBADD = @GLIB_LIBS@
libpolkit_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
-
-libpolkit_grantincludedir=$(includedir)/libpolkit
-
-libpolkit_grantinclude_HEADERS = \
- libpolkit-grant.h
-
-libpolkit_grant_la_SOURCES = \
- libpolkit-grant.c libpolkit-grant.h \
- polkit-interface-manager-glue.h \
- polkit-interface-session-glue.h
-
-libpolkit_grant_la_LIBADD = @DBUS_GLIB_LIBS@ @GLIB_LIBS@
-
-libpolkit_grant_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
-
-polkit-interface-manager-glue.h: ../polkit-interface-manager.xml Makefile.am
- dbus-binding-tool --prefix=polkit_manager --mode=glib-client --output=polkit-interface-manager-glue.h ../polkit-interface-manager.xml
-
-polkit-interface-session-glue.h: ../polkit-interface-session.xml Makefile.am
- dbus-binding-tool --prefix=polkit_session --mode=glib-client --output=polkit-interface-session-glue.h ../polkit-interface-session.xml
-
-BUILT_SOURCES = polkit-interface-manager-glue.h polkit-interface-session-glue.h
-
clean-local :
rm -f *~ $(BUILT_SOURCES)
diff --git a/libpolkit/libpolkit-grant.c b/libpolkit/libpolkit-grant.c
deleted file mode 100644
index 4e9e7d1..0000000
--- a/libpolkit/libpolkit-grant.c
+++ /dev/null
@@ -1,407 +0,0 @@
-/***************************************************************************
- *
- * libpolkit-grant.c : Wraps temporary grant methods on the PolicyKit daemon
- *
- * Copyright (C) 2006 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <getopt.h>
-#include <string.h>
-#include <errno.h>
-
-#include <glib/gstdio.h>
-#include <dbus/dbus-glib.h>
-#include <dbus/dbus-glib-lowlevel.h>
-
-#include <libpolkit/libpolkit.h>
-#include "libpolkit-grant.h"
-
-#include "polkit-interface-manager-glue.h"
-#include "polkit-interface-session-glue.h"
-
-struct LibPolKitGrantContext_s
-{
- DBusGConnection *dbus_g_connection;
- char *user;
- char *privilege;
- char *resource;
- gboolean restrict_to_dbus_connection;
-
- LibPolKitGrantQuestions questions_handler;
- LibPolKitGrantComplete grant_complete_handler;
-
- char *auth_user;
- char *auth_service_name;
-
- DBusGProxy *manager;
- DBusGProxy *session;
-
- LibPolKitContext *polkit_ctx;
-
- gpointer user_data;
-};
-
-
-static void
-have_questions_handler (DBusGProxy *session, gpointer user_data)
-{
- char **questions;
- GError *error = NULL;
- LibPolKitGrantContext *ctx = (LibPolKitGrantContext *) user_data;
- gboolean should_continue;
-
- should_continue = FALSE;
-
- if (!org_freedesktop_PolicyKit_Session_get_questions (ctx->session,
- &questions,
- &error)) {
- g_warning ("GetQuestions: %s", error->message);
-
- /* we're done */
- ctx->grant_complete_handler (ctx, FALSE, error->message, ctx->user_data);
-
- g_error_free (error);
-
- } else {
- ctx->questions_handler (ctx, (const char **) questions, ctx->user_data);
- g_strfreev (questions);
- }
-}
-
-void
-libpolkit_grant_provide_answers (LibPolKitGrantContext *ctx, const char **answers)
-{
- GError *error = NULL;
-
- if (!org_freedesktop_PolicyKit_Session_provide_answers (ctx->session,
- (const char **) answers,
- &error)) {
- g_warning ("ProvideAnswers: %s", error->message);
-
- /* we're done */
- ctx->grant_complete_handler (ctx, FALSE, error->message, ctx->user_data);
-
- g_error_free (error);
- }
-}
-
-
-static void
-auth_done_handler (DBusGProxy *session, gpointer user_data)
-{
- gboolean auth_result;
- //gboolean was_revoked;
- GError *error = NULL;
- LibPolKitGrantContext *ctx = (LibPolKitGrantContext *) user_data;
-
- /*g_debug ("in %s", __FUNCTION__);*/
-
- if (!org_freedesktop_PolicyKit_Session_is_authenticated (session,
- &auth_result,
- &error)) {
- g_warning ("IsAuthenticated: %s", error->message);
-
- /* we're done */
- ctx->grant_complete_handler (ctx, FALSE, error->message, ctx->user_data);
-
- g_error_free (error);
- goto out;
- }
-
- /*g_message ("Authentication done. %s", auth_result);*/
-
- if (!auth_result) {
- char *auth_denied_reason;
-
- if (!org_freedesktop_PolicyKit_Session_get_auth_denied_reason (session,
- &auth_denied_reason,
- &error)) {
- g_warning ("GetAuthDeniedReason: %s", error->message);
- g_error_free (error);
- goto out;
- }
-
- /*g_print ("\n"
- "Authentication failed (reason: '%s').\n", auth_denied_reason);*/
-
- /* we're done */
- ctx->grant_complete_handler (ctx, FALSE, auth_denied_reason, ctx->user_data);
-
- g_free (auth_denied_reason);
-
- } else {
- /*g_print ("\n"
- "Authentication succeeded.\n");*/
-
- /* don't restrict privilege to callers unique system bus connection name */
- if (!org_freedesktop_PolicyKit_Session_grant_privilege_temporarily (session,
- ctx->restrict_to_dbus_connection,
- &error)) {
- g_warning ("GrantPrivilegeTemporarily: %s", error->message);
-
- /* we're done */
- ctx->grant_complete_handler (ctx, FALSE, error->message, ctx->user_data);
-
- g_error_free (error);
-
-
- } else {
- /* we're done */
- ctx->grant_complete_handler (ctx, TRUE, NULL, ctx->user_data);
-
- }
-
- }
-
-
- //sleep (20);
-
- //libpolkit_revoke_temporary_privilege (ctx, grant_user, grant_privilege, grant_resource, &was_revoked);
- //g_debug ("was revoked = %d", was_revoked);
- //sleep (10000);
-
-out:
- ;
-}
-
-
-/**
- * libpolkit_grant_new_context:
- * @user: User to request privilege for
- * @privilege: Privilege to ask for
- * @resource: Resource to ask for. May be NULL.
- * @restrict_to_dbus_connection: Whether the privilege should be restricted to a particular D-BUS connection on the
- * system message bus.
- * @user_data: User data to be passed to callbacks
- *
- * Create a new context for obtaining a privilege.
- *
- * Returns: The context. It is an opaque data structure. Free with libpolkit_grant_free_context.
- */
-
-LibPolKitGrantContext*
-libpolkit_grant_new_context (DBusGConnection *dbus_g_connection,
- const char *user,
- const char *privilege,
- const char *resource,
- gboolean restrict_to_dbus_connection,
- gpointer user_data)
-{
- LibPolKitGrantContext* ctx;
-
- ctx = g_new (LibPolKitGrantContext, 1);
- ctx->dbus_g_connection = dbus_g_connection;
- ctx->user = g_strdup (user);
- ctx->privilege = g_strdup (privilege);
- ctx->resource = g_strdup (resource);
- ctx->restrict_to_dbus_connection = restrict_to_dbus_connection;
- ctx->questions_handler = NULL;
- ctx->grant_complete_handler = NULL;
- ctx->user_data = user_data;
-
- ctx->auth_user = NULL;
- ctx->auth_service_name = NULL;
-
- ctx->polkit_ctx = libpolkit_new_context (dbus_g_connection_get_connection (dbus_g_connection));
-
- return ctx;
-}
-
-LibPolKitContext*
-libpolkit_grant_get_libpolkit_context (LibPolKitGrantContext *ctx)
-{
- return ctx->polkit_ctx;
-}
-
-void
-libpolkit_grant_set_questions_handler (LibPolKitGrantContext *ctx,
- LibPolKitGrantQuestions questions_handler)
-{
- ctx->questions_handler = questions_handler;
-}
-
-void
-libpolkit_grant_set_grant_complete_handler (LibPolKitGrantContext *ctx,
- LibPolKitGrantComplete grant_complete_handler)
-{
- ctx->grant_complete_handler = grant_complete_handler;
-}
-
-gboolean
-libpolkit_grant_initiate_temporary_grant (LibPolKitGrantContext *ctx)
-{
- GError *error = NULL;
- char *session_objpath;
- gboolean rc;
-
- rc = FALSE;
- if (ctx->questions_handler == NULL ||
- ctx->grant_complete_handler == NULL)
- goto out;
-
- ctx->manager = dbus_g_proxy_new_for_name (ctx->dbus_g_connection,
- "org.freedesktop.PolicyKit",
- "/org/freedesktop/PolicyKit/Manager",
- "org.freedesktop.PolicyKit.Manager");
- if (ctx->manager == NULL)
- goto out;
-
- if (!org_freedesktop_PolicyKit_Manager_initiate_temporary_privilege_grant (ctx->manager,
- ctx->user,
- ctx->privilege,
- ctx->resource,
- &session_objpath,
- &error)) {
- g_warning ("GrantPrivilege: %s", error->message);
- g_error_free (error);
- goto out;
- }
-
- /*g_debug ("session_objpath = %s", session_objpath);*/
-
- ctx->session = dbus_g_proxy_new_for_name (ctx->dbus_g_connection,
- "org.freedesktop.PolicyKit",
- session_objpath,
- "org.freedesktop.PolicyKit.Session");
- if (ctx->session == NULL)
- goto out;
-
- dbus_g_proxy_add_signal (ctx->session, "HaveQuestions", G_TYPE_INVALID);
- dbus_g_proxy_connect_signal (ctx->session, "HaveQuestions", G_CALLBACK (have_questions_handler),
- (void *) ctx, NULL);
-
- dbus_g_proxy_add_signal (ctx->session, "AuthenticationDone", G_TYPE_INVALID);
- dbus_g_proxy_connect_signal (ctx->session, "AuthenticationDone", G_CALLBACK (auth_done_handler),
- (void *) ctx, NULL);
-
- if (!org_freedesktop_PolicyKit_Session_get_auth_details (ctx->session,
- &ctx->auth_user,
- &ctx->auth_service_name,
- &error)) {
- g_warning ("GetAuthDetails: %s", error->message);
- g_error_free (error);
- goto out;
- }
-
- if (!org_freedesktop_PolicyKit_Session_initiate_auth (ctx->session,
- &error)) {
- g_warning ("InitiateAuth: %s", error->message);
- g_error_free (error);
- /* TODO: LIBPOLKIT_GRANT_RESULT_NO_SUCH_PRIVILEGE, LIBPOLKIT_GRANT_RESULT_CANNOT_AUTH_FOR_PRIVILEGE */
- goto out;
- }
-
-
- g_free (session_objpath);
-
- rc = TRUE;
-out:
-
- return rc;
-}
-
-
-const char*
-libpolkit_grant_get_user_for_auth (LibPolKitGrantContext *ctx)
-{
- return ctx->auth_user;
-}
-
-const char*
-libpolkit_grant_get_pam_service_for_auth (LibPolKitGrantContext *ctx)
-{
- return ctx->auth_service_name;
-}
-
-gboolean
-libpolkit_grant_close (LibPolKitGrantContext *ctx,
- gboolean revoke_privilege)
-{
- GError *error = NULL;
-
- /* got the privilege; now close the session.. */
- if (!org_freedesktop_PolicyKit_Session_close (ctx->session,
- &error)) {
- g_warning ("Close: %s", error->message);
- g_error_free (error);
- }
-
- if (revoke_privilege) {
- gboolean was_revoked;
-
- libpolkit_revoke_temporary_privilege (ctx->polkit_ctx,
- ctx->user,
- ctx->privilege,
- ctx->resource,
- &was_revoked);
-
- if (!was_revoked) {
- g_warning ("Couldn't revoke privilege");
- }
-
- }
-
- return TRUE;
-}
-
-void
-libpolkit_grant_free_context (LibPolKitGrantContext *ctx)
-{
- g_free (ctx->user);
- g_free (ctx->privilege);
- g_free (ctx->resource);
- g_free (ctx->auth_user);
- g_free (ctx->auth_service_name);
- libpolkit_free_context (ctx->polkit_ctx);
- g_free (ctx);
-}
-
-const char*
-libpolkit_grant_get_user (LibPolKitGrantContext *ctx)
-{
- return ctx->user;
-}
-
-const char*
-libpolkit_grant_get_privilege (LibPolKitGrantContext *ctx)
-{
- return ctx->privilege;
-}
-
-/**
- * libpolkit_grant_get_resource:
- * @ctx: Context
- *
- * Get the resource as passed in from libpolkit_grant_new_context.
- *
- * Returns: The resource. May be NULL.
- */
-const char*
-libpolkit_grant_get_resource (LibPolKitGrantContext *ctx)
-{
- return ctx->resource;
-}
-
diff --git a/libpolkit/libpolkit-grant.h b/libpolkit/libpolkit-grant.h
deleted file mode 100644
index 156aac1..0000000
--- a/libpolkit/libpolkit-grant.h
+++ /dev/null
@@ -1,125 +0,0 @@
-/***************************************************************************
- *
- * libpolkit-grant.h : Wraps temporary grant methods on the PolicyKit daemon
- *
- * Copyright (C) 2006 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#ifndef LIBPOLKIT_GRANT_H
-#define LIBPOLKIT_GRANT_H
-
-#include <stdio.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <glib.h>
-#include <dbus/dbus.h>
-#include <dbus/dbus-glib.h>
-#include <dbus/dbus-glib-lowlevel.h>
-
-#include <libpolkit/libpolkit.h>
-
-
-struct LibPolKitGrantContext_s;
-typedef struct LibPolKitGrantContext_s LibPolKitGrantContext;
-
-/**
- * LibPolKitGrantQuestions:
- * @ctx: Context
- * @questions: NULL terminated series of pairs. Each pair represent one question.
- * @user_data: User data
- *
- * Callback when information is needed from the user in order to
- * authenticate.
- *
- * The first component of the each pair in the questions array denote
- * the question type. It can assume the values "PamPromptEchoOff"
- * (meaning prompt for answer but don't echo it on the screen as the
- * user types it), "PamPromptEchoOn" (meaning prompt for answer and
- * echo the answer on the screen as the user types it), "PamErrorMsg"
- * (display the message as an error message to the user) and
- * "PamTextInfo" (textual information to the user). The second
- * component in the pair is the actual question or information
- * (e.g. "Password:") and it should be shown to the user next to the
- * text input box.
- *
- * The callee should call libpolkit_grant_provide_answers with a
- * string array once it the answers have been obtained from the user.
- *
- */
-typedef void (*LibPolKitGrantQuestions) (LibPolKitGrantContext *ctx,
- const char **questions,
- gpointer user_data);
-
-/**
- * LibPolKitGrantComplete:
- * @obtained_privilege: Whether the user sucessfully authenticated
- * and was granted the privilege.
- * @reason_not_obtained: If the user did not obtain the privilege
- * this is the reason. May be NULL.
- * @user_data: User data
- *
- * Callback when authorization was complete or there was an error.
- *
- */
-typedef void (*LibPolKitGrantComplete) (LibPolKitGrantContext *ctx,
- gboolean obtained_privilege,
- const char *reason_not_obtained,
- gpointer user_data);
-
-
-LibPolKitGrantContext* libpolkit_grant_new_context (DBusGConnection *dbus_g_connection,
- const char *user,
- const char *privilege,
- const char *resource,
- gboolean restrict_to_dbus_connection,
- gpointer user_data);
-
-const char* libpolkit_grant_get_user (LibPolKitGrantContext *ctx);
-
-const char* libpolkit_grant_get_privilege (LibPolKitGrantContext *ctx);
-
-const char* libpolkit_grant_get_resource (LibPolKitGrantContext *ctx);
-
-LibPolKitContext* libpolkit_grant_get_libpolkit_context (LibPolKitGrantContext *ctx);
-
-void libpolkit_grant_set_questions_handler (LibPolKitGrantContext *ctx,
- LibPolKitGrantQuestions questions_handler);
-
-void libpolkit_grant_set_grant_complete_handler (LibPolKitGrantContext *ctx,
- LibPolKitGrantComplete grant_complete_handler);
-
-gboolean libpolkit_grant_initiate_temporary_grant (LibPolKitGrantContext *ctx);
-
-const char* libpolkit_grant_get_user_for_auth (LibPolKitGrantContext *ctx);
-
-const char* libpolkit_grant_get_pam_service_for_auth (LibPolKitGrantContext *ctx);
-
-void libpolkit_grant_provide_answers (LibPolKitGrantContext *ctx,
- const char **answers);
-
-gboolean libpolkit_grant_close (LibPolKitGrantContext *ctx,
- gboolean revoke_privilege);
-
-void libpolkit_grant_free_context (LibPolKitGrantContext *ctx);
-
-
-#endif /* LIBPOLKIT_GRANT_H */
-
-
diff --git a/libpolkit/libpolkit.c b/libpolkit/libpolkit.c
index a00283b..a2bb93f 100644
--- a/libpolkit/libpolkit.c
+++ b/libpolkit/libpolkit.c
@@ -1,8 +1,8 @@
/***************************************************************************
*
- * libpolkit.c : Wraps a subset of methods on the PolicyKit daemon
+ * libpolkit.c : library for querying system-wide policy
*
- * Copyright (C) 2006 David Zeuthen, <david at fubar.dk>
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
*
* Licensed under the Academic Free License version 2.1
*
@@ -36,377 +36,5 @@
#include <errno.h>
#include <glib.h>
-#include <dbus/dbus-glib.h>
-
#include "libpolkit.h"
-#define LIBPOLKIT_MAGIC 0x3117beef
-
-#ifdef __SUNPRO_C
-#define __FUNCTION__ __func__
-#endif
-
-#define LIBPOLKIT_CHECK_CONTEXT(_ctx_, _ret_) \
- do { \
- if (_ctx_ == NULL) { \
- g_warning ("%s: given LibPolKitContext is NULL", \
- __FUNCTION__); \
- return _ret_; \
- } \
- if (_ctx_->magic != LIBPOLKIT_MAGIC) { \
- g_warning ("%s: given LibPolKitContext is invalid (read magic 0x%08x, should be 0x%08x)", \
- __FUNCTION__, _ctx_->magic, LIBPOLKIT_MAGIC); \
- return _ret_; \
- } \
- } while(0)
-
-
-struct LibPolKitContext_s
-{
- guint32 magic;
- DBusConnection *connection;
-};
-
-/** Get a new context.
- *
- * @return Pointer to new context or NULL if an error occured
- */
-LibPolKitContext *
-libpolkit_new_context (DBusConnection *connection)
-{
- LibPolKitContext *ctx;
-
- ctx = g_new0 (LibPolKitContext, 1);
- ctx->magic = LIBPOLKIT_MAGIC;
- ctx->connection = connection;
-
- return ctx;
-}
-
-/** Free a context
- *
- * @param ctx The context obtained from libpolkit_new_context
- * @return Pointer to new context or NULL if an error occured
- */
-gboolean
-libpolkit_free_context (LibPolKitContext *ctx)
-{
- LIBPOLKIT_CHECK_CONTEXT (ctx, FALSE);
-
- ctx->magic = 0;
- g_free (ctx);
- return TRUE;
-}
-
-LibPolKitResult
-libpolkit_get_allowed_resources_for_privilege_for_uid (LibPolKitContext *ctx,
- const char *user,
- const char *privilege,
- GList **resources,
- GList **restrictions,
- int *num_non_temporary)
-{
- LibPolKitResult res;
- DBusMessage *message = NULL;
- DBusMessage *reply = NULL;
- DBusError error;
- char **resource_list;
- int num_resources;
- char **restriction_list;
- int num_restrictions;
- int i;
-
- LIBPOLKIT_CHECK_CONTEXT (ctx, LIBPOLKIT_RESULT_INVALID_CONTEXT);
-
- res = LIBPOLKIT_RESULT_ERROR;
- *resources = NULL;
- *restrictions = NULL;
-
- message = dbus_message_new_method_call ("org.freedesktop.PolicyKit",
- "/org/freedesktop/PolicyKit/Manager",
- "org.freedesktop.PolicyKit.Manager",
- "GetAllowedResourcesForPrivilege");
- if (message == NULL) {
- g_warning ("Could not allocate D-BUS message");
- goto out;
- }
-
- if (!dbus_message_append_args (message,
- DBUS_TYPE_STRING, &user,
- DBUS_TYPE_STRING, &privilege,
- DBUS_TYPE_INVALID)) {
- g_warning ("Could not append args to D-BUS message");
- goto out;
- }
-
- dbus_error_init (&error);
- reply = dbus_connection_send_with_reply_and_block (ctx->connection, message, -1, &error);
- if (dbus_error_is_set (&error)) {
- if (strcmp (error.name, "org.freedesktop.PolicyKit.Manager.NotPrivileged") == 0) {
- res = LIBPOLKIT_RESULT_NOT_PRIVILEGED;
- } else if (strcmp (error.name, "org.freedesktop.PolicyKit.Manager.Error") == 0) {
- res = LIBPOLKIT_RESULT_ERROR;
- }
- dbus_error_free (&error);
- goto out;
- }
-
- if (!dbus_message_get_args (reply, &error,
- DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &resource_list, &num_resources,
- DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &restriction_list, &num_restrictions,
- DBUS_TYPE_INT32, num_non_temporary,
- DBUS_TYPE_INVALID)) {
- g_warning ("Could not extract args from D-BUS message: %s : %s", error.name, error.message);
- dbus_error_free (&error);
- goto out;
- }
-
- for (i = 0; i < num_resources; i++) {
- *resources = g_list_append (*resources, g_strdup (resource_list[i]));
- }
- dbus_free_string_array (resource_list);
-
- for (i = 0; i < num_restrictions; i++) {
- *restrictions = g_list_append (*restrictions, g_strdup (restriction_list[i]));
- }
- dbus_free_string_array (restriction_list);
-
- res = LIBPOLKIT_RESULT_OK;
-
-out:
- if (reply != NULL)
- dbus_message_unref (reply);
- if (message != NULL)
- dbus_message_unref (message);
- return res;
-}
-
-LibPolKitResult
-libpolkit_is_uid_allowed_for_privilege (LibPolKitContext *ctx,
- const char *system_bus_unique_name,
- const char *user,
- const char *privilege,
- const char *resource,
- gboolean *out_is_allowed,
- gboolean *out_is_temporary,
- char **out_is_privileged_but_restricted_to_system_bus_unique_name)
-{
- LibPolKitResult res;
- DBusMessage *message = NULL;
- DBusMessage *reply = NULL;
- DBusError error;
- const char *myresource = "";
- const char *mysystem_bus_unique_name = "";
- char *but_restricted_to = NULL;
-
- LIBPOLKIT_CHECK_CONTEXT (ctx, LIBPOLKIT_RESULT_INVALID_CONTEXT);
-
- res = LIBPOLKIT_RESULT_ERROR;
- *out_is_allowed = FALSE;
- *out_is_temporary = FALSE;
-
- message = dbus_message_new_method_call ("org.freedesktop.PolicyKit",
- "/org/freedesktop/PolicyKit/Manager",
- "org.freedesktop.PolicyKit.Manager",
- "IsUserPrivileged");
- if (message == NULL) {
- g_warning ("Could not allocate D-BUS message");
- goto out;
- }
-
- if (resource != NULL)
- myresource = resource;
-
- if (system_bus_unique_name != NULL)
- mysystem_bus_unique_name = system_bus_unique_name;
-
- if (!dbus_message_append_args (message,
- DBUS_TYPE_STRING, &mysystem_bus_unique_name,
- DBUS_TYPE_STRING, &user,
- DBUS_TYPE_STRING, &privilege,
- DBUS_TYPE_STRING, &myresource,
- DBUS_TYPE_INVALID)) {
- g_warning ("Could not append args to D-BUS message");
- goto out;
- }
-
- dbus_error_init (&error);
- reply = dbus_connection_send_with_reply_and_block (ctx->connection, message, -1, &error);
- if (dbus_error_is_set (&error)) {
- if (strcmp (error.name, "org.freedesktop.PolicyKit.Manager.NoSuchUser") == 0) {
- res = LIBPOLKIT_RESULT_NO_SUCH_USER;
- } else if (strcmp (error.name, "org.freedesktop.PolicyKit.Manager.NoSuchPrivilege") == 0) {
- res = LIBPOLKIT_RESULT_NO_SUCH_PRIVILEGE;
- } else if (strcmp (error.name, "org.freedesktop.PolicyKit.Manager.NotPrivileged") == 0) {
- res = LIBPOLKIT_RESULT_NOT_PRIVILEGED;
- } else if (strcmp (error.name, "org.freedesktop.PolicyKit.Manager.Error") == 0) {
- res = LIBPOLKIT_RESULT_ERROR;
- }
- dbus_error_free (&error);
- goto out;
- }
-
-
- if (!dbus_message_get_args (reply, &error,
- DBUS_TYPE_BOOLEAN, out_is_allowed,
- DBUS_TYPE_BOOLEAN, out_is_temporary,
- DBUS_TYPE_STRING, &but_restricted_to,
- DBUS_TYPE_INVALID)) {
- g_warning ("Could not extract args from D-BUS message: %s : %s", error.name, error.message);
- dbus_error_free (&error);
- goto out;
- }
-
- if (out_is_privileged_but_restricted_to_system_bus_unique_name != NULL) {
- if (but_restricted_to != NULL && strlen (but_restricted_to) > 0) {
- *out_is_privileged_but_restricted_to_system_bus_unique_name = strdup (but_restricted_to);
- } else {
- *out_is_privileged_but_restricted_to_system_bus_unique_name = NULL;
- }
- //dbus_free (but_restricted_to);
- }
-
- res = LIBPOLKIT_RESULT_OK;
-
-out:
- if (reply != NULL)
- dbus_message_unref (reply);
- if (message != NULL)
- dbus_message_unref (message);
- return res;
-}
-
-LibPolKitResult
-libpolkit_revoke_temporary_privilege (LibPolKitContext *ctx,
- const char *user,
- const char *privilege,
- const char *resource,
- gboolean *result)
-{
- LibPolKitResult res;
- DBusMessage *message = NULL;
- DBusMessage *reply = NULL;
- DBusError error;
- const char *myresource = "";
-
- LIBPOLKIT_CHECK_CONTEXT (ctx, LIBPOLKIT_RESULT_INVALID_CONTEXT);
-
- res = LIBPOLKIT_RESULT_ERROR;
- *result = FALSE;
-
- message = dbus_message_new_method_call ("org.freedesktop.PolicyKit",
- "/org/freedesktop/PolicyKit/Manager",
- "org.freedesktop.PolicyKit.Manager",
- "RevokeTemporaryPrivilege");
- if (message == NULL) {
- g_warning ("Could not allocate D-BUS message");
- goto out;
- }
-
- if (resource != NULL)
- myresource = resource;
-
- if (!dbus_message_append_args (message,
- DBUS_TYPE_STRING, &user,
- DBUS_TYPE_STRING, &privilege,
- DBUS_TYPE_STRING, &myresource,
- DBUS_TYPE_INVALID)) {
- g_warning ("Could not append args to D-BUS message");
- goto out;
- }
-
- dbus_error_init (&error);
- reply = dbus_connection_send_with_reply_and_block (ctx->connection, message, -1, &error);
- if (dbus_error_is_set (&error)) {
- if (strcmp (error.name, "org.freedesktop.PolicyKit.Manager.NoSuchUser") == 0) {
- res = LIBPOLKIT_RESULT_NO_SUCH_USER;
- } else if (strcmp (error.name, "org.freedesktop.PolicyKit.Manager.NoSuchPrivilege") == 0) {
- res = LIBPOLKIT_RESULT_NO_SUCH_PRIVILEGE;
- } else if (strcmp (error.name, "org.freedesktop.PolicyKit.Manager.NotPrivileged") == 0) {
- res = LIBPOLKIT_RESULT_NOT_PRIVILEGED;
- } else if (strcmp (error.name, "org.freedesktop.PolicyKit.Manager.Error") == 0) {
- res = LIBPOLKIT_RESULT_ERROR;
- }
- dbus_error_free (&error);
- goto out;
- }
-
-
- if (!dbus_message_get_args (reply, &error,
- DBUS_TYPE_BOOLEAN, result,
- DBUS_TYPE_INVALID)) {
- g_warning ("Could not extract args from D-BUS message: %s : %s", error.name, error.message);
- dbus_error_free (&error);
- goto out;
- }
-
- res = LIBPOLKIT_RESULT_OK;
-
-out:
- if (reply != NULL)
- dbus_message_unref (reply);
- if (message != NULL)
- dbus_message_unref (message);
- return res;
-}
-
-LibPolKitResult
-libpolkit_get_privilege_list (LibPolKitContext *ctx,
- GList **result)
-{
- LibPolKitResult res;
- DBusMessage *message = NULL;
- DBusMessage *reply = NULL;
- DBusError error;
- char **privilege_list;
- int num_privileges;
- int i;
-
- LIBPOLKIT_CHECK_CONTEXT (ctx, LIBPOLKIT_RESULT_INVALID_CONTEXT);
-
- res = LIBPOLKIT_RESULT_ERROR;
- *result = NULL;
-
- message = dbus_message_new_method_call ("org.freedesktop.PolicyKit",
- "/org/freedesktop/PolicyKit/Manager",
- "org.freedesktop.PolicyKit.Manager",
- "ListPrivileges");
- if (message == NULL) {
- g_warning ("Could not allocate D-BUS message");
- goto out;
- }
-
- dbus_error_init (&error);
- reply = dbus_connection_send_with_reply_and_block (ctx->connection, message, -1, &error);
- if (dbus_error_is_set (&error)) {
- if (strcmp (error.name, "org.freedesktop.PolicyKit.Manager.NotPrivileged") == 0) {
- res = LIBPOLKIT_RESULT_NOT_PRIVILEGED;
- } else if (strcmp (error.name, "org.freedesktop.PolicyKit.Manager.Error") == 0) {
- res = LIBPOLKIT_RESULT_ERROR;
- }
- dbus_error_free (&error);
- goto out;
- }
-
- if (!dbus_message_get_args (reply, &error,
- DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &privilege_list, &num_privileges,
- DBUS_TYPE_INVALID)) {
- g_warning ("Could not extract args from D-BUS message: %s : %s", error.name, error.message);
- dbus_error_free (&error);
- goto out;
- }
-
- for (i = 0; i < num_privileges; i++) {
- *result = g_list_append (*result, g_strdup (privilege_list[i]));
- }
- dbus_free_string_array (privilege_list);
-
- res = LIBPOLKIT_RESULT_OK;
-
-out:
- if (reply != NULL)
- dbus_message_unref (reply);
- if (message != NULL)
- dbus_message_unref (message);
- return res;
-}
diff --git a/libpolkit/libpolkit.h b/libpolkit/libpolkit.h
index 28b4319..c322489 100644
--- a/libpolkit/libpolkit.h
+++ b/libpolkit/libpolkit.h
@@ -1,8 +1,8 @@
/***************************************************************************
*
- * libpolkit.h : Wraps a subset of methods on the PolicyKit daemon
+ * libpolkit.h : library for querying system-wide policy
*
- * Copyright (C) 2006 David Zeuthen, <david at fubar.dk>
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
*
* Licensed under the Academic Free License version 2.1
*
@@ -29,48 +29,6 @@
#include <unistd.h>
#include <sys/types.h>
#include <glib.h>
-#include <dbus/dbus.h>
-
-typedef enum {
- LIBPOLKIT_RESULT_OK,
- LIBPOLKIT_RESULT_ERROR,
- LIBPOLKIT_RESULT_INVALID_CONTEXT,
- LIBPOLKIT_RESULT_NOT_PRIVILEGED,
- LIBPOLKIT_RESULT_NO_SUCH_PRIVILEGE,
- LIBPOLKIT_RESULT_NO_SUCH_USER
-} LibPolKitResult;
-
-struct LibPolKitContext_s;
-typedef struct LibPolKitContext_s LibPolKitContext;
-
-LibPolKitContext *libpolkit_new_context (DBusConnection *connection);
-
-gboolean libpolkit_free_context (LibPolKitContext *ctx);
-
-LibPolKitResult libpolkit_get_privilege_list (LibPolKitContext *ctx,
- GList **result);
-
-LibPolKitResult libpolkit_is_uid_allowed_for_privilege (LibPolKitContext *ctx,
- const char *system_bus_unique_name,
- const char *user,
- const char *privilege,
- const char *resource,
- gboolean *out_is_allowed,
- gboolean *out_is_temporary,
- char **out_is_privileged_but_restricted_to_system_bus_unique_name);
-
-LibPolKitResult libpolkit_revoke_temporary_privilege (LibPolKitContext *ctx,
- const char *user,
- const char *privilege,
- const char *resource,
- gboolean *result);
-
-LibPolKitResult libpolkit_get_allowed_resources_for_privilege_for_uid (LibPolKitContext *ctx,
- const char *user,
- const char *privilege,
- GList **resources,
- GList **restrictions,
- int *num_non_temporary);
#endif /* LIBPOLKIT_H */
diff --git a/pam-polkit-console/.gitignore b/pam-polkit-console/.gitignore
deleted file mode 100644
index 10140b2..0000000
--- a/pam-polkit-console/.gitignore
+++ /dev/null
@@ -1,7 +0,0 @@
-.deps
-.libs
-Makefile
-Makefile.in
-*.la
-*.lo
-*.o
diff --git a/pam-polkit-console/Makefile.am b/pam-polkit-console/Makefile.am
deleted file mode 100644
index c72ac29..0000000
--- a/pam-polkit-console/Makefile.am
+++ /dev/null
@@ -1,18 +0,0 @@
-
-LOCKDIR = $(localstatedir)/run/polkit-console
-LOCKDIRMODE = 0700
-
-securelibdir = $(PAM_MODULE_DIR)
-securelib_LTLIBRARIES = pam_polkit_console.la
-
-pam_polkit_console_la_LDFLAGS = -no-undefined -avoid-version -module
-pam_polkit_console_la_LIBADD = -lpam
-pam_polkit_console_la_CFLAGS = -DLOCKDIR=\"$(LOCKDIR)\"
-
-pam_polkit_console_la_SOURCES = pam-polkit-console.c
-
-clean-local :
- rm -f *~
-
-install-data-local:
- mkdir -m $(LOCKDIRMODE) -p $(DESTDIR)$(LOCKDIR)
diff --git a/pam-polkit-console/pam-polkit-console.c b/pam-polkit-console/pam-polkit-console.c
deleted file mode 100644
index d5748af..0000000
--- a/pam-polkit-console/pam-polkit-console.c
+++ /dev/null
@@ -1,262 +0,0 @@
-/***************************************************************************
- * CVSID: $Id$
- *
- * pam-polkit-console.c : Maintain files in /var/run/polkit-console to
- * maintain a list of what users are logged in at
- * what console
- *
- * Copyright (C) 2006 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#include <config.h>
-
-#include <errno.h>
-#include <pwd.h>
-#include <stdlib.h>
-#include <string.h>
-#include <syslog.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/param.h>
-#include <fcntl.h>
-#include <unistd.h>
-#include <stdio.h>
-#include <signal.h>
-#include <stdarg.h>
-
-#include <security/pam_modules.h>
-#include <security/_pam_macros.h>
-#ifdef HAVE_PAM_MODUTIL_H
-#include <security/pam_modutil.h>
-#endif
-#ifdef HAVE_PAM_EXT_H
-#include <security/pam_ext.h>
-#endif
-
-#ifndef FALSE
-#define FALSE 0
-#endif
-#ifndef TRUE
-#define TRUE (!FALSE)
-#endif
-
-static int debug = 0;
-
-static void
-_pam_log (pam_handle_t *pamh,
- int err,
- int debug_noforce,
- const char *format, ...)
-{
- va_list args;
-
- if (debug_noforce && !debug)
- return;
-
- va_start (args, format);
-#ifdef HAVE_PAM_VSYSLOG
- pam_vsyslog (pamh, err, format, args);
-#endif
- closelog ();
-}
-
-static void
-_parse_module_args (pam_handle_t *pamh,
- int argc,
- const char **argv)
-{
- int i;
-
- for (i = 0; i < argc; i++) {
- const char *arg;
-
- arg = argv[i];
- if (strcmp (arg,"debug") == 0) {
- debug = 1;
- } else {
- _pam_log(pamh, LOG_ERR, FALSE,
- "_parse_module_args: unknown option; %s", arg);
- }
- }
-}
-
-static int
-_is_local_xconsole (const char *tty)
-{
- int a, b;
-
- if (sscanf (tty, ":%d.%d", &a, &b) == 2)
- return TRUE;
- else if (sscanf (tty, ":%d", &a) == 1)
- return TRUE;
- else
- return FALSE;
-}
-
-static void
-_poke_polkitd (pam_handle_t *pamh)
-{
- char buf[80];
-
- /* This is a PAM module so we're loaded into the address space
- * of some other process (e.g. gdm) - though it's tempting to
- * use D-BUS to poke the PolicyKit daemon it may, just resort to
- * using oldskool SIGUSR1 instead.
- */
-
- FILE *f;
- f = fopen (POLKITD_PID_FILE, "r");
- if (f != NULL) {
- if (fgets (buf, sizeof (buf), f) != NULL && buf[0] != '\0' && buf[0] != '\n') {
- pid_t pid;
- char *p;
-
- pid = strtol (buf, &p, 10);
- if ((*p == '\0') || (*p == '\n'))
- {
- _pam_log (pamh, LOG_DEBUG, TRUE,
- "Sending SIGUSR1 to polkitd with pid %d to reload configuration", pid);
- kill (pid, SIGUSR1);
- }
- }
- fclose (f);
- }
-}
-
-PAM_EXTERN int
-pam_sm_authenticate (pam_handle_t *pamh,
- int flags,
- int argc,
- const char **argv)
-{
- return PAM_AUTH_ERR;
-}
-
-PAM_EXTERN int
-pam_sm_setcred (pam_handle_t *pamh,
- int flags,
- int argc,
- const char **argv)
-{
- return PAM_SUCCESS;
-}
-
-PAM_EXTERN int
-pam_sm_open_session (pam_handle_t *pamh,
- int flags,
- int argc,
- const char **argv)
-{
- const char *username = NULL;
- const char *user_prompt = NULL;
- const char *tty = NULL;
- char buf[256];
-
- _pam_log (pamh, LOG_ERR, TRUE, "pam_polkit_console open_session");
- _parse_module_args (pamh, argc, argv);
- if(pam_get_item (pamh, PAM_USER_PROMPT, (const void **)(char*) &user_prompt) != PAM_SUCCESS) {
- user_prompt = "user name: ";
- }
- username = NULL;
- pam_get_user (pamh, &username, user_prompt);
- if (username == NULL || strlen (username) == 0) {
- return PAM_SESSION_ERR;
- }
-
- pam_get_item(pamh, PAM_TTY, (const void**)(char*) &tty);
- if (tty == NULL || strlen (tty) == 0) {
- _pam_log(pamh, LOG_ERR, TRUE, "TTY not defined");
- return PAM_SESSION_ERR;
- }
-
- _pam_log (pamh, LOG_DEBUG, TRUE, "open_session for user '%s' @ TTY '%s'", username, tty);
-
- if (_is_local_xconsole (tty)) {
- if ((unsigned int) snprintf (buf, sizeof (buf), LOCKDIR "/%s_%s", tty, username) < sizeof (buf)) {
- int fd;
-
- fd = open (buf, O_RDWR|O_CREAT|O_EXCL, 0600);
- if (fd > 0) {
- _pam_log (pamh, LOG_DEBUG, TRUE, "open_session success; %s %s %s",
- username, tty, buf);
- close (fd);
- _poke_polkitd (pamh);
- }
- }
- }
-
- return PAM_SUCCESS;
-}
-
-PAM_EXTERN int
-pam_sm_close_session (pam_handle_t *pamh,
- int flags,
- int argc,
- const char **argv)
-{
- const char *username = NULL;
- const char *user_prompt = NULL;
- const char *tty = NULL;
- char buf[256];
-
- _pam_log (pamh, LOG_ERR, TRUE, "pam_polkit_console close_session");
- _parse_module_args (pamh, argc, argv);
- if (pam_get_item (pamh, PAM_USER_PROMPT, (const void **)(char*) &user_prompt) != PAM_SUCCESS) {
- user_prompt = "user name: ";
- }
- username = NULL;
- pam_get_user (pamh, &username, user_prompt);
- if (username == NULL || strlen (username) == 0) {
- return PAM_SESSION_ERR;
- }
-
- pam_get_item (pamh, PAM_TTY, (const void**)(char*) &tty);
- if (tty == NULL || strlen (tty) == 0) {
- _pam_log(pamh, LOG_ERR, TRUE, "TTY not defined");
- return PAM_SESSION_ERR;
- }
-
- _pam_log (pamh, LOG_DEBUG, TRUE, "close_session for user '%s' @ TTY '%s'", username, tty);
-
- if (_is_local_xconsole (tty)) {
- if ((unsigned int) snprintf (buf, sizeof (buf), LOCKDIR "/%s_%s", tty, username) < sizeof (buf)) {
- unlink (buf);
- _poke_polkitd (pamh);
- }
- }
-
- return PAM_SUCCESS;
-}
-
-#ifdef PAM_STATIC
-
-/* static module data */
-
-struct pam_module _pam_polkit_console_modstruct = {
- "pam_polkit_console",
- pam_sm_authenticate,
- pam_sm_setcred,
- NULL,
- pam_sm_open_session,
- pam_sm_close_session,
- NULL,
-};
-
-#endif
-
-/* end of module definition */
diff --git a/policy-kit.in b/policy-kit.in
deleted file mode 100644
index 8bf833b..0000000
--- a/policy-kit.in
+++ /dev/null
@@ -1,8 +0,0 @@
-#%PAM-1.0
-
-auth include @PAM_FILE_INCLUDE_AUTH@
-account include @PAM_FILE_INCLUDE_ACCOUNT@
-password include @PAM_FILE_INCLUDE_PASSWORD@
-session include @PAM_FILE_INCLUDE_SESSION@
-
-
diff --git a/polkit-interface-manager.xml b/polkit-interface-manager.xml
deleted file mode 100644
index c7c461e..0000000
--- a/polkit-interface-manager.xml
+++ /dev/null
@@ -1,48 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-
-<node name="/org/freedesktop/PolicyKit/Manager">
- <interface name="org.freedesktop.PolicyKit.Manager">
-
- <method name="InitiateTemporaryPrivilegeGrant">
- <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
- <arg name="user" type="s" direction="in"/>
- <arg name="privilege" type="s" direction="in"/>
- <arg name="resource" type="s" direction="in"/>
- <arg name="session_objpath" type="o" direction="out"/>
- </method>
-
- <method name="RevokeTemporaryPrivilege">
- <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
- <arg name="user" type="s" direction="in"/>
- <arg name="privilege" type="s" direction="in"/>
- <arg name="resource" type="s" direction="in"/>
- <arg name="was_revoked" type="b" direction="out"/>
- </method>
-
- <method name="IsUserPrivileged">
- <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
- <arg name="system_bus_unique_name" type="s" direction="in"/>
- <arg name="user" type="s" direction="in"/>
- <arg name="privilege" type="s" direction="in"/>
- <arg name="resource" type="s" direction="in"/>
- <arg name="is_privileged" type="b" direction="out"/>
- <arg name="is_temporary" type="b" direction="out"/>
- <arg name="is_privileged_but_restricted_to_system_bus_unique_name" type="s" direction="out"/>
- </method>
-
- <method name="GetAllowedResourcesForPrivilege">
- <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
- <arg name="user" type="s" direction="in"/>
- <arg name="privilege" type="s" direction="in"/>
- <arg name="resource_list" type="as" direction="out"/>
- <arg name="restriction_list" type="as" direction="out"/>
- <arg name="num_non_temp" type="i" direction="out"/>
- </method>
-
- <method name="ListPrivileges">
- <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
- <arg name="privilege_list" type="as" direction="out"/>
- </method>
-
- </interface>
-</node>
diff --git a/polkit-interface-session.xml b/polkit-interface-session.xml
deleted file mode 100644
index 0549bda..0000000
--- a/polkit-interface-session.xml
+++ /dev/null
@@ -1,50 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-
-<node>
- <interface name="org.freedesktop.PolicyKit.Session">
-
- <method name="InitiateAuth">
- <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
- </method>
-
- <method name="GetQuestions">
- <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
- <arg name="question_list" type="as" direction="out"/>
- </method>
-
- <method name="GetAuthDetails">
- <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
- <arg name="user" type="s" direction="out"/>
- <arg name="pam_service_name" type="s" direction="out"/>
- </method>
-
- <method name="ProvideAnswers">
- <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
- <arg name="answer_list" type="as" direction="in"/>
- </method>
-
- <method name="IsAuthenticated">
- <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
- <arg name="is_authenticated" type="b" direction="out"/>
- </method>
-
- <method name="GetAuthDeniedReason">
- <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
- <arg name="reason" type="s" direction="out"/>
- </method>
-
- <method name="Close">
- <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
- </method>
-
- <method name="GrantPrivilegeTemporarily">
- <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
- <arg name="restrict_to_callers_system_bus_unique_name" type="b" direction="in"/>
- </method>
-
- <signal name="HaveQuestions"/>
-
- <signal name="AuthenticationDone"/>
-
- </interface>
-</node>
diff --git a/polkit.pc.in b/polkit.pc.in
deleted file mode 100644
index 55885f5..0000000
--- a/polkit.pc.in
+++ /dev/null
@@ -1,11 +0,0 @@
-prefix=@prefix@
-exec_prefix=@exec_prefix@
-libdir=@libdir@
-includedir=@includedir@
-
-Name: libpolkit
-Description: library for querying and setting system-wide policy
-Version: @VERSION@
-Requires: glib-2.0
-Libs: -L${libdir} -lpolkit
-Cflags: -I${includedir}/libpolkit
diff --git a/polkitd/.gitignore b/polkitd/.gitignore
deleted file mode 100644
index 2198470..0000000
--- a/polkitd/.gitignore
+++ /dev/null
@@ -1,13 +0,0 @@
-.deps
-.libs
-Makefile
-Makefile.in
-polkitd
-PolicyKit
-PolicyKit.conf
-polkit-marshal.c
-polkit-marshal.h
-polkit-interface-manager-glue.c
-polkit-interface-manager-glue.h
-polkit-interface-session-glue.h
-*.o
diff --git a/polkitd/Makefile.am b/polkitd/Makefile.am
deleted file mode 100644
index a5423ab..0000000
--- a/polkitd/Makefile.am
+++ /dev/null
@@ -1,94 +0,0 @@
-
-INCLUDES = \
- -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
- -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
- -DPACKAGE_DATA_DIR=\""$(datadir)"\" \
- -DPACKAGE_BIN_DIR=\""$(bindir)"\" \
- -DPACKAGE_LOCALE_DIR=\""$(prefix)/$(DATADIRNAME)/locale"\" \
- -DPACKAGE_LOCALSTATEDIR=\""$(localstatedir)"\" \
- -I$(top_srcdir) \
- @GLIB_CFLAGS@ \
- @DBUS_GLIB_CFLAGS@
-
-# polkitd
-#
-
-sbin_PROGRAMS = polkitd
-
-polkitd_SOURCES = \
- polkit-marshal.c polkit-marshal.h \
- polkit-session.c polkit-session.h \
- polkit-manager.c polkit-manager.h \
- polkit-interface-manager-glue.h \
- polkit-interface-session-glue.h \
- policy.c policy.h \
- main.c
-
-polkitd_CFLAGS = -fno-strict-aliasing
-polkitd_LDADD = @GLIB_LIBS@ @DBUS_GLIB_LIBS@ @AUTH_LIBS@
-
-#### Init scripts fun
-SCRIPT_IN_FILES=PolicyKit.in
-
-## Red Hat start
-if OS_TYPE_RED_HAT
-
-initddir=$(sysconfdir)/rc.d/init.d
-
-initd_SCRIPTS= \
- PolicyKit
-
-endif
-## Red Hat end
-
-# D-BUS configuration file
-#
-
-dbusdir = $(sysconfdir)/dbus-1/system.d
-dist_dbus_DATA = PolicyKit.conf
-
-# D-BUS glue
-#
-
-polkit-interface-manager-glue.h: ../polkit-interface-manager.xml Makefile.am
- dbus-binding-tool --prefix=polkit_manager --mode=glib-server --output=polkit-interface-manager-glue.h ../polkit-interface-manager.xml
-
-polkit-interface-session-glue.h: ../polkit-interface-session.xml Makefile.am
- dbus-binding-tool --prefix=polkit_session --mode=glib-server --output=polkit-interface-session-glue.h ../polkit-interface-session.xml
-
-BUILT_SOURCES = polkit-interface-manager-glue.h polkit-interface-session-glue.h
-
-# Marshallers
-#
-
-polkit-marshal.c: Makefile polkit-marshal.list
- glib-genmarshal --prefix=polkit_marshal $(srcdir)/polkit-marshal.list --header --body > $@.tmp && mv $@.tmp $@
-
-polkit-marshal.h: Makefile polkit-marshal.list
- glib-genmarshal --prefix=polkit_marshal $(srcdir)/polkit-marshal.list --header > $@.tmp && mv $@.tmp $@
-
-BUILT_SOURCES += polkit-marshal.c polkit-marshal.h
-
-
-# Test harness
-#
-
-check_PROGRAMS = polkitd-test
-
-polkitd_test_SOURCES = \
- policy.c policy.h \
- polkitd-test.c
-
-polkitd_test_LDADD = @GLIB_LIBS@
-
-TESTS = polkitd-test
-
-
-
-EXTRA_DIST = polkit-marshal.list
-
-# Clean
-#
-
-clean-local:
- rm -f *~ $(BUILT_SOURCES) PolicyKit.conf
diff --git a/polkitd/PolicyKit.conf.in b/polkitd/PolicyKit.conf.in
deleted file mode 100644
index 61b3486..0000000
--- a/polkitd/PolicyKit.conf.in
+++ /dev/null
@@ -1,20 +0,0 @@
-<!DOCTYPE busconfig PUBLIC
- "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
- "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
-<busconfig>
-
- <!-- Only uid 0 or user @POLKIT_USER@ can own the org.freedesktop.PolicyKit service -->
- <policy user="0">
- <allow own="org.freedesktop.PolicyKit"/>
- </policy>
-
- <!-- Allow anyone to invoke methods on the org.freedesktop.PolicyKit interfaces -->
- <policy context="default">
- <allow send_interface="org.freedesktop.PolicyKit"/>
-
- <allow receive_interface="org.freedesktop.PolicyKit"
- receive_sender="org.freedesktop.PolicyKit"/>
- </policy>
-
-</busconfig>
-
diff --git a/polkitd/PolicyKit.in b/polkitd/PolicyKit.in
deleted file mode 100755
index 023fd7f..0000000
--- a/polkitd/PolicyKit.in
+++ /dev/null
@@ -1,80 +0,0 @@
-#!/bin/sh
-#
-# PolicyKit: PolicyKit daemon
-#
-# chkconfig: 345 98 02
-# description: The PolicyKit maintains a list of privileges and \
-# provides interfaces for changing it. \
-# See http://www.freedesktop.org/Software/hal
-#
-# processname: polkitd
-# pidfile: @POLKITD_PID_FILE@
-#
-
-# Sanity checks.
-[ -x @SBINDIR@/polkitd ] || exit 0
-
-# Source function library.
-. @SYSCONFDIR@/rc.d/init.d/functions
-
-# so we can rearrange this easily
-processname=polkitd
-servicename=PolicyKit
-
-RETVAL=0
-
-cleanup_state_dir()
-{
- # Clean out all files in
- rm -f @LOCALSTATEDIR@/run/polkit-console/*
- mkdir -p @LOCALSTATEDIR@/run/polkit-console
-}
-
-start() {
- echo -n $"Starting PolicyKit daemon: "
- daemon --check $servicename $processname
- RETVAL=$?
- echo
- [ $RETVAL -eq 0 ] && touch @LOCALSTATEDIR@/lock/subsys/$servicename
-}
-
-stop() {
- echo -n $"Stopping PolicyKit daemon: "
-
- killproc $processname -TERM
- RETVAL=$?
- echo
- if [ $RETVAL -eq 0 ]; then
- rm -f @LOCALSTATEDIR@/lock/subsys/$servicename
- rm -f @POLKITD_PID_FILE@
- fi
-}
-
-# See how we were called.
-case "$1" in
- start)
- cleanup_state_dir
- start
- ;;
- stop)
- stop
- ;;
- status)
- status $processname
- RETVAL=$?
- ;;
- restart)
- stop
- start
- ;;
- condrestart)
- if [ -f @LOCALSTATEDIR@/lock/subsys/$servicename ]; then
- stop
- start
- fi
- ;;
- *)
- echo $"Usage: $0 {start|stop|status|restart|condrestart}"
- ;;
-esac
-exit $RETVAL
diff --git a/polkitd/debug-polkitd.sh b/polkitd/debug-polkitd.sh
deleted file mode 100755
index f331ec8..0000000
--- a/polkitd/debug-polkitd.sh
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/sh
-
-echo ========================================
-echo Just type \'run\' to start debugging polkitd
-echo ========================================
-gdb run --args ./polkitd --no-daemon --verbose
-
-
-
diff --git a/polkitd/main.c b/polkitd/main.c
deleted file mode 100644
index 8286670..0000000
--- a/polkitd/main.c
+++ /dev/null
@@ -1,303 +0,0 @@
-/***************************************************************************
- * CVSID: $Id$
- *
- * main.c : Main for polkitd
- *
- * Copyright (C) 2006 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <getopt.h>
-#include <string.h>
-#include <errno.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <signal.h>
-
-#include <dbus/dbus-glib.h>
-
-#include "polkit-session.h"
-#include "polkit-manager.h"
-
-#include "polkit-interface-session-glue.h"
-#include "polkit-interface-manager-glue.h"
-
-/** Print out program usage.
- *
- */
-static void
-usage (int argc, char *argv[])
-{
- fprintf (stderr, "\n" "usage : polkitd [--no-daemon] [--verbose]\n");
- fprintf (stderr,
- "\n"
- " -n, --no-daemon Do not daemonize\n"
- " -v, --verbose Print out debug\n"
- " -h, --help Show this information and exit\n"
- " -V, --version Output version information and exit"
- "\n"
- "The PolicyKit daemon maintains a list of privileges and\n"
- "provides interfaces for changing it.\n"
- "\n"
- "For more information visit http://freedesktop.org/Software/hal\n"
- "\n");
-}
-
-static void
-delete_pid (void)
-{
- unlink (POLKITD_PID_FILE);
-}
-
-static int sigusr1_unix_signal_pipe_fds[2];
-static GIOChannel *sigusr1_iochn = NULL;
-static PolicyKitManager *manager = NULL;
-
-static void
-handle_sigusr1 (int value)
-{
- ssize_t written;
- static char marker[1] = {'S'};
-
- written = write (sigusr1_unix_signal_pipe_fds[1], marker, 1);
-}
-
-static gboolean
-sigusr1_iochn_data (GIOChannel *source,
- GIOCondition condition,
- gpointer user_data)
-{
- GError *err = NULL;
- gchar data[1];
- gsize bytes_read;
-
- /* Empty the pipe */
- if (G_IO_STATUS_NORMAL !=
- g_io_channel_read_chars (source, data, 1, &bytes_read, &err)) {
- g_warning ("Error emptying sigusr1 pipe: %s", err->message);
- g_error_free (err);
- goto out;
- }
-
- g_debug ("Caught SIGUSR1");
- if (manager != NULL) {
- polkit_manager_update_desktop_console_privileges (manager);
- }
-
-out:
- return TRUE;
-}
-
-
-int
-main (int argc, char *argv[])
-{
- DBusGConnection *bus;
- DBusGProxy *bus_proxy;
- GError *error = NULL;
- GMainLoop *mainloop;
- guint request_name_result;
- int ret;
- gboolean no_daemon = FALSE;
- gboolean is_verbose = FALSE;
- int pf;
- ssize_t written;
- char pid[9];
- guint sigusr1_iochn_listener_source_id;
- static const struct option long_options[] = {
- {"help", no_argument, NULL, 'h'},
- {"no-daemon", no_argument, NULL, 'n'},
- {"verbose", no_argument, NULL, 'v'},
- {"version", no_argument, NULL, 'V'},
- {NULL, 0, NULL, 0}
- };
-
-
- ret = 1;
-
- g_type_init ();
-
- while (TRUE) {
- int c;
-
- c = getopt_long (argc, argv, "nhVv", long_options, NULL);
-
- if (c == -1)
- break;
-
- switch (c) {
- case 'n':
- no_daemon = TRUE;
- break;
-
- case 'v':
- is_verbose = TRUE;
- break;
-
- case 'h':
- usage (argc, argv);
- ret = 0;
- goto out;
-
- case 'V':
- printf (PACKAGE_NAME " version " PACKAGE_VERSION "\n");
- ret = 0;
- goto out;
-
- default:
- usage (argc, argv);
- goto out;
- }
- }
-
-
- if (!no_daemon) {
- int child_pid;
- int dev_null_fd;
-
- if (chdir ("/") < 0) {
- g_warning ("Could not chdir to /: %s", strerror (errno));
- goto out;
- }
-
- child_pid = fork ();
- switch (child_pid) {
- case -1:
- g_warning ("Cannot fork(): %s", strerror (errno));
- goto out;
-
- case 0:
- /* child */
- dev_null_fd = open ("/dev/null", O_RDWR);
- /* ignore if we can't open /dev/null */
- if (dev_null_fd >= 0) {
- /* attach /dev/null to stdout, stdin, stderr */
- dup2 (dev_null_fd, 0);
- dup2 (dev_null_fd, 1);
- dup2 (dev_null_fd, 2);
- close (dev_null_fd);
- }
-
- umask (022);
- break;
-
- default:
- /* parent exits */
- exit (0);
- break;
- }
-
- /* create session */
- setsid ();
- } else {
- g_debug (("not becoming a daemon"));
- }
-
- /* remove old pid file */
- unlink (POLKITD_PID_FILE);
-
- /* make a new pid file */
- if ((pf = open (POLKITD_PID_FILE, O_WRONLY|O_CREAT|O_TRUNC|O_EXCL, 0644)) > 0) {
- snprintf (pid, sizeof(pid), "%lu\n", (long unsigned) getpid ());
- written = write (pf, pid, strlen(pid));
- close (pf);
- g_atexit (delete_pid);
- }
-
- g_type_init ();
-
- dbus_g_object_type_install_info (POLKIT_TYPE_MANAGER, &dbus_glib_polkit_manager_object_info);
- dbus_g_object_type_install_info (POLKIT_TYPE_SESSION, &dbus_glib_polkit_session_object_info);
- dbus_g_error_domain_register (POLKIT_MANAGER_ERROR, NULL, POLKIT_MANAGER_TYPE_ERROR);
- dbus_g_error_domain_register (POLKIT_SESSION_ERROR, NULL, POLKIT_SESSION_TYPE_ERROR);
-
- mainloop = g_main_loop_new (NULL, FALSE);
-
- /* Listen for SIGUSR1 - UNIX signal handlers are evil though,
- * so set up a pipe to transmit the signal.
- */
-
- /* create pipe */
- if (pipe (sigusr1_unix_signal_pipe_fds) != 0) {
- g_warning ("Could not setup pipe, errno=%d", errno);
- goto out;
- }
-
- /* setup glib handler - 0 is for reading, 1 is for writing */
- sigusr1_iochn = g_io_channel_unix_new (sigusr1_unix_signal_pipe_fds[0]);
- if (sigusr1_iochn == NULL) {
- g_warning ("Could not create GIOChannel");
- goto out;
- }
-
- /* get callback when there is data to read */
- sigusr1_iochn_listener_source_id = g_io_add_watch (
- sigusr1_iochn, G_IO_IN, sigusr1_iochn_data, NULL);
-
- /* setup UNIX signal handler for SIGUSR1 */
- signal (SIGUSR1, handle_sigusr1);
-
- bus = dbus_g_bus_get (DBUS_BUS_SYSTEM, &error);
- if (bus == NULL) {
- g_warning ("Couldn't connect to system bus: %s", error->message);
- g_error_free (error);
- goto out;
- }
-
- bus_proxy = dbus_g_proxy_new_for_name (bus, "org.freedesktop.DBus",
- "/org/freedesktop/DBus",
- "org.freedesktop.DBus");
- if (!dbus_g_proxy_call (bus_proxy, "RequestName", &error,
- G_TYPE_STRING, "org.freedesktop.PolicyKit",
- G_TYPE_UINT, 0,
- G_TYPE_INVALID,
- G_TYPE_UINT, &request_name_result,
- G_TYPE_INVALID)) {
- g_warning ("Failed to acquire org.freedesktop.PolicyKit: %s", error->message);
- g_error_free (error);
- goto out;
- }
-
- if (request_name_result != DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER) {
- g_warning ("There is already a primary owner of the name org.freedesktop.PolicyKit");
- goto out;
- }
-
-
- manager = polkit_manager_new (bus, bus_proxy);
- if (manager == NULL) {
- g_warning ("Could not construct manager object; bailing out");
- goto out;
- }
-
- g_debug ("service running");
-
- polkit_manager_update_desktop_console_privileges (manager);
-
- g_main_loop_run (mainloop);
-
- ret = 0;
-out:
- return ret;
-}
diff --git a/polkitd/policy.c b/polkitd/policy.c
deleted file mode 100644
index 32c8f78..0000000
--- a/polkitd/policy.c
+++ /dev/null
@@ -1,1217 +0,0 @@
-/***************************************************************************
- * CVSID: $Id$
- *
- * policy.c : Wraps policy
- *
- * Copyright (C) 2006 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <glib.h>
-
-#include "policy.h"
-
-#ifdef __SUNPRO_C
-#define __FUNCTION__ __func__
-#endif
-
-static char *policy_directory = PACKAGE_SYSCONF_DIR "/PolicyKit/privilege.d";
-
-void
-policy_util_set_policy_directory (const char *directory)
-{
- policy_directory = g_strdup (directory);
-}
-
-
-typedef enum {
- POLICY_ELEMENT_TYPE_UID,
- POLICY_ELEMENT_TYPE_GID
-} PolicyElementType;
-
-
-struct PolicyElement_s
-{
- PolicyElementType type;
- union {
- uid_t uid;
- gid_t gid;
- } id;
- gboolean include_all;
- gboolean exclude_all;
- char *resource;
-};
-
-typedef struct PolicyElement_s PolicyElement;
-
-static PolicyElement *
-policy_element_new (void)
-{
- PolicyElement *elem;
-
- elem = g_new0 (PolicyElement, 1);
- return elem;
-}
-
-static void
-policy_element_free (PolicyElement *elem)
-{
- g_free (elem->resource);
- g_free (elem);
-}
-
-static void
-policy_element_free_list (GList *policy_element_list)
-{
- GList *l;
-
- for (l = policy_element_list; l != NULL; l = g_list_next (l)) {
- PolicyElement *elem = (PolicyElement *) l->data;
- policy_element_free (elem);
- }
-
- g_list_free (policy_element_list);
-}
-
-#if 0
-static void
-policy_element_dump (PolicyElement *elem, FILE* fp)
-{
- char *t;
-
- if (elem->type == POLICY_ELEMENT_TYPE_UID)
- t = "uid";
- else if (elem->type == POLICY_ELEMENT_TYPE_GID)
- t = "gid";
- else
- t = "(Unknown)";
-
- fprintf (fp, "type: %s\n", t);
- if (elem->type == POLICY_ELEMENT_TYPE_UID) {
- if (elem->include_all) {
- fprintf (fp, "uid: all\n");
- } else if (elem->exclude_all) {
- fprintf (fp, "uid: none\n");
- } else {
- fprintf (fp, "uid: %d\n", (int) elem->id.uid);
- }
- } else if (elem->type == POLICY_ELEMENT_TYPE_GID) {
- if (elem->include_all) {
- fprintf (fp, "gid: all\n");
- } else if (elem->exclude_all) {
- fprintf (fp, "gid: none\n");
- } else {
- fprintf (fp, "gid: %d\n", (int) elem->id.gid);
- }
- }
- fprintf (fp, "resource: %s\n", elem->resource != NULL ? elem->resource : "(None)");
-}
-#endif
-
-
-static PolicyResult
-txt_backend_read_policy (const char *policy,
- const char *key,
- GList **result)
-{
- int i;
- GKeyFile *keyfile;
- GError *error;
- PolicyResult rc;
- char *path;
- char *value = NULL;
- char **tokens = NULL;
- char *ttype = NULL;
- char *tvalue = NULL;
- char *tresource = NULL;
- PolicyElement *elem = NULL;
- GList *res;
- GList *l;
- char *token;
-
- error = NULL;
- rc = POLICY_RESULT_ERROR;
- res = NULL;
- *result = NULL;
-
- keyfile = g_key_file_new ();
- path = g_strdup_printf ("%s/%s.privilege", policy_directory, policy);
- /*g_message ("Loading %s", path);*/
- if (!g_key_file_load_from_file (keyfile, path, G_KEY_FILE_NONE, &error)) {
- g_warning ("Couldn't open key-file '%s': %s", path, error->message);
- g_error_free (error);
- rc = POLICY_RESULT_NO_SUCH_POLICY;
- goto out;
- }
-
- value = g_key_file_get_string (keyfile, "Privilege", key, &error);
- if (value == NULL) {
- g_warning ("Cannot get key '%s' in group 'Policy' in file '%s': %s", key, path, error->message);
- g_error_free (error);
- rc = POLICY_RESULT_ERROR;
- goto out;
- }
-
- /*g_message ("value = '%s'", value);*/
- tokens = g_strsplit (value, " ", 0);
- for (i = 0; tokens[i] != NULL; i++) {
- char **components;
- int num_components;
-
- token = tokens[i];
- /*g_message (" token = '%s'", token);*/
-
- ttype = NULL;
- tvalue = NULL;
- tresource = NULL;
-
- elem = policy_element_new ();
-
- components = g_strsplit (token, ":", 3);
- num_components = g_strv_length (components);
- if (num_components == 2) {
- ttype = g_strdup (components[0]);
- tvalue = g_strdup (components[1]);
- tresource = NULL;
- } else if (num_components == 3) {
- ttype = g_strdup (components[0]);
- tvalue = g_strdup (components[1]);
- tresource = g_strdup (components[2]);
- } else {
- g_strfreev (components);
- goto malformed_token;
- }
- g_strfreev (components);
-
- /*g_message (" type='%s' value='%s' resource='%s'", ttype, tvalue, tresource != NULL ? tresource : "None");*/
-
- if (strcmp (ttype, "uid") == 0) {
- elem->type = POLICY_ELEMENT_TYPE_UID;
- if (strcmp (tvalue, "__all__") == 0) {
- elem->include_all = TRUE;
- } else if (strcmp (tvalue, "__none__") == 0) {
- elem->exclude_all = TRUE;
- } else {
- uid_t uid;
- char *endp;
- uid = (uid_t) g_ascii_strtoull (tvalue, &endp, 0);
- if (endp[0] != '\0') {
- uid = policy_util_name_to_uid (tvalue, NULL);
- if (uid == (uid_t) -1) {
- g_warning ("User '%s' does not exist", tvalue);
- goto malformed_token;
- }
- }
- elem->id.uid = uid;
- }
- } else if (strcmp (ttype, "gid") == 0) {
- elem->type = POLICY_ELEMENT_TYPE_GID;
- if (strcmp (tvalue, "__all__") == 0) {
- elem->include_all = TRUE;
- } else if (strcmp (tvalue, "__none__") == 0) {
- elem->exclude_all = TRUE;
- } else {
- gid_t gid;
- char *endp;
- gid = (gid_t) g_ascii_strtoull (tvalue, &endp, 0);
- if (endp[0] != '\0') {
- gid = policy_util_name_to_gid (tvalue);
- if (gid == (gid_t) -1) {
- g_warning ("Group '%s' does not exist", tvalue);
- goto malformed_token;
- }
- }
- elem->id.gid = gid;
- }
- } else {
- g_warning ("Token '%s' in key '%s' in group 'Policy' in file '%s' malformed",
- token, key, path);
- goto malformed_token;
- }
-
- if (tresource != NULL) {
- elem->resource = g_strdup (tresource);
- }
-
- g_free (ttype);
- g_free (tvalue);
- g_free (tresource);
-
- res = g_list_append (res, elem);
- /*policy_element_dump (elem, stderr);*/
-
- }
-
- *result = res;
- rc = POLICY_RESULT_OK;
- goto out;
-
-malformed_token:
- g_warning ("Token '%s' in key '%s' in group 'Policy' in file '%s' malformed", token, key, path);
-
- for (l = res; l != NULL; l = g_list_next (l)) {
- policy_element_free ((PolicyElement *) l->data);
- }
- g_list_free (res);
- policy_element_free (elem);
- g_free (ttype);
- g_free (tvalue);
- g_free (tresource);
-
-out:
- g_strfreev (tokens);
- g_free (value);
-
- g_key_file_free (keyfile);
- g_free (path);
-
- return rc;
-}
-
-
-static PolicyResult
-txt_backend_read_list (const char *policy,
- const char *key,
- GList **result)
-{
- int i;
- GKeyFile *keyfile;
- GError *error;
- PolicyResult rc;
- char *path;
- char *value = NULL;
- char **tokens = NULL;
- GList *res;
- char *token;
-
- error = NULL;
- rc = POLICY_RESULT_ERROR;
- res = NULL;
- *result = NULL;
-
- keyfile = g_key_file_new ();
- path = g_strdup_printf ("%s/%s.privilege", policy_directory, policy);
- /*g_message ("Loading %s", path);*/
- if (!g_key_file_load_from_file (keyfile, path, G_KEY_FILE_NONE, &error)) {
- g_warning ("Couldn't open key-file '%s': %s", path, error->message);
- g_error_free (error);
- rc = POLICY_RESULT_NO_SUCH_POLICY;
- goto out;
- }
-
- value = g_key_file_get_string (keyfile, "Privilege", key, &error);
- if (value == NULL) {
- g_warning ("Cannot get key '%s' in group 'Policy' in file '%s': %s", key, path, error->message);
- g_error_free (error);
- rc = POLICY_RESULT_ERROR;
- goto out;
- }
-
- /*g_message ("value = '%s'", value);*/
- tokens = g_strsplit (value, " ", 0);
- for (i = 0; tokens[i] != NULL; i++) {
- token = tokens[i];
- /*g_message (" token = '%s'", token);*/
-
- res = g_list_append (res, g_strdup (token));
- }
-
- *result = res;
- rc = POLICY_RESULT_OK;
-
-out:
- g_strfreev (tokens);
- g_free (value);
-
- g_key_file_free (keyfile);
- g_free (path);
-
- return rc;
-}
-
-static PolicyResult
-txt_backend_read_word (const char *policy,
- const char *key,
- char **result)
-{
- GKeyFile *keyfile;
- GError *error;
- PolicyResult rc;
- char *path;
- char *value = NULL;
-
- error = NULL;
- rc = POLICY_RESULT_ERROR;
- *result = NULL;
-
- keyfile = g_key_file_new ();
- path = g_strdup_printf ("%s/%s.privilege", policy_directory, policy);
- /*g_message ("Loading %s", path);*/
- if (!g_key_file_load_from_file (keyfile, path, G_KEY_FILE_NONE, &error)) {
- g_warning ("Couldn't open key-file '%s': %s", path, error->message);
- g_error_free (error);
- rc = POLICY_RESULT_NO_SUCH_POLICY;
- goto out;
- }
-
- value = g_key_file_get_string (keyfile, "Privilege", key, &error);
- if (value == NULL) {
- g_warning ("Cannot get key '%s' in group 'Policy' in file '%s': %s", key, path, error->message);
- g_error_free (error);
- rc = POLICY_RESULT_ERROR;
- goto out;
- }
-
- /*g_message ("value = '%s'", value);*/
-
- *result = g_strdup (value);
-
- rc = POLICY_RESULT_OK;
-
-out:
- g_free (value);
-
- g_key_file_free (keyfile);
- g_free (path);
-
- return rc;
-}
-
-static PolicyResult
-policy_get_whitelist (const char *policy,
- GList **result)
-{
- return txt_backend_read_policy (policy, "Allow", result);
-}
-
-static PolicyResult
-policy_get_blacklist (const char *policy,
- GList **result)
-{
- return txt_backend_read_policy (policy, "Deny", result);
-}
-
-static PolicyResult
-policy_get_sufficient_privileges (const char *policy,
- GList **result)
-{
- return txt_backend_read_list (policy, "SufficientPrivileges", result);
-}
-
-static PolicyResult
-policy_get_required_privileges (const char *policy,
- GList **result)
-{
- return txt_backend_read_list (policy, "RequiredPrivileges", result);
-}
-
-/** Return all elements in the white-list for a policy
- *
- * @param result On success set to a list of dynamically allocated strings.
- * Must be freed by the caller.
- * @return Whether the operation succeeded
- */
-PolicyResult
-policy_get_policies (GList **result)
-{
- GDir *dir;
- GError *error;
- const char *f;
-
- error = NULL;
- *result = NULL;
-
- if ((dir = g_dir_open (policy_directory, 0, &error)) == NULL) {
- g_critical ("Unable to open %s: %s", policy_directory, error->message);
- g_error_free (error);
- goto error;
- }
- while ((f = g_dir_read_name (dir)) != NULL) {
- if (g_str_has_suffix (f, ".privilege")) {
- char *s;
- int pos;
-
- s = g_strdup (f);
- pos = strlen (s) - 10; /* .privilege - 10 chars */
- if (pos > 0)
- s[pos] = '\0';
-
- *result = g_list_append (*result, s);
- }
- }
-
- g_dir_close (dir);
-
- return POLICY_RESULT_OK;
-
-error:
- return POLICY_RESULT_ERROR;
-}
-
-PolicyResult
-policy_get_auth_details_for_policy (uid_t uid,
- const char *policy,
- const char *resource,
- gboolean *out_auth_can_obtain,
- gboolean *out_auth_can_obtain_is_temporary,
- gboolean *out_auth_can_grant,
- gboolean *out_auth_obtain_requires_root,
- gpointer have_temp_privilege_userdata,
- HaveTempPrivCB have_temp_privilege)
-{
- PolicyResult res;
- GList *required_privs;
- GList *l;
- char *can_obtain_word;
- char *can_grant_word;
- char *obtain_requires_root_word;
-
- required_privs = NULL;
- can_obtain_word = NULL;
- can_grant_word = NULL;
-
- *out_auth_can_obtain = FALSE;
- *out_auth_can_obtain_is_temporary = FALSE;
- *out_auth_can_grant = FALSE;
- *out_auth_obtain_requires_root = TRUE;
-
- res = POLICY_RESULT_ERROR;
-
- res = txt_backend_read_word (policy, "CanObtain", &can_obtain_word);
- if (res != POLICY_RESULT_OK)
- goto out;
-
- res = txt_backend_read_word (policy, "CanGrant", &can_grant_word);
- if (res != POLICY_RESULT_OK)
- goto out;
-
- res = txt_backend_read_word (policy, "ObtainRequireRoot", &obtain_requires_root_word);
- if (res != POLICY_RESULT_OK)
- goto out;
-
- if (strcmp (can_obtain_word, "True") == 0) {
- *out_auth_can_obtain = TRUE;
- *out_auth_can_obtain_is_temporary = FALSE;
- } else if (strcmp (can_obtain_word, "False") == 0) {
- *out_auth_can_obtain = FALSE;
- *out_auth_can_obtain_is_temporary = FALSE;
- } else if (strcmp (can_obtain_word, "Temporary") == 0) {
- *out_auth_can_obtain = TRUE;
- *out_auth_can_obtain_is_temporary = TRUE;
- } else {
- g_critical ("CanObtain has bogus value '%s' in privilege '%s'",
- can_obtain_word, policy);
- goto out;
- }
-
- if (strcmp (can_grant_word, "True") == 0) {
- *out_auth_can_grant = TRUE;
- } else if (strcmp (can_grant_word, "False") == 0) {
- *out_auth_can_grant = FALSE;
- } else {
- g_critical ("CanGrant has bogus value '%s' in privilege '%s'",
- can_grant_word, policy);
- goto out;
- }
-
- if (strcmp (obtain_requires_root_word, "True") == 0) {
- *out_auth_obtain_requires_root = TRUE;
- } else if (strcmp (obtain_requires_root_word, "False") == 0) {
- *out_auth_obtain_requires_root = FALSE;
- } else {
- g_critical ("ObtainRequireRoot has bogus value '%s' in privilege '%s'",
- obtain_requires_root_word, policy);
- goto out;
- }
-
- /* no need to check RequiredPrivileges if said privilege says we can't obtain it */
- if ((*out_auth_can_obtain) == FALSE)
- goto determined;
-
- /* if privilege already requires super user, no need to check RequiredPrivileges */
- if ((*out_auth_obtain_requires_root) == TRUE)
- goto determined;
-
- /* So now the user can obtain the privilege and doesn't
- * require root. However, per the spec, if he is lacking any
- * of the privileges listed and one or more of these have
- *
- * - has ObtainRequiresRoot set to TRUE; or
- *
- * - has CanObtain set to FALSE
- *
- * then effectively ObtainsRequireRoot becomes TRUE.
- */
-
- res = policy_get_required_privileges (policy, &required_privs);
- if (res != POLICY_RESULT_OK)
- goto out;
-
- g_message (" * obtain_requires_root = %d", *out_auth_obtain_requires_root);
-
- for (l = required_privs; l != NULL; l = g_list_next (l)) {
- gboolean has_required_privilege = FALSE;
- gboolean has_required_privilege_is_temp = FALSE;
- char *has_required_privilege_is_restricted = NULL;
- const char *required_privilege = (const char *) l->data;
- PolicyResult res2;
-
- g_message (" checking for required privilege '%s'", required_privilege);
-
- has_required_privilege = FALSE;
- res2 = policy_is_uid_allowed_for_policy (uid,
- required_privilege,
- NULL,
- &has_required_privilege,
- &has_required_privilege_is_temp,
- &has_required_privilege_is_restricted,
- have_temp_privilege_userdata,
- have_temp_privilege);
- if (res2 != POLICY_RESULT_OK)
- goto out;
-
- g_message (" has_required_privilege = %d", has_required_privilege);
-
- if (!has_required_privilege ||
- (has_required_privilege && has_required_privilege_is_restricted != NULL)) {
-
- g_free (can_obtain_word);
- g_free (can_grant_word);
- can_obtain_word = NULL;
- can_grant_word = NULL;
-
- res = txt_backend_read_word (required_privilege, "CanObtain",
- &can_obtain_word);
- if (res != POLICY_RESULT_OK)
- goto out;
-
- res = txt_backend_read_word (required_privilege, "ObtainRequireRoot",
- &obtain_requires_root_word);
- if (res != POLICY_RESULT_OK)
- goto out;
-
- if (strcmp (can_obtain_word, "False") == 0) {
- *out_auth_obtain_requires_root = TRUE;
- goto determined;
- }
-
- if (strcmp (obtain_requires_root_word, "True") == 0) {
- *out_auth_obtain_requires_root = TRUE;
- goto determined;
- }
- }
- }
-
-determined:
- g_message (" ** obtain_requires_root = %d", *out_auth_obtain_requires_root);
- res = POLICY_RESULT_OK;
-
-out:
- if (required_privs != NULL) {
- g_list_foreach (required_privs, (GFunc) g_free, NULL);
- g_list_free (required_privs);
- }
-
- g_free (can_obtain_word);
- g_free (can_grant_word);
-
- return res;
-}
-
-
-
-static void
-afp_process_elem(PolicyElement *elem, gboolean *flag, uid_t uid, guint num_gids, gid_t *gid_list)
-{
- /*policy_element_dump (elem, stderr);*/
-
- switch (elem->type) {
- case POLICY_ELEMENT_TYPE_UID:
- if (elem->include_all) {
- *flag = TRUE;
- } else if (elem->exclude_all) {
- *flag = FALSE;
- }else {
- if (elem->id.uid == uid)
- *flag = TRUE;
- }
- break;
-
- case POLICY_ELEMENT_TYPE_GID:
- if (elem->include_all) {
- *flag = TRUE;
- } else if (elem->exclude_all) {
- *flag = FALSE;
- }else {
- guint i;
- for (i = 0; i < num_gids; i++) {
- if (elem->id.gid == gid_list[i])
- *flag = TRUE;
- }
- }
- break;
- }
-}
-
-PolicyResult
-policy_get_allowed_resources_for_policy_for_uid_gid (uid_t uid,
- guint num_gids,
- gid_t *gid_list,
- const char *policy,
- GList **result)
-{
- GList *l;
- GList *whitelist;
- GList *blacklist;
- gboolean is_in_whitelist;
- gboolean is_in_blacklist;
- PolicyResult res;
-
- whitelist = NULL;
- blacklist = NULL;
- *result = NULL;
- res = POLICY_RESULT_ERROR;
-
- res = policy_get_whitelist (policy, &whitelist);
- if (res != POLICY_RESULT_OK)
- goto out;
-
- res = policy_get_blacklist (policy, &blacklist);
- if (res != POLICY_RESULT_OK)
- goto out;
-
- is_in_whitelist = FALSE;
- is_in_blacklist = FALSE;
-
- /* Algorithm: check each resource in whitelist;
- * if allowed, check against blacklist..
- * if not in blacklist, push to results
- */
-
- for (l = whitelist; l != NULL; l = g_list_next (l)) {
- PolicyElement *elem;
- gboolean in_whitelist;
- elem = (PolicyElement *) l->data;
-
- if (elem->resource != NULL) {
- /* check if we're allowed for this resource */
- afp_process_elem (elem, &in_whitelist, uid, num_gids, gid_list);
- if (in_whitelist) {
- GList *j;
- gboolean in_blacklist;
-
- /* in whitelist.. yes.. now check if this resource is in the black list*/
-
- in_blacklist = FALSE;
-
- for (j = blacklist; j != NULL; j = g_list_next (j)) {
- PolicyElement *elem2;
- elem2 = (PolicyElement *) j->data;
-
- if (elem2->resource != NULL &&
- strcmp (elem->resource, elem2->resource) == 0) {
- afp_process_elem (elem2, &in_blacklist, uid, num_gids, gid_list);
- if (in_blacklist)
- break;
- }
- }
-
- if (in_whitelist && !in_blacklist)
- *result = g_list_append (*result, g_strdup (elem->resource));
- }
- }
- }
-
-
- res = POLICY_RESULT_OK;
-
-out:
- if (whitelist != NULL)
- policy_element_free_list (whitelist);
- if (blacklist != NULL)
- policy_element_free_list (blacklist);
-
- return res;
-}
-
-static PolicyResult
-_policy_is_uid_gid_allowed_for_policy (uid_t uid,
- guint num_gids,
- gid_t *gid_list,
- const char *policy,
- const char *resource,
- gboolean *out_is_privileged,
- gboolean *out_is_temporary,
- char **out_is_privileged_but_restricted,
- gpointer have_temp_privilege_userdata,
- HaveTempPrivCB have_temp_privilege,
- int recursion_counter)
-{
- gboolean is_in_whitelist;
- gboolean is_in_blacklist;
- GList *l;
- GList *whitelist;
- GList *blacklist;
- GList *sufficient_privs;
- GList *required_privs;
- PolicyResult res;
- PolicyResult res2;
-
- whitelist = NULL;
- blacklist = NULL;
- sufficient_privs = NULL;
- required_privs = NULL;
- res = POLICY_RESULT_ERROR;
-
- *out_is_privileged = FALSE;
- *out_is_temporary = FALSE;
- *out_is_privileged_but_restricted = NULL;
-
- if (recursion_counter > 8) {
- g_critical ("Maximal (8) recursion depth detected checking privilege '%s'", policy);
- goto out;
- }
-
- res = policy_get_sufficient_privileges (policy, &sufficient_privs);
- if (res != POLICY_RESULT_OK)
- goto out;
-
- /* first check SufficientPrivileges.. if we have one of those, then return TRUE */
- for (l = sufficient_privs; l != NULL; l = g_list_next (l)) {
- gboolean has_sufficient_privilege = FALSE;
- gboolean has_sufficient_privilege_is_temp = FALSE;
- char *has_sufficient_privilege_is_restricted = NULL;
- const char *sufficient_privilege = (const char *) l->data;
-
- g_message (" checking for sufficient privilege '%s'", sufficient_privilege);
-
- has_sufficient_privilege = FALSE;
- res2 = _policy_is_uid_gid_allowed_for_policy (uid, num_gids, gid_list,
- sufficient_privilege, NULL,
- &has_sufficient_privilege,
- &has_sufficient_privilege_is_temp,
- &has_sufficient_privilege_is_restricted,
- have_temp_privilege_userdata,
- have_temp_privilege, recursion_counter + 1);
- if (res2 != POLICY_RESULT_OK)
- goto out;
-
- if (has_sufficient_privilege && has_sufficient_privilege_is_restricted == NULL) {
- g_message ("Returned TRUE because we have the sufficient privilege '%s' for privilege '%s'",
- sufficient_privilege, policy);
- res = POLICY_RESULT_OK;
- *out_is_privileged = TRUE;
- *out_is_temporary = has_sufficient_privilege_is_temp;
- *out_is_privileged_but_restricted = NULL;
- goto out;
- }
- }
-
- /* then check temporary privileges as it's OK to have a
- * privilege temporarily without having the all the
- * RequiredPrivileges.
- */
-
- if ((*out_is_privileged == FALSE) && have_temp_privilege != NULL) {
- gboolean ignore_resource;
-
- if (recursion_counter == 0)
- ignore_resource = FALSE;
- else
- ignore_resource = TRUE;
-
- /* TODO: ask for restriction */
- if (have_temp_privilege (uid, policy, resource, ignore_resource, have_temp_privilege_userdata)) {
-
- res = POLICY_RESULT_OK;
- *out_is_privileged = TRUE;
- *out_is_temporary = TRUE;
- *out_is_privileged_but_restricted = NULL;
- goto out;
- }
- }
-
-
- /* now check RequiredPrivileges.. if we have don't have all of those, then return FALSE */
-
- res = policy_get_required_privileges (policy, &required_privs);
- if (res != POLICY_RESULT_OK)
- goto out;
-
- for (l = required_privs; l != NULL; l = g_list_next (l)) {
- gboolean has_required_privilege = FALSE;
- gboolean has_required_privilege_is_temp = FALSE;
- char *has_required_privilege_is_restricted = NULL;
- const char *required_privilege = (const char *) l->data;
-
- g_message (" checking for required privilege '%s'", required_privilege);
-
- has_required_privilege = FALSE;
- res2 = _policy_is_uid_gid_allowed_for_policy (uid, num_gids, gid_list,
- required_privilege, NULL,
- &has_required_privilege,
- &has_required_privilege_is_temp,
- &has_required_privilege_is_restricted,
- have_temp_privilege_userdata,
- have_temp_privilege, recursion_counter + 1);
- if (res2 != POLICY_RESULT_OK)
- goto out;
-
- if (!has_required_privilege ||
- (has_required_privilege && has_required_privilege_is_restricted != NULL)) {
- g_message ("Returned FALSE because we don't have the required privilege '%s' for privilege '%s'",
- required_privilege, policy);
- res = POLICY_RESULT_OK;
- *out_is_privileged = FALSE;
- *out_is_temporary = TRUE;
- *out_is_privileged_but_restricted = NULL;
- goto out;
- }
- }
-
- /* Check against whitelist and blacklist */
-
- res = policy_get_whitelist (policy, &whitelist);
- if (res != POLICY_RESULT_OK)
- goto out;
-
- res = policy_get_blacklist (policy, &blacklist);
- if (res != POLICY_RESULT_OK)
- goto out;
-
- is_in_whitelist = FALSE;
- is_in_blacklist = FALSE;
-
- /* Algorithm: To succeed.. we must be in the whitelist.. and not in the blacklist */
-
- for (l = whitelist; l != NULL; l = g_list_next (l)) {
- PolicyElement *elem;
- elem = (PolicyElement *) l->data;
- if ((elem->resource == NULL) ||
- ((resource != NULL) && (strcmp (elem->resource, resource) == 0))) {
- afp_process_elem (elem, &is_in_whitelist, uid, num_gids, gid_list);
- }
- }
-
- for (l = blacklist; l != NULL; l = g_list_next (l)) {
- PolicyElement *elem;
- elem = (PolicyElement *) l->data;
- if ((elem->resource == NULL) ||
- ((resource != NULL) && (strcmp (elem->resource, resource) == 0))) {
- afp_process_elem (elem, &is_in_blacklist, uid, num_gids, gid_list);
- }
- }
-
- *out_is_privileged = is_in_whitelist && (!is_in_blacklist);
- *out_is_temporary = FALSE;
- *out_is_privileged_but_restricted = NULL;
-
- res = POLICY_RESULT_OK;
-
-out:
- if (required_privs != NULL) {
- g_list_foreach (required_privs, (GFunc) g_free, NULL);
- g_list_free (required_privs);
- }
- if (sufficient_privs != NULL) {
- g_list_foreach (sufficient_privs, (GFunc) g_free, NULL);
- g_list_free (sufficient_privs);
- }
- if (whitelist != NULL)
- policy_element_free_list (whitelist);
- if (blacklist != NULL)
- policy_element_free_list (blacklist);
-
- return res;
-}
-
-
-PolicyResult
-policy_is_uid_gid_allowed_for_policy (uid_t uid,
- guint num_gids,
- gid_t *gid_list,
- const char *policy,
- const char *resource,
- gboolean *out_is_privileged,
- gboolean *out_is_temporary,
- char **out_is_privileged_but_restricted,
- gpointer have_temp_privilege_userdata,
- HaveTempPrivCB have_temp_privilege)
-{
- return _policy_is_uid_gid_allowed_for_policy (uid, num_gids, gid_list, policy,
- resource,
- out_is_privileged,
- out_is_temporary,
- out_is_privileged_but_restricted,
- have_temp_privilege_userdata,
- have_temp_privilege, 0);
-}
-
-char *
-policy_util_uid_to_name (uid_t uid,
- gid_t *default_gid)
-{
- int rc;
- char *res;
- char *buf = NULL;
- unsigned int bufsize;
- struct passwd pwd;
- struct passwd *pwdp;
-
- res = NULL;
-
- bufsize = sysconf (_SC_GETPW_R_SIZE_MAX);
- buf = g_new0 (char, bufsize);
-
- rc = getpwuid_r (uid, &pwd, buf, bufsize, &pwdp);
- if (rc != 0 || pwdp == NULL) {
- /*g_warning ("getpwuid_r() returned %d", rc);*/
- goto out;
- }
-
- res = g_strdup (pwdp->pw_name);
- if (default_gid != NULL)
- *default_gid = pwdp->pw_gid;
-
-out:
- g_free (buf);
- return res;
-}
-
-char *
-policy_util_gid_to_name (gid_t gid)
-{
- int rc;
- char *res;
- char *buf = NULL;
- unsigned int bufsize;
- struct group gbuf;
- struct group *gbufp;
-
- res = NULL;
-
- bufsize = sysconf (_SC_GETGR_R_SIZE_MAX);
- buf = g_new0 (char, bufsize);
-
- rc = getgrgid_r (gid, &gbuf, buf, bufsize, &gbufp);
- if (rc != 0 || gbufp == NULL) {
- /*g_warning ("getgrgid_r() returned %d", rc);*/
- goto out;
- }
-
- res = g_strdup (gbufp->gr_name);
-
-out:
- g_free (buf);
- return res;
-}
-
-
-
-uid_t
-policy_util_name_to_uid (const char *username, gid_t *default_gid)
-{
- int rc;
- uid_t res;
- char *buf = NULL;
- unsigned int bufsize;
- struct passwd pwd;
- struct passwd *pwdp;
-
- res = (uid_t) -1;
-
- bufsize = sysconf (_SC_GETPW_R_SIZE_MAX);
- buf = g_new0 (char, bufsize);
-
- rc = getpwnam_r (username, &pwd, buf, bufsize, &pwdp);
- if (rc != 0 || pwdp == NULL) {
- /*g_warning ("getpwnam_r() returned %d", rc);*/
- goto out;
- }
-
- res = pwdp->pw_uid;
- if (default_gid != NULL)
- *default_gid = pwdp->pw_gid;
-
-out:
- g_free (buf);
- return res;
-}
-
-gid_t
-policy_util_name_to_gid (const char *groupname)
-{
- int rc;
- gid_t res;
- char *buf = NULL;
- unsigned int bufsize;
- struct group gbuf;
- struct group *gbufp;
-
- res = (gid_t) -1;
-
- bufsize = sysconf (_SC_GETGR_R_SIZE_MAX);
- buf = g_new0 (char, bufsize);
-
- rc = getgrnam_r (groupname, &gbuf, buf, bufsize, &gbufp);
- if (rc != 0 || gbufp == NULL) {
- /*g_warning ("getgrnam_r() returned %d", rc);*/
- goto out;
- }
-
- res = gbufp->gr_gid;
-
-out:
- g_free (buf);
- return res;
-}
-
-PolicyResult
-policy_get_allowed_resources_for_policy_for_uid (uid_t uid,
- const char *policy,
- GList **result)
-{
- int num_groups = 0;
- gid_t *groups = NULL;
- char *username;
- gid_t default_gid;
- PolicyResult r;
-
- r = POLICY_RESULT_ERROR;
-
- if ((username = policy_util_uid_to_name (uid, &default_gid)) == NULL)
- goto out;
-
- if (getgrouplist(username, default_gid, NULL, &num_groups) < 0) {
- groups = (gid_t *) g_new0 (gid_t, num_groups);
- if (getgrouplist(username, default_gid, groups, &num_groups) < 0) {
- g_warning ("getgrouplist() failed");
- goto out;
- }
- }
-
- r = policy_get_allowed_resources_for_policy_for_uid_gid (uid,
- num_groups,
- groups,
- policy,
- result);
-
-out:
- g_free (username);
- g_free (groups);
- return r;
-}
-
-PolicyResult
-policy_is_uid_allowed_for_policy (uid_t uid,
- const char *policy,
- const char *resource,
- gboolean *out_is_privileged,
- gboolean *out_is_temporary,
- char **out_is_privileged_but_restricted,
- gpointer have_temp_privilege_userdata,
- HaveTempPrivCB have_temp_privilege)
-{
- int num_groups = 0;
- gid_t *groups = NULL;
- char *username;
- gid_t default_gid;
- PolicyResult r;
-
- r = POLICY_RESULT_ERROR;
-
- if ((username = policy_util_uid_to_name (uid, &default_gid)) == NULL)
- goto out;
-
- if (getgrouplist(username, default_gid, NULL, &num_groups) < 0) {
- groups = (gid_t *) g_new0 (gid_t, num_groups);
- if (getgrouplist(username, default_gid, groups, &num_groups) < 0) {
- g_warning ("getgrouplist() failed");
- goto out;
- }
- }
-
- r = policy_is_uid_gid_allowed_for_policy (uid,
- num_groups,
- groups,
- policy,
- resource,
- out_is_privileged,
- out_is_temporary,
- out_is_privileged_but_restricted,
- have_temp_privilege_userdata,
- have_temp_privilege);
-
-out:
- g_free (username);
- g_free (groups);
- return r;
-}
-
-
-#ifndef HAVE_GETGROUPLIST
-/* Get group list for the named user.
- * Return up to ngroups in the groups array.
- * Return actual number of groups in ngroups.
- * Return -1 if more groups found than requested.
- */
-int
-getgrouplist (const char *name, int baseid, int *groups, int *ngroups)
-{
- struct group *g;
- int n = 0;
- int i;
- int ret;
-
- if (*ngroups <= 0) {
- return (-1);
- }
-
- *groups++ = baseid;
- n++;
-
- setgrent ();
- while ((g = getgrent ()) != NULL) {
- for (i = 0; g->gr_mem[i]; i++) {
- if (strcmp (name, g->gr_mem[0]) == 0) {
- *groups++ = g->gr_gid;
- if (++n > *ngroups) {
- break;
- }
- }
- }
- }
- endgrent ();
-
- ret = (n > *ngroups) ? -1 : n;
- *ngroups = n;
- return (ret);
-}
-#endif
diff --git a/polkitd/policy.h b/polkitd/policy.h
deleted file mode 100644
index 94a2fd3..0000000
--- a/polkitd/policy.h
+++ /dev/null
@@ -1,103 +0,0 @@
-/***************************************************************************
- * CVSID: $Id$
- *
- * policy.h : Wraps policy
- *
- * Copyright (C) 2006 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#ifndef POLICY_H
-#define POLICY_H
-
-#include <stdio.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <glib.h>
-
-typedef enum {
- POLICY_RESULT_OK,
- POLICY_RESULT_ERROR,
- POLICY_RESULT_NO_SUCH_POLICY
-} PolicyResult;
-
-typedef gboolean (*HaveTempPrivCB) (uid_t user,
- const char *privilege,
- const char *resource,
- gboolean ignore_resource,
- gpointer userdata);
-
-
-PolicyResult policy_get_policies (GList **result);
-
-PolicyResult policy_is_uid_allowed_for_policy (uid_t uid,
- const char *policy,
- const char *resource,
- gboolean *out_is_privileged,
- gboolean *out_is_temporary,
- char **out_is_privileged_but_restricted,
- gpointer have_temp_privilege_userdata,
- HaveTempPrivCB have_temp_privilege);
-
-
-PolicyResult policy_get_auth_details_for_policy (uid_t uid,
- const char *policy,
- const char *resource,
- gboolean *out_auth_can_obtain,
- gboolean *out_auth_can_obtain_is_temporary,
- gboolean *out_auth_can_grant,
- gboolean *out_auth_obtain_requires_root,
- gpointer have_temp_privilege_userdata,
- HaveTempPrivCB have_temp_privilege);
-
-
-PolicyResult policy_get_allowed_resources_for_policy_for_uid (uid_t uid,
- const char *policy,
- GList **result);
-
-PolicyResult policy_get_allowed_resources_for_policy_for_uid_gid (uid_t uid,
- guint num_gids,
- gid_t *gid_list,
- const char *policy,
- GList **result);
-
-PolicyResult policy_is_uid_gid_allowed_for_policy (uid_t uid,
- guint num_gids,
- gid_t *gid_list,
- const char *policy,
- const char *resource,
- gboolean *out_is_privileged,
- gboolean *out_is_temporary,
- char **out_is_privileged_but_restricted,
- gpointer have_temp_privilege_userdata,
- HaveTempPrivCB have_temp_privilege);
-
-char *policy_util_uid_to_name (uid_t uid,
- gid_t *default_gid);
-
-char *policy_util_gid_to_name (gid_t gid);
-
-uid_t policy_util_name_to_uid (const char *username,
- gid_t *default_gid);
-
-gid_t policy_util_name_to_gid (const char *groupname);
-
-void policy_util_set_policy_directory (const char *directory);
-
-#endif /* POLICY_H */
-
-
diff --git a/polkitd/polkit-manager.c b/polkitd/polkit-manager.c
deleted file mode 100644
index a7268f7..0000000
--- a/polkitd/polkit-manager.c
+++ /dev/null
@@ -1,1089 +0,0 @@
-/***************************************************************************
- * CVSID: $Id$
- *
- * polkit-manager.c : Manager object
- *
- * Copyright (C) 2006 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#include <string.h>
-#define DBUS_API_SUBJECT_TO_CHANGE
-#include <dbus/dbus.h>
-#include <dbus/dbus-glib.h>
-#include <dbus/dbus-glib-lowlevel.h>
-
-#include "polkit-marshal.h"
-#include "polkit-manager.h"
-#include "polkit-session.h"
-
-#include "policy.h"
-
-typedef struct
-{
- uid_t user;
- char *privilege;
- char *resource;
- char *system_bus_unique_name; /* whether the tmp priv is restricted to e.g. :1.43 */
-} TemporaryPrivilege;
-
-struct PolicyKitManagerPrivate
-{
- DBusGConnection *connection;
- DBusGProxy *bus_proxy;
-
- GList *temporary_privileges;
-
- GHashTable *connection_name_to_caller_info;
-
- GHashTable *connection_name_to_session_object;
-};
-
-G_DEFINE_TYPE(PolicyKitManager, polkit_manager, G_TYPE_OBJECT)
-
-static GObjectClass *parent_class = NULL;
-
-
-
-static void
-_granting_temp_priv (PolicyKitManager *manager,
- TemporaryPrivilege *p)
-{
- g_debug ("Granting temporary privilege '%s' to uid %d on resource '%s'",
- p->privilege, p->user, p->resource != NULL ? p->resource : "(none)");
- /* TODO: send out D-BUS signal */
-}
-
-static void
-_revoking_temp_priv (PolicyKitManager *manager,
- TemporaryPrivilege *p)
-{
- g_debug ("Revoking temporary privilege '%s' to uid %d on resource '%s'",
- p->privilege, p->user, p->resource != NULL ? p->resource : "(none)");
- /* TODO: send out D-BUS signal */
-}
-
-
-typedef struct {
- uid_t uid;
- pid_t pid;
-} CallerInfo;
-
-static void
-caller_info_delete (gpointer data)
-{
- CallerInfo *caller_info = (CallerInfo *) data;
- g_free (caller_info);
-}
-
-static void
-polkit_manager_init (PolicyKitManager *manager)
-{
- manager->priv = g_new0 (PolicyKitManagerPrivate, 1);
- manager->priv->connection = NULL;
- manager->priv->temporary_privileges = NULL;
-
- manager->priv->connection_name_to_caller_info = g_hash_table_new_full (g_str_hash,
- g_str_equal,
- g_free,
- caller_info_delete);
-
- manager->priv->connection_name_to_session_object = g_hash_table_new_full (g_str_hash,
- g_str_equal,
- g_free,
- NULL);
-}
-
-static void
-polkit_manager_finalize (PolicyKitManager *manager)
-{
- dbus_g_connection_unref (manager->priv->connection);
-
- g_hash_table_destroy (manager->priv->connection_name_to_caller_info);
-
- g_free (manager->priv);
-
- G_OBJECT_CLASS (parent_class)->finalize (G_OBJECT (manager));
-}
-
-static void
-polkit_manager_class_init (PolicyKitManagerClass *klass)
-{
- GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
-
- gobject_class->finalize = (GObjectFinalizeFunc) polkit_manager_finalize;
- parent_class = g_type_class_peek_parent (klass);
-}
-
-GQuark
-polkit_manager_error_quark (void)
-{
- static GQuark ret = 0;
- if (ret == 0)
- ret = g_quark_from_static_string ("PolkitManagerObjectErrorQuark");
- return ret;
-}
-
-#define ENUM_ENTRY(NAME, DESC) { NAME, "" #NAME "", DESC }
-
-GType
-polkit_manager_error_get_type (void)
-{
- static GType etype = 0;
-
- if (etype == 0) {
- static const GEnumValue values[] = {
- ENUM_ENTRY (POLKIT_MANAGER_ERROR_NO_SUCH_USER, "NoSuchUser"),
- ENUM_ENTRY (POLKIT_MANAGER_ERROR_NO_SUCH_PRIVILEGE, "NoSuchPrivilege"),
- ENUM_ENTRY (POLKIT_MANAGER_ERROR_NOT_PRIVILEGED, "NotPrivileged"),
- ENUM_ENTRY (POLKIT_MANAGER_ERROR_CANNOT_OBTAIN_PRIVILEGE, "CannotObtainPrivilege"),
- ENUM_ENTRY (POLKIT_MANAGER_ERROR_ERROR, "Error"),
- { 0, 0, 0 }
- };
-
- g_assert (POLKIT_MANAGER_NUM_ERRORS == G_N_ELEMENTS (values) - 1);
-
- etype = g_enum_register_static ("PolkitManagerError", values);
- }
-
- return etype;
-}
-
-
-static void
-bus_name_owner_changed (DBusGProxy *bus_proxy,
- const char *service_name,
- const char *old_service_name,
- const char *new_service_name,
- gpointer user_data)
-{
- PolicyKitManager *manager = POLKIT_MANAGER (user_data);
-
- /* track disconnects of clients */
-
- if (strlen (new_service_name) == 0) {
- CallerInfo *caller_info;
- PolicyKitSession *session;
- GList *i;
- TemporaryPrivilege *p;
-
- /* evict CallerInfo from cache */
- caller_info = (CallerInfo *) g_hash_table_lookup (manager->priv->connection_name_to_caller_info,
- old_service_name);
- if (caller_info != NULL) {
- g_hash_table_remove (manager->priv->connection_name_to_caller_info, old_service_name);
- }
-
- /* session object */
- session = POLKIT_SESSION (g_hash_table_lookup (manager->priv->connection_name_to_session_object,
- old_service_name));
- if (session != NULL) {
- /* possibly revoke temporary privileges granted */
- polkit_session_initiator_disconnected (session);
-
- /* end the session */
- g_object_unref (session);
-
- g_hash_table_remove (manager->priv->connection_name_to_session_object, old_service_name);
- }
-
- /* revoke any temporary privileges that is restricted to this name */
- for (i = manager->priv->temporary_privileges; i != NULL; ) {
- p = (TemporaryPrivilege *) i->data;
-
- i = g_list_next (i);
-
- if (p->system_bus_unique_name != NULL &&
- strcmp (p->system_bus_unique_name, old_service_name) == 0) {
-
- /* da, revoke this privilege */
- _revoking_temp_priv (manager, p);
-
- g_free (p->privilege);
- g_free (p->resource);
- g_free (p->system_bus_unique_name);
- g_free (p);
-
- manager->priv->temporary_privileges = g_list_remove (
- manager->priv->temporary_privileges, p);
- }
- }
-
- }
-
- /*g_message ("NameOwnerChanged: service_name='%s', old_service_name='%s' new_service_name='%s'",
- service_name, old_service_name, new_service_name);*/
-
-}
-
-
-static gboolean
-session_remover (gpointer key,
- gpointer value,
- gpointer user_data)
-{
- if (value == user_data) {
- return TRUE;
- }
- return FALSE;
-}
-
-static void
-session_finalized (gpointer data,
- GObject *where_the_object_was)
-{
- PolicyKitManager *manager = POLKIT_MANAGER (data);
-
- g_hash_table_foreach_remove (manager->priv->connection_name_to_session_object,
- session_remover,
- where_the_object_was);
-}
-
-PolicyKitManager *
-polkit_manager_new (DBusGConnection *connection, DBusGProxy *bus_proxy)
-{
- PolicyKitManager *manager;
-
- manager = g_object_new (POLKIT_TYPE_MANAGER, NULL);
- manager->priv->connection = dbus_g_connection_ref (connection);
- dbus_g_connection_register_g_object (manager->priv->connection,
- "/org/freedesktop/PolicyKit/Manager",
- G_OBJECT (manager));
-
- manager->priv->bus_proxy = bus_proxy;
-
- dbus_g_object_register_marshaller (polkit_marshal_VOID__STRING_STRING_STRING,
- G_TYPE_NONE,
- G_TYPE_STRING, G_TYPE_STRING, G_TYPE_STRING, G_TYPE_INVALID);
- dbus_g_proxy_add_signal (bus_proxy, "NameOwnerChanged", G_TYPE_STRING, G_TYPE_STRING, G_TYPE_STRING, G_TYPE_INVALID);
- dbus_g_proxy_connect_signal (bus_proxy, "NameOwnerChanged", G_CALLBACK (bus_name_owner_changed),
- manager, NULL);
-
- return manager;
-}
-
-
-static uid_t
-uid_from_username (const char *user)
-{
- uid_t uid;
-
- if (g_ascii_isdigit (user[0])) {
- char *endp;
- uid = (uid_t) g_ascii_strtoull (user, &endp, 0);
- if (endp[0] != '\0') {
- uid = (uid_t) -1;
- }
- } else {
- uid = policy_util_name_to_uid (user, NULL);
- }
-
- return uid;
-}
-
-/* remote methods */
-
-static int
-safe_strcmp (const char *s1, const char *s2)
-{
- if (s1 == NULL || s2 == NULL)
- return 0;
- else
- return strcmp (s1, s2);
-}
-
-gboolean
-polkit_manager_get_caller_info (PolicyKitManager *manager,
- const char *sender,
- uid_t *calling_uid,
- pid_t *calling_pid)
-{
- gboolean res;
- CallerInfo *caller_info;
- GError *error = NULL;
-#if 0
- GArray *calling_selinux_context;
-#endif
- res = FALSE;
-
- if (sender == NULL)
- goto out;
-
- caller_info = g_hash_table_lookup (manager->priv->connection_name_to_caller_info,
- sender);
- if (caller_info != NULL) {
-
- res = TRUE;
- *calling_uid = caller_info->uid;
- *calling_pid = caller_info->pid;
- /*g_message ("uid = %d (cached)", *calling_uid);
- g_message ("pid = %d (cached)", *calling_pid);*/
- goto out;
- }
-
- if (!dbus_g_proxy_call (manager->priv->bus_proxy, "GetConnectionUnixUser", &error,
- G_TYPE_STRING, sender,
- G_TYPE_INVALID,
- G_TYPE_UINT, calling_uid,
- G_TYPE_INVALID)) {
- g_warning ("GetConnectionUnixUser() failed: %s", error->message);
- g_error_free (error);
- goto out;
- }
-
- if (!dbus_g_proxy_call (manager->priv->bus_proxy, "GetConnectionUnixProcessID", &error,
- G_TYPE_STRING, sender,
- G_TYPE_INVALID,
- G_TYPE_UINT, calling_pid,
- G_TYPE_INVALID)) {
- g_warning ("GetConnectionUnixProcessID() failed: %s", error->message);
- g_error_free (error);
- goto out;
- }
-
-#if 0
- if (!dbus_g_proxy_call (manager->priv->bus_proxy, "GetConnectionSELinuxSecurityContext", &error,
- G_TYPE_STRING, sender,
- G_TYPE_INVALID,
- dbus_g_type_get_collection ("GArray", G_TYPE_UCHAR), &calling_selinux_context,
- G_TYPE_INVALID)) {
- g_warning ("GetConnectionSELinuxSecurityContext() failed: %s", error->message);
- g_error_free (error);
- goto out;
- }
-
- char *selinux_context_string;
- g_array_append_val (calling_selinux_context, "\0");
- selinux_context_string = (char *) g_array_free (calling_selinux_context, FALSE);
- g_message ("selinux context = '%s' for sender '%s'", selinux_context_string, sender);
- g_free (selinux_context_string);
-#endif
-
- caller_info = g_new0 (CallerInfo, 1);
- caller_info->uid = *calling_uid;
- caller_info->pid = *calling_pid;
-
- g_hash_table_insert (manager->priv->connection_name_to_caller_info,
- g_strdup (sender),
- caller_info);
-
- res = TRUE;
-
- /*g_message ("uid = %d", *calling_uid);
- g_message ("pid = %d", *calling_pid);*/
-
-out:
- return res;
-}
-
-
-typedef struct
-{
- PolicyKitManager *manager;
- char *system_bus_unique_name;
- char *privileged_but_restricted_to;
- gboolean is_temporary;
-} TempPrivCheckUserData;
-
-static gboolean
-_check_for_temp_privilege (uid_t user,
- const char *privilege,
- const char *resource,
- gboolean ignore_resource,
- gpointer userdata)
-{
- GList *i;
- TempPrivCheckUserData *tpcud = (TempPrivCheckUserData *) userdata;
- gboolean is_privileged;
-
- is_privileged = FALSE;
-
- g_message ("in _check_for_temp_privilege for user=%d priv=%s resource=%s sbun=%s",
- user, privilege, resource, tpcud->system_bus_unique_name);
-
- for (i = tpcud->manager->priv->temporary_privileges; i != NULL; i = g_list_next (i)) {
- TemporaryPrivilege *p;
- gboolean res_match;
-
- p = (TemporaryPrivilege *) i->data;
-
- if (ignore_resource) {
- res_match = TRUE;
- } else {
- if (resource == NULL || strlen (resource) == 0)
- res_match = (p->resource == NULL);
- else
- res_match = (safe_strcmp (p->resource, resource) == 0);
- }
-
- if ((strcmp (p->privilege, privilege) == 0) &&
- res_match &&
- (p->user == user)) {
-
- if (p->system_bus_unique_name == NULL) {
- is_privileged = TRUE;
- tpcud->is_temporary = TRUE;
- break;
- } else if (strcmp (p->system_bus_unique_name, tpcud->system_bus_unique_name) == 0) {
- is_privileged = TRUE;
- tpcud->is_temporary = TRUE;
- break;
- } else {
- tpcud->privileged_but_restricted_to = p->system_bus_unique_name;
- }
-
- }
- }
-
- return is_privileged;
-}
-
-gboolean
-polkit_manager_initiate_temporary_privilege_grant (PolicyKitManager *manager,
- char *user,
- char *privilege,
- char *resource,
- DBusGMethodInvocation *context)
-{
- uid_t calling_uid;
- pid_t calling_pid;
- uid_t uid;
- PolicyKitSession *session;
- char *sender;
-
- /* TODO: need to handle limit number of session to prevent DOS.
- * Or is dbus-daemon sufficient for that; I think so..
- */
-
- if (!polkit_manager_get_caller_info (manager,
- dbus_g_method_get_sender (context),
- &calling_uid,
- &calling_pid)) {
- dbus_g_method_return_error (context,
- g_error_new (POLKIT_MANAGER_ERROR,
- POLKIT_MANAGER_ERROR_ERROR,
- "An error occured."));
- return FALSE;
- }
-
- sender = dbus_g_method_get_sender (context);
-
- uid = uid_from_username (user);
-
- if (uid == (uid_t) -1) {
- dbus_g_method_return_error (context,
- g_error_new (POLKIT_MANAGER_ERROR,
- POLKIT_MANAGER_ERROR_NO_SUCH_USER,
- "There is no user '%s'.",
- user));
- return FALSE;
- }
-
-
- gboolean auth_can_obtain;
- gboolean auth_can_obtain_is_temporary;
- gboolean auth_can_grant;
- gboolean auth_obtain_requires_root;
- PolicyResult res;
- TempPrivCheckUserData tpcud;
-
- tpcud.manager = manager;
- tpcud.system_bus_unique_name = NULL;
- tpcud.privileged_but_restricted_to = "";
- tpcud.is_temporary = FALSE;
-
- res = policy_get_auth_details_for_policy (uid,
- privilege,
- resource,
- &auth_can_obtain,
- &auth_can_obtain_is_temporary,
- &auth_can_grant,
- &auth_obtain_requires_root,
- &tpcud,
- _check_for_temp_privilege);
-
- if (!auth_can_obtain) {
- dbus_g_method_return_error (context,
- g_error_new (POLKIT_MANAGER_ERROR,
- POLKIT_MANAGER_ERROR_ERROR,
- "The privilege %s cannot be obtained.", privilege));
- return FALSE;
- }
-
- session = polkit_session_new (manager->priv->connection,
- manager,
- calling_uid,
- sender,
- uid,
- privilege,
- strlen (resource) > 0 ? resource : NULL,
- auth_obtain_requires_root);
-
- g_object_weak_ref (G_OBJECT (session),
- session_finalized,
- manager);
-
- g_hash_table_insert (manager->priv->connection_name_to_session_object,
- sender,
- session);
-
- //g_timeout_add (5 * 1000, destroy_session_after_timeout, session);
-
- dbus_g_method_return (context,
- g_strdup (((char *) g_object_get_data (G_OBJECT (session), "dbus_glib_object_path"))));
- return TRUE;
-}
-
-gboolean
-polkit_manager_is_user_privileged (PolicyKitManager *manager,
- char *system_bus_unique_name,
- char *user,
- char *privilege,
- char *resource,
- DBusGMethodInvocation *context)
-{
- uid_t calling_uid;
- pid_t calling_pid;
- uid_t uid;
- PolicyResult res;
- gboolean is_privileged;
- gboolean is_temporary;
- char *is_privileged_but_restricted_to = NULL;
- TempPrivCheckUserData tpcud;
-
- if (!polkit_manager_get_caller_info (manager,
- dbus_g_method_get_sender (context),
- &calling_uid,
- &calling_pid)) {
- dbus_g_method_return_error (context,
- g_error_new (POLKIT_MANAGER_ERROR,
- POLKIT_MANAGER_ERROR_ERROR,
- "An error occured."));
- return FALSE;
- }
-
- is_privileged = FALSE;
-
- uid = uid_from_username (user);
-
- if (uid == (uid_t) -1) {
- dbus_g_method_return_error (context,
- g_error_new (POLKIT_MANAGER_ERROR,
- POLKIT_MANAGER_ERROR_NO_SUCH_USER,
- "There is no user '%s'.",
- user));
- return FALSE;
- }
-
- /* TODO: check if given uid is privileged to ask for this */
- if (FALSE) {
- dbus_g_method_return_error (context,
- g_error_new (POLKIT_MANAGER_ERROR,
- POLKIT_MANAGER_ERROR_NOT_PRIVILEGED,
- "You are not authorized to know this."));
- return FALSE;
- }
-
- tpcud.manager = manager;
- tpcud.system_bus_unique_name = system_bus_unique_name;
- tpcud.privileged_but_restricted_to = "";
- tpcud.is_temporary = FALSE;
- res = policy_is_uid_allowed_for_policy (uid,
- privilege,
- strlen (resource) > 0 ? resource : NULL,
- &is_privileged,
- &is_temporary,
- &is_privileged_but_restricted_to,
- &tpcud,
- _check_for_temp_privilege);
- switch (res) {
- case POLICY_RESULT_OK:
- break;
-
- case POLICY_RESULT_NO_SUCH_POLICY:
- dbus_g_method_return_error (context,
- g_error_new (POLKIT_MANAGER_ERROR,
- POLKIT_MANAGER_ERROR_NO_SUCH_PRIVILEGE,
- "There is no such privilege '%s'.",
- privilege));
- return FALSE;
-
- default: /* explicit fallthrough */
- case POLICY_RESULT_ERROR:
- dbus_g_method_return_error (context,
- g_error_new (POLKIT_MANAGER_ERROR,
- POLKIT_MANAGER_ERROR_ERROR,
- "An error occured."));
- return FALSE;
- }
-
-
- /* if we ended up being privileged, then don't fill in the _but_restricted_to */
- if (is_privileged) {
- g_free (is_privileged_but_restricted_to);
- is_privileged_but_restricted_to = g_strdup ("");
- }
-
- dbus_g_method_return (context, is_privileged, is_temporary, is_privileged_but_restricted_to);
-
- g_free (is_privileged_but_restricted_to);
-
- return TRUE;
-}
-
-
-gboolean
-polkit_manager_get_allowed_resources_for_privilege (PolicyKitManager *manager,
- char *user,
- char *privilege,
- DBusGMethodInvocation *context)
-{
- uid_t calling_uid;
- pid_t calling_pid;
- int n;
- GList *i;
- GList *resources;
- GList *restrictions;
- uid_t uid;
- PolicyResult res;
- TemporaryPrivilege *p;
- char **resource_list;
- char **restriction_list;
- int num_non_temporary;
-
- if (!polkit_manager_get_caller_info (manager,
- dbus_g_method_get_sender (context),
- &calling_uid,
- &calling_pid)) {
- dbus_g_method_return_error (context,
- g_error_new (POLKIT_MANAGER_ERROR,
- POLKIT_MANAGER_ERROR_ERROR,
- "An error occured."));
- return FALSE;
- }
-
- uid = uid_from_username (user);
-
- if (uid == (uid_t) -1) {
- dbus_g_method_return_error (context,
- g_error_new (POLKIT_MANAGER_ERROR,
- POLKIT_MANAGER_ERROR_NO_SUCH_USER,
- "There is no user '%s'.",
- user));
- return FALSE;
- }
-
- /* TODO: check if given uid is privileged to ask for this */
- if (FALSE) {
- dbus_g_method_return_error (context,
- g_error_new (POLKIT_MANAGER_ERROR,
- POLKIT_MANAGER_ERROR_NOT_PRIVILEGED,
- "You are not authorized to know this."));
- return FALSE;
- }
-
-
- res = policy_get_allowed_resources_for_policy_for_uid (uid,
- privilege,
- &resources);
- switch (res) {
- case POLICY_RESULT_OK:
- break;
-
- case POLICY_RESULT_NO_SUCH_POLICY:
- dbus_g_method_return_error (context,
- g_error_new (POLKIT_MANAGER_ERROR,
- POLKIT_MANAGER_ERROR_NO_SUCH_PRIVILEGE,
- "There is no such privilege '%s'.",
- privilege));
- return FALSE;
-
- default: /* explicit fallthrough */
- case POLICY_RESULT_ERROR:
- dbus_g_method_return_error (context,
- g_error_new (POLKIT_MANAGER_ERROR,
- POLKIT_MANAGER_ERROR_ERROR,
- "An error occured."));
- return FALSE;
- }
-
- num_non_temporary = g_list_length (resources);
-
- restrictions = NULL;
-
- /* check temporary list */
- for (i = manager->priv->temporary_privileges; i != NULL; i = g_list_next (i)) {
- p = (TemporaryPrivilege *) i->data;
-
- if ((strcmp (p->privilege, privilege) == 0) &&
- (p->resource != NULL) &&
- (p->user == uid)) {
-
- resources = g_list_append (resources, g_strdup (p->resource));
- restrictions = g_list_append (restrictions, p->system_bus_unique_name != NULL ?
- p->system_bus_unique_name : "");
- }
- }
-
- resource_list = g_new0 (char *, g_list_length (resources) + 1);
- for (i = resources, n = 0; i != NULL; i = g_list_next (i)) {
- char *resource = (char *) i->data;
- resource_list[n] = g_strdup (resource);
- n++;
- }
- resource_list[n] = NULL;
-
- g_list_foreach (resources, (GFunc) g_free, NULL);
- g_list_free (resources);
-
- restriction_list = g_new0 (char *, g_list_length (resources) + 1);
- for (n = 0; n < num_non_temporary; n++) {
- restriction_list[n] = "";
- }
- for (i = restrictions; i != NULL; i = g_list_next (i)) {
- char *restriction = (char *) i->data;
- restriction_list[n] = g_strdup (restriction);
- n++;
- }
- restriction_list[n] = NULL;
-
- dbus_g_method_return (context, resource_list, restriction_list, num_non_temporary);
-
- return TRUE;
-}
-
-gboolean
-polkit_manager_list_privileges (PolicyKitManager *manager,
- DBusGMethodInvocation *context)
-{
- uid_t calling_uid;
- pid_t calling_pid;
- int n;
- GList *i;
- GList *privileges;
- PolicyResult res;
- char **privilege_list;
-
-
- if (!polkit_manager_get_caller_info (manager,
- dbus_g_method_get_sender (context),
- &calling_uid,
- &calling_pid)) {
- dbus_g_method_return_error (context,
- g_error_new (POLKIT_MANAGER_ERROR,
- POLKIT_MANAGER_ERROR_ERROR,
- "An error occured."));
- return FALSE;
- }
-
- /* TODO: check if given uid is privileged to ask for this */
- if (FALSE) {
- dbus_g_method_return_error (context,
- g_error_new (POLKIT_MANAGER_ERROR,
- POLKIT_MANAGER_ERROR_NOT_PRIVILEGED,
- "You are not authorized to know this."));
- return FALSE;
- }
-
- res = policy_get_policies (&privileges);
- switch (res) {
- case POLICY_RESULT_OK:
- break;
-
- default: /* explicit fallthrough */
- case POLICY_RESULT_ERROR:
- dbus_g_method_return_error (context,
- g_error_new (POLKIT_MANAGER_ERROR,
- POLKIT_MANAGER_ERROR_ERROR,
- "An error occured."));
- return FALSE;
- }
-
- privilege_list = g_new0 (char *, g_list_length (privileges) + 1);
- for (i = privileges, n = 0; i != NULL; i = g_list_next (i)) {
- char *privilege = (char *) i->data;
- privilege_list[n++] = g_strdup (privilege);
- }
- privilege_list[n] = NULL;
-
- g_list_foreach (privileges, (GFunc) g_free, NULL);
- g_list_free (privileges);
-
- dbus_g_method_return (context, privilege_list);
-
- return TRUE;
-}
-
-gboolean
-polkit_manager_revoke_temporary_privilege (PolicyKitManager *manager,
- char *user,
- char *privilege,
- char *resource,
- DBusGMethodInvocation *context)
-{
- uid_t uid;
- uid_t calling_uid;
- pid_t calling_pid;
- gboolean result;
-
- if (!polkit_manager_get_caller_info (manager,
- dbus_g_method_get_sender (context),
- &calling_uid,
- &calling_pid)) {
- dbus_g_method_return_error (context,
- g_error_new (POLKIT_MANAGER_ERROR,
- POLKIT_MANAGER_ERROR_ERROR,
- "An error occured."));
- return FALSE;
- }
-
- uid = uid_from_username (user);
-
- if (uid == (uid_t) -1) {
- dbus_g_method_return_error (context,
- g_error_new (POLKIT_MANAGER_ERROR,
- POLKIT_MANAGER_ERROR_NO_SUCH_USER,
- "There is no user '%s'.",
- user));
- return FALSE;
- }
-
- /* check if given uid is privileged to revoke privilege; only allow own user to do this */
- /* TODO: also allow callers with privilege 'polkit-manage-privileges-TODO-RENAME' */
- if (uid != calling_uid) {
- dbus_g_method_return_error (context,
- g_error_new (POLKIT_MANAGER_ERROR,
- POLKIT_MANAGER_ERROR_NOT_PRIVILEGED,
- "You are not authorized to revoke the privilege."));
- return FALSE;
- }
-
- if (resource != NULL && strlen (resource) == 0)
- resource = NULL;
-
- if (!polkit_manager_remove_temporary_privilege (manager,
- uid,
- privilege,
- resource,
- NULL,
- TRUE)) {
- dbus_g_method_return_error (context,
- g_error_new (POLKIT_MANAGER_ERROR,
- POLKIT_MANAGER_ERROR_NO_SUCH_PRIVILEGE,
- "There is no such privilege '%s'.",
- privilege));
- return FALSE;
- }
-
- result = TRUE;
-
- dbus_g_method_return (context, result);
- return TRUE;
-}
-
-/* local methods */
-
-gboolean
-polkit_manager_add_temporary_privilege (PolicyKitManager *manager,
- uid_t user,
- const char *privilege,
- const char *resource,
- const char *system_bus_unique_name)
-{
- GList *i;
- TemporaryPrivilege *p;
-
- for (i = manager->priv->temporary_privileges; i != NULL; i = g_list_next (i)) {
- p = (TemporaryPrivilege *) i->data;
-
- if ((strcmp (p->privilege, privilege) == 0) &&
- ((resource != NULL) && (safe_strcmp (p->resource, resource)) == 0) &&
- (p->user == user) &&
- (p->system_bus_unique_name == system_bus_unique_name))
- return FALSE;
- }
-
- p = g_new0 (TemporaryPrivilege, 1);
- p->user = user;
- p->privilege = g_strdup (privilege);
- p->resource = g_strdup (resource);
- p->system_bus_unique_name = g_strdup (system_bus_unique_name);
-
- _granting_temp_priv (manager, p);
- manager->priv->temporary_privileges = g_list_append (manager->priv->temporary_privileges, p);
-
- return TRUE;
-}
-
-gboolean
-polkit_manager_remove_temporary_privilege (PolicyKitManager *manager,
- uid_t user,
- const char *privilege,
- const char *resource,
- const char *system_bus_unique_name,
- gboolean remove_even_if_system_bus_unique_name_does_not_match)
-{
- GList *i;
- TemporaryPrivilege *p;
-
- for (i = manager->priv->temporary_privileges; i != NULL; i = g_list_next (i)) {
- p = (TemporaryPrivilege *) i->data;
-
- if ((strcmp (p->privilege, privilege) == 0) &&
-
- ((resource == NULL) ? (p->resource == NULL)
- : ((p->resource != NULL) ? (strcmp (p->resource, resource) == 0) : FALSE)) &&
-
- (p->user == user) &&
-
- (remove_even_if_system_bus_unique_name_does_not_match ||
- ((system_bus_unique_name == NULL) ? (p->system_bus_unique_name == NULL)
- : ((p->system_bus_unique_name != NULL) ?
- (strcmp (p->system_bus_unique_name, system_bus_unique_name) == 0) :
- FALSE)))
- ) {
-
- _revoking_temp_priv (manager, p);
-
- g_free (p->privilege);
- g_free (p->resource);
- g_free (p->system_bus_unique_name);
- g_free (p);
-
- manager->priv->temporary_privileges = g_list_remove (
- manager->priv->temporary_privileges, p);
-
- return TRUE;
- }
- }
-
- return FALSE;
-}
-
-void
-polkit_manager_update_desktop_console_privileges (PolicyKitManager *manager)
-{
- GDir *dir;
- GError *err = NULL;
- const char *f;
- GSList *list;
- GSList *j;
- GList *i;
- TemporaryPrivilege *p;
-
- g_debug ("Entering polkit_manager_update_desktop_console_privileges");
-
- /* Build a list of what /var/run/polkit-console contains;
- * e.g. {":0", "davidz", ":1", "bateman", ..}
- *
- * This is essentially a list of pairs <consoleId, userId>
- * denoting what users are logged in at the consoles attached
- * to the system.
- */
- list = NULL;
- if ((dir = g_dir_open (PACKAGE_LOCALSTATEDIR "/run/polkit-console", 0, &err)) == NULL) {
- g_warning ("Unable to open " PACKAGE_LOCALSTATEDIR "/run/polkit-console : %s", err->message);
- g_error_free (err);
- goto out;
- }
- while ((f = g_dir_read_name (dir)) != NULL) {
- char **tokens;
-
- tokens = g_strsplit (f, "_", 2);
- if (tokens != NULL && g_strv_length (tokens) == 2) {
- char *console;
- char *user;
-
- console = g_strdup_printf ("console://%s", tokens[0]);
- user = g_strdup (tokens[1]);
- list = g_slist_append (list, console);
- list = g_slist_append (list, user);
- }
- g_strfreev (tokens);
- }
- g_dir_close (dir);
-
- /* now revoke the temporary desktop-console privilege for
- * users no longer at the console; go through all tempoary
- * desktop-console privileges and check that each one is still
- * in the list above...
- */
- for (i = manager->priv->temporary_privileges; i != NULL; ) {
- p = (TemporaryPrivilege *) i->data;
- gboolean found;
-
- i = g_list_next (i);
-
- found = FALSE;
-
- if ((strcmp (p->privilege, "desktop-console") == 0) && p->resource != NULL) {
-
- for (j = list; j != NULL; j = g_slist_next (j)) {
- char *console;
- char *user;
- uid_t uid;
-
- console = (char *) j->data;
- j = g_slist_next (j);
- user = (char *) j->data;
- uid = policy_util_name_to_uid (user, NULL);
- if (uid != (uid_t) -1 && strcmp (p->resource, console) == 0 &&
- p->user == uid &&
- p->system_bus_unique_name == NULL) {
- found = TRUE;
- break;
- }
- }
- }
-
- if (!found) {
- /* revoke this privilege */
- _revoking_temp_priv (manager, p);
-
- g_free (p->privilege);
- g_free (p->resource);
- g_free (p->system_bus_unique_name);
- g_free (p);
-
- manager->priv->temporary_privileges = g_list_remove (
- manager->priv->temporary_privileges, p);
- }
- }
-
- /* finally grant temporary desktop-console privilege for users
- * now at the console
- */
- for (j = list; j != NULL; j = g_slist_next (j)) {
- char *console;
- char *user;
- uid_t uid;
-
- console = (char *) j->data;
- j = g_slist_next (j);
- user = (char *) j->data;
- uid = policy_util_name_to_uid (user, NULL);
- if (uid != (uid_t) -1) {
- polkit_manager_add_temporary_privilege (manager, uid, "desktop-console", console, NULL);
- }
- }
-
- g_slist_foreach (list, (GFunc) g_free, NULL);
- g_slist_free (list);
-
-out:
- ;
-}
diff --git a/polkitd/polkit-manager.h b/polkitd/polkit-manager.h
deleted file mode 100644
index 9d7b802..0000000
--- a/polkitd/polkit-manager.h
+++ /dev/null
@@ -1,132 +0,0 @@
-/***************************************************************************
- * CVSID: $Id$
- *
- * polkit-manager.h : Manager object
- *
- * Copyright (C) 2006 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#ifndef _POLKIT_MANAGER_H
-#define _POLKIT_MANAGER_H
-
-#include <unistd.h>
-#include <sys/types.h>
-#include <glib.h>
-#include <glib-object.h>
-#include <dbus/dbus-glib.h>
-
-GQuark polkit_manager_error_quark (void);
-
-#define POLKIT_MANAGER_ERROR (polkit_manager_error_quark ())
-
-typedef enum
-{
- POLKIT_MANAGER_ERROR_NO_SUCH_USER = 0,
- POLKIT_MANAGER_ERROR_NO_SUCH_PRIVILEGE = 1,
- POLKIT_MANAGER_ERROR_NOT_PRIVILEGED = 2,
- POLKIT_MANAGER_ERROR_ERROR = 3,
- POLKIT_MANAGER_ERROR_CANNOT_OBTAIN_PRIVILEGE = 4,
- POLKIT_MANAGER_NUM_ERRORS
-} PolkitManagerError;
-
-GType polkit_manager_error_get_type (void);
-#define POLKIT_MANAGER_TYPE_ERROR (polkit_manager_error_get_type ())
-
-typedef struct PolicyKitManager PolicyKitManager;
-typedef struct PolicyKitManagerClass PolicyKitManagerClass;
-
-GType polkit_manager_get_type (void);
-
-typedef struct PolicyKitManagerPrivate PolicyKitManagerPrivate;
-
-struct PolicyKitManager
-{
- GObject parent;
-
- PolicyKitManagerPrivate *priv;
-};
-
-struct PolicyKitManagerClass
-{
- GObjectClass parent;
-};
-
-#define POLKIT_TYPE_MANAGER (polkit_manager_get_type ())
-#define POLKIT_MANAGER(object) (G_TYPE_CHECK_INSTANCE_CAST ((object), POLKIT_TYPE_MANAGER, PolicyKitManager))
-#define POLKIT_MANAGER_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), POLKIT_TYPE_MANAGER, PolicyKitManagerClass))
-#define POLKIT_IS_MANAGER(object) (G_TYPE_CHECK_INSTANCE_TYPE ((object), POLKIT_TYPE_MANAGER))
-#define POLKIT_IS_MANAGER_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), POLKIT_TYPE_MANAGER))
-#define POLKIT_MANAGER_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), POLKIT_TYPE_MANAGER, PolicyKitManagerClass))
-
-PolicyKitManager *polkit_manager_new (DBusGConnection *connection,
- DBusGProxy *bus_proxy);
-
-/* remote methods */
-
-gboolean polkit_manager_initiate_temporary_privilege_grant (PolicyKitManager *manager,
- char *user,
- char *privilege,
- char *resource,
- DBusGMethodInvocation *context);
-
-gboolean polkit_manager_revoke_temporary_privilege (PolicyKitManager *manager,
- char *user,
- char *privilege,
- char *resource,
- DBusGMethodInvocation *context);
-
-gboolean polkit_manager_is_user_privileged (PolicyKitManager *manager,
- char *system_bus_unique_name,
- char *user,
- char *privilege,
- char *resource,
- DBusGMethodInvocation *context);
-
-gboolean polkit_manager_get_allowed_resources_for_privilege (PolicyKitManager *manager,
- char *user,
- char *privilege,
- DBusGMethodInvocation *context);
-
-gboolean polkit_manager_list_privileges (PolicyKitManager *manager,
- DBusGMethodInvocation *context);
-
-/* local methods */
-
-gboolean polkit_manager_get_caller_info (PolicyKitManager *manager,
- const char *sender,
- uid_t *calling_uid,
- pid_t *calling_pid);
-
-
-gboolean polkit_manager_add_temporary_privilege (PolicyKitManager *manager,
- uid_t user,
- const char *privilege,
- const char *resource,
- const char *system_bus_unique_name);
-
-gboolean polkit_manager_remove_temporary_privilege (PolicyKitManager *manager,
- uid_t user,
- const char *privilege,
- const char *resource,
- const char *system_bus_unique_name,
- gboolean remove_even_if_system_bus_unique_name_does_not_match);
-
-void polkit_manager_update_desktop_console_privileges (PolicyKitManager *manager);
-
-
-#endif /* _POLKIT_MANAGER_H */
diff --git a/polkitd/polkit-marshal.list b/polkitd/polkit-marshal.list
deleted file mode 100644
index 41e4027..0000000
--- a/polkitd/polkit-marshal.list
+++ /dev/null
@@ -1 +0,0 @@
-VOID:STRING,STRING,STRING
diff --git a/polkitd/polkit-session.c b/polkitd/polkit-session.c
deleted file mode 100644
index cbc2fb5..0000000
--- a/polkitd/polkit-session.c
+++ /dev/null
@@ -1,1013 +0,0 @@
-/***************************************************************************
- * CVSID: $Id$
- *
- * polkit-session.c : Session object
- *
- * Copyright (C) 2006 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#include <unistd.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <signal.h>
-#include <errno.h>
-
-#define DBUS_API_SUBJECT_TO_CHANGE
-#include <dbus/dbus.h>
-#include <dbus/dbus-glib.h>
-#include <dbus/dbus-glib-lowlevel.h>
-#include <security/pam_appl.h>
-
-#include "policy.h"
-#include "polkit-session.h"
-
-enum
-{
- AUTH_STATE_NOT_STARTED,
- AUTH_STATE_IN_PROGRESS,
- AUTH_STATE_HAVE_QUESTIONS,
- AUTH_STATE_NEED_ANSWERS,
- AUTH_STATE_DONE
-};
-
-struct PolicyKitSessionPrivate
-{
- int session_number;
- DBusGConnection *connection;
- DBusGProxy *proxy;
- PolicyKitManager *manager;
-
- char *auth_as_user;
- char *auth_with_pam_service;
-
- uid_t calling_uid;
- char *calling_dbus_name;
-
- uid_t grant_to_uid;
- char *grant_privilege;
- char *grant_resource;
- char *grant_system_bus_name_unique_name_restriction;
-
- gboolean have_granted_temp_privileges;
-
- int auth_state;
- gboolean is_authenticated;
- char *auth_denied_reason;
- GSList *auth_questions;
-
- GPid child_pid;
- GIOChannel *pam_channel;
- GIOChannel *pam_channel_write;
-};
-
-enum
-{
- HAVE_QUESTIONS,
- AUTHENTICATION_DONE,
- LAST_SIGNAL
-};
-
-static guint signals[LAST_SIGNAL] = { 0 };
-
-G_DEFINE_TYPE(PolicyKitSession, polkit_session, G_TYPE_OBJECT)
-
-static GObjectClass *parent_class = NULL;
-
-static void
-polkit_session_init (PolicyKitSession *session)
-{
- session->priv = g_new0 (PolicyKitSessionPrivate, 1);
- session->priv->session_number = 42;
- session->priv->is_authenticated = FALSE;
- session->priv->auth_state = AUTH_STATE_NOT_STARTED;
-}
-
-static void
-polkit_session_finalize (PolicyKitSession *session)
-{
- g_io_channel_unref (session->priv->pam_channel);
- g_io_channel_unref (session->priv->pam_channel_write);
- dbus_g_connection_unref (session->priv->connection);
-
- g_free (session->priv->auth_as_user);
- g_free (session->priv->auth_with_pam_service);
-
- g_free (session->priv->calling_dbus_name);
-
- g_free (session->priv->grant_privilege);
- g_free (session->priv->grant_resource);
-
- g_free (session->priv->auth_denied_reason);
- if (session->priv->auth_questions != NULL) {
- g_slist_foreach (session->priv->auth_questions, (GFunc) g_free, NULL);
- g_slist_free (session->priv->auth_questions);
- }
- g_free (session->priv);
-
- G_OBJECT_CLASS (parent_class)->finalize (G_OBJECT (session));
-}
-
-static void
-polkit_session_class_init (PolicyKitSessionClass *klass)
-{
- GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
-
- signals[HAVE_QUESTIONS] =
- g_signal_new ("have_questions",
- G_OBJECT_CLASS_TYPE (klass),
- G_SIGNAL_RUN_LAST | G_SIGNAL_DETAILED,
- 0,
- NULL, NULL,
- g_cclosure_marshal_VOID__VOID,
- G_TYPE_NONE, 0);
-
- signals[AUTHENTICATION_DONE] =
- g_signal_new ("authentication_done",
- G_OBJECT_CLASS_TYPE (klass),
- G_SIGNAL_RUN_LAST | G_SIGNAL_DETAILED,
- 0,
- NULL, NULL,
- g_cclosure_marshal_VOID__VOID,
- G_TYPE_NONE, 0);
-
-
- gobject_class->finalize = (GObjectFinalizeFunc) polkit_session_finalize;
- parent_class = g_type_class_peek_parent (klass);
-}
-
-
-GQuark
-polkit_session_error_quark (void)
-{
- static GQuark ret = 0;
- if (ret == 0)
- ret = g_quark_from_static_string ("PolkitSessionObjectErrorQuark");
- return ret;
-}
-
-#define ENUM_ENTRY(NAME, DESC) { NAME, "" #NAME "", DESC }
-
-GType
-polkit_session_error_get_type (void)
-{
- static GType etype = 0;
-
- if (etype == 0) {
- static const GEnumValue values[] = {
- ENUM_ENTRY (POLKIT_SESSION_ERROR_AUTHENTICATION_IN_PROGRESS, "AuthenticationInProgress"),
- ENUM_ENTRY (POLKIT_SESSION_ERROR_AUTHENTICATION_ALREADY_INITIATED, "AuthenticationAlreadyInitiated"),
- ENUM_ENTRY (POLKIT_SESSION_ERROR_NO_QUESTIONS, "AuthenticationNoQuestions"),
- ENUM_ENTRY (POLKIT_SESSION_ERROR_AUTHENTICATION_WAS_NOT_DENIED, "AuthenticationWasNotDenied"),
- ENUM_ENTRY (POLKIT_SESSION_ERROR_NO_RESOURCES, "NoResources"),
- ENUM_ENTRY (POLKIT_SESSION_ERROR_AUTHENTICATION_NOT_DONE, "AuthenticationNotDone"),
- ENUM_ENTRY (POLKIT_SESSION_ERROR_AUTHENTICATION_FAILED, "AuthenticationFailed"),
- ENUM_ENTRY (POLKIT_SESSION_ERROR_NOT_INITIATOR, "NotInitiator"),
- { 0, 0, 0 }
- };
-
- g_assert (POLKIT_SESSION_NUM_ERRORS == G_N_ELEMENTS (values) - 1);
-
- etype = g_enum_register_static ("PolkitSessionError", values);
- }
-
- return etype;
-}
-
-
-static gboolean
-polkit_session_check_caller (PolicyKitSession *session,
- DBusGMethodInvocation *context)
-{
- char *sender;
- gboolean same_caller;
-
- same_caller = FALSE;
-
- sender = dbus_g_method_get_sender (context);
- if (sender != NULL) {
- if (strcmp (session->priv->calling_dbus_name, sender) == 0) {
- same_caller = TRUE;
- }
- }
-
- if (!same_caller) {
- dbus_g_method_return_error (context,
- g_error_new (POLKIT_SESSION_ERROR,
- POLKIT_SESSION_ERROR_NOT_INITIATOR,
- "Only the session initiator can invoke methods on this interface. This incident will be reported."));
- /* TODO: log this attack to syslog */
- }
-
- return same_caller;
-}
-
-gboolean
-polkit_session_is_authenticated (PolicyKitSession *session,
- DBusGMethodInvocation *context)
-{
- /*g_debug ("is_authenticated");*/
-
- if (!polkit_session_check_caller (session, context))
- return FALSE;
-
- if (session->priv->auth_state != AUTH_STATE_DONE) {
- dbus_g_method_return_error (context,
- g_error_new (POLKIT_SESSION_ERROR,
- POLKIT_SESSION_ERROR_AUTHENTICATION_IN_PROGRESS,
- "This method cannot be invoked before the AuthenticationDone signal is emitted."));
- return FALSE;
- }
-
- dbus_g_method_return (context, session->priv->is_authenticated);
- return TRUE;
-}
-
-gboolean
-polkit_session_get_auth_denied_reason (PolicyKitSession *session,
- DBusGMethodInvocation *context)
-{
- /*g_debug ("get_auth_denied_reason");*/
-
- if (!polkit_session_check_caller (session, context))
- return FALSE;
-
- if (session->priv->auth_state != AUTH_STATE_DONE) {
- dbus_g_method_return_error (context,
- g_error_new (POLKIT_SESSION_ERROR,
- POLKIT_SESSION_ERROR_AUTHENTICATION_IN_PROGRESS,
- "This method cannot be invoked before the AuthenticationDone signal is emitted."));
- return FALSE;
- }
-
- if (session->priv->is_authenticated) {
- dbus_g_method_return_error (context,
- g_error_new (POLKIT_SESSION_ERROR,
- POLKIT_SESSION_ERROR_AUTHENTICATION_WAS_NOT_DENIED,
- "The authentication was not denied."));
- return FALSE;
- }
-
- dbus_g_method_return (context, session->priv->auth_denied_reason);
- return TRUE;
-}
-
-
-/*
- * Interaction diagram
- * -------------------
- *
- * some app polkitd
- * ======== =======
- *
- * -> manager.InitiatePrivilegeGrant(user, privilege, resource) ->
- * <- Returns session object <-
- *
- * -> session.GetAuthDetails() ->
- * <- Returns {<username we auth as>, <service_name used> ...} <- # can we include what pam module? prolly not
- *
- * -> session.InitiateAuth() ->
- * <- Returns TRUE <-
- *
- * # app now waits for the AuthenticationDone()
- * # or HaveQuestions() signals
- * .....
- *
- * <- signal: HaveQuestions() <-
- *
- * -> session.GetQuestions() ->
- * <- Returns {question_1, question_2, ...} <-
- *
- * -> session.ProvideAnswers({answer_1, answer_2, ...}) ->
- * <- Returns TRUE <-
- *
- * .....
- *
- * <- signal: AuthenticationDone() <-
- *
- * .....
- *
- * -> session.IsAuthenticated() ->
- * <- Returns TRUE or FALSE <-
- *
- * .....
- *
- * -> session.GetAuthFailureReason() -> # Only if IsAuthenticated() returns FALSE
- * <- Returns <reason as string> <-
- *
- * .....
- *
- * Assume now IsAuthenticated() returned TRUE. There are a few different
- * scenarios.
- *
- *
- * SCENARIO 1: App needs the privilege only temporarily; e.g. not persistent
- * across reboots. The app may even restrict users of the privilege
- * to his own process id. The app may ask for the privilege to
- * not be revoked when it ends the session - if the app should
- * disconnect from the bus before session.Close() the privilege
- * is revoked though.
- *
- * Example: gnome-mount needs privs to do work, restricts the
- * privs to it's own PID and asks for revocation when
- * it's done with it's work.
- *
- * Example: g-d-m temporarily gives the privilege 'local-console-user'
- * when a new desktop session starts. It manually revokes
- * this when the session ends.
- *
- * -> session.GrantPrivilegeTemporary(bool restrictToCallersPID) -> # add uid, pid of client to the
- * <- Returns TRUE <- # temp_allow_list
- *
- * .....
- *
- * (the app is now doing something useful with the privilege obtained)
- *
- * .....
- *
- * -> session.Close(bool doNotRevokePrivilege) ->
- * <- Returns TRUE <- # Remove uid, pid of client from the
- * # temp_allow_list IFF revokePrivile is true
- */
-
-typedef struct {
- int fd;
- int fdread;
-} ConversationData;
-
-
-/* TODO: is this a secure way of clearing memory? */
-static void *
-safe_memset (void *buf, int c, size_t len)
-{
- return memset (buf, c, len);
-}
-
-
-static int
-my_conversation (int n,
- const struct pam_message **msg,
- struct pam_response **resp,
- void *data)
-{
- GString *str;
- ConversationData *cd = (ConversationData *) data;
- struct pam_response *aresp;
- int i;
- int j;
- int num_real_questions = 0;
- int strl;
- char *cstr;
- int num_bytes_read;
- char *p;
- char readbuf[1024];
- char **answers = NULL;
- int num_answers;
-
- /*g_debug ("in my_conv");*/
-
- if (n <= 0 || n > PAM_MAX_NUM_MSG) {
- return PAM_CONV_ERR;
- }
-
- if ((aresp = calloc (n, sizeof (struct pam_response))) == NULL) {
- return PAM_BUF_ERR;
- }
-
- str = g_string_new ("Q");
-
- for (i = 0; i < n; ++i) {
- g_string_append_c (str, '\0');
- switch (msg[i]->msg_style) {
- case PAM_PROMPT_ECHO_OFF:
- g_string_append (str, "PamPromptEchoOff");
- num_real_questions++;
- break;
- case PAM_PROMPT_ECHO_ON:
- g_string_append (str, "PamPromptEchoOn");
- num_real_questions++;
- break;
- case PAM_ERROR_MSG:
- g_string_append (str, "PamErrorMsg");
- break;
- case PAM_TEXT_INFO:
- g_string_append (str, "PamTextInfo");
- break;
-
- default:
- /* TODO */
- break;
- }
- g_string_append_c (str, '\0');
- g_string_append_printf (str, "%s", msg[i]->msg);
- }
-
- strl = str->len;
- cstr = g_string_free (str, FALSE);
- /*g_debug ("strlen = %d", strl);*/
- write (cd->fd, (void *) cstr, (size_t) strl);
- g_free (cstr);
-
- answers = g_new0 (char *, num_real_questions + 1);
-
- /* now wait for parent to write answers */
- num_bytes_read = read (cd->fdread, readbuf, sizeof (readbuf));
- /*g_debug ("actually read = %d", num_bytes_read);*/
- p = readbuf;
- num_answers = 0;
- do {
- if (num_answers > num_real_questions) {
- g_warning ("num_answers > num_real_questions");
- goto error;
- }
-
- answers [num_answers++] = g_strdup (p);
- /*g_debug ("answer -> '%s'", p);*/
-
- p = p + strlen(p) + 1;
-
- } while (p < readbuf + num_bytes_read);
- answers[num_answers] = NULL;
-
- if (num_answers != num_real_questions) {
- g_warning ("num_answers != num_real_questions");
- goto error;
- }
-
- /*g_debug ("giving answers back to PAM");*/
-
- j = 0;
- for (i = 0; i < n; ++i) {
- aresp[i].resp_retcode = 0;
- aresp[i].resp = NULL;
-
- switch (msg[i]->msg_style) {
- case PAM_PROMPT_ECHO_OFF: /* explicit fallthrough */
- case PAM_PROMPT_ECHO_ON:
- aresp[i].resp = strdup (answers[j++]);
- break;
-
- default:
- /* explicitly left blank */
- break;
- }
- }
-
- /* zero out the secrets */
- safe_memset (readbuf, 0, sizeof (readbuf));
- if (answers != NULL) {
- for (i = 0; answers[i] != NULL; i++) {
- safe_memset (answers[i], 0, strlen (answers[i]));
- }
- g_strfreev (answers);
- }
-
- *resp = aresp;
- return PAM_SUCCESS;
-
-error:
- /* zero out the secrets */
- safe_memset (readbuf, 0, sizeof (readbuf));
- if (answers != NULL) {
- for (i = 0; answers[i] != NULL; i++) {
- safe_memset (answers[i], 0, strlen (answers[i]));
- }
- g_strfreev (answers);
- }
-
- /* prepare reply to PAM */
- for (i = 0; i < n; ++i) {
- if (aresp[i].resp != NULL) {
- safe_memset (aresp[i].resp, 0, strlen(aresp[i].resp));
- free (aresp[i].resp);
- }
- }
- safe_memset (aresp, 0, n * sizeof (struct pam_response));
- *resp = NULL;
-
- return PAM_CONV_ERR;
-}
-
-static void
-write_back_to_parent (int fd, char code, const char *message)
-{
- GString *str;
- gsize strl;
- char *cstr;
-
- str = g_string_new ("");
- g_string_append_c (str, code);
- g_string_append_c (str, '\0');
-
- if (message != NULL) {
- g_string_append (str, message);
- g_string_append_c (str, '\0');
- }
-
- strl = str->len;
- cstr = g_string_free (str, FALSE);
- write (fd, cstr, strl);
- g_free (cstr);
-}
-
-static void
-do_pam_auth (int fd, int fdread, const PolicyKitSessionPrivate *priv)
-{
- int rc;
- struct pam_conv pam_conversation;
- pam_handle_t *pam_h;
- ConversationData d;
- char *authed_user;
-
- /*g_debug ("in %s", __FUNCTION__);*/
-
- pam_conversation.conv = my_conversation;
- pam_conversation.appdata_ptr = (void *) &d;
- d.fd = fd;
- d.fdread = fdread;
-
- rc = pam_start (priv->auth_with_pam_service,
- priv->auth_as_user,
- &pam_conversation,
- &pam_h);
- if (rc != PAM_SUCCESS) {
- g_warning ("pam_start failed: %s", pam_strerror (pam_h, rc));
- write_back_to_parent (fd, 'F', pam_strerror (pam_h, rc));
- goto out;
- }
-
-
- /*g_debug ("invoking pam_authenticate");*/
-
- /* is user really user? */
- rc = pam_authenticate (pam_h, 0);
- if (rc != PAM_SUCCESS) {
- g_warning ("pam_authenticated failed: %s", pam_strerror (pam_h, rc));
- write_back_to_parent (fd, 'N', pam_strerror (pam_h, rc));
- goto out;
- }
-
- /*g_debug ("invoking pam_acct_mgmt");*/
-
- /* permitted access? */
- rc = pam_acct_mgmt (pam_h, 0);
- if (rc != PAM_SUCCESS) {
- g_warning ("pam_acct_mgmt failed: %s", pam_strerror (pam_h, rc));
- write_back_to_parent (fd, 'N', pam_strerror (pam_h, rc));
- goto out;
- }
-
- /*g_debug ("checking we authed the right user");*/
-
- rc = pam_get_item (pam_h, PAM_USER, (const void **) &authed_user);
- if (rc != PAM_SUCCESS) {
- g_warning ("pam_get_item failed: %s", pam_strerror (pam_h, rc));
- write_back_to_parent (fd, 'N', pam_strerror (pam_h, rc));
- goto out;
- }
-
- /*g_debug ("Authed user '%s'", authed_user);*/
-
- if (strcmp (authed_user, priv->auth_as_user) != 0) {
- char *err;
- err = g_strdup_printf ("Tried to auth user '%s' but we got auth for user '%s' instead",
- priv->auth_as_user, authed_user);
- g_warning (err);
- write_back_to_parent (fd, 'N', err);
- g_free (err);
- goto out;
- }
-
- /*g_debug ("user authenticated, exiting");*/
- write_back_to_parent (fd, 'S', NULL);
-
-out:
- exit (0);
-}
-
-static gboolean
-data_from_pam (GIOChannel *source,
- GIOCondition condition,
- gpointer data)
-{
- PolicyKitSession *session = POLKIT_SESSION (data);
-
- if (condition & G_IO_IN) {
- char buf[1024];
- gsize num_bytes_read;
-
- /*g_debug ("in %s - data", __FUNCTION__);*/
-
- g_io_channel_read (source,
- buf,
- sizeof (buf) - 1,
- &num_bytes_read);
- /*g_debug ("read %d bytes, first one is '%c' = %d", num_bytes_read, buf[0], buf[0]);*/
- buf[num_bytes_read] = '\0';
-
- switch (buf[0]) {
- case 'F':
- g_warning ("PAM failed: '%s'", buf + 2);
- session->priv->auth_denied_reason = g_strdup (buf + 2);
- session->priv->auth_state = AUTH_STATE_DONE;
- g_signal_emit (session, signals[AUTHENTICATION_DONE], 0);
- break;
-
- case 'N':
- g_warning ("Not authenticated: '%s'", buf + 2);
- session->priv->auth_denied_reason = g_strdup (buf + 2);
- session->priv->auth_state = AUTH_STATE_DONE;
- g_signal_emit (session, signals[AUTHENTICATION_DONE], 0);
- break;
-
- case 'S':
- /*g_debug ("Success, user authenticated");*/
- session->priv->is_authenticated = TRUE;
- session->priv->auth_state = AUTH_STATE_DONE;
- g_signal_emit (session, signals[AUTHENTICATION_DONE], 0);
- break;
-
- case 'Q':
- g_slist_foreach (session->priv->auth_questions, (GFunc) g_free, NULL);
- g_slist_free (session->priv->auth_questions);
- session->priv->auth_questions = NULL;
-
- char *p = buf + 2;
- do {
- session->priv->auth_questions = g_slist_append (session->priv->auth_questions,
- g_strdup (p));
- /*g_debug ("p -> '%s'", p);*/
- p = p + strlen(p) + 1;
-
- } while (p < buf + num_bytes_read);
-
- /*g_debug ("Put %d questions on list", g_slist_length (session->priv->auth_questions));*/
-
- if ((g_slist_length (session->priv->auth_questions) & 1) != 0) {
- g_warning ("Uneven number of question items from PAM; aborting conversation");
- kill (session->priv->child_pid, SIGTERM);
- session->priv->auth_state = AUTH_STATE_DONE;
- session->priv->auth_denied_reason = g_strdup ("Unexpected internal PAM error");
- g_signal_emit (session, signals[AUTHENTICATION_DONE], 0);
- } else {
- session->priv->auth_state = AUTH_STATE_HAVE_QUESTIONS;
- g_signal_emit (session, signals[HAVE_QUESTIONS], 0);
- }
- break;
-
- default:
- /* left intentionally blank */
- break;
- }
-
- }
-
-
- if (condition & G_IO_HUP) {
- /*g_debug ("in %s - hangup", __FUNCTION__);*/
- if (session->priv->child_pid != 0) {
- int status;
- /*g_debug (" reaping child with pid %d", session->priv->child_pid);*/
- session->priv->child_pid = 0;
- waitpid (session->priv->child_pid, &status, 0);
- }
-
- /* release the ref we made when creating the child */
- g_object_unref (session);
-
- /* remove the source */
- return FALSE;
- }
-
- return TRUE;
-}
-
-gboolean
-polkit_session_get_auth_details (PolicyKitSession *session,
- DBusGMethodInvocation *context)
-{
- if (!polkit_session_check_caller (session, context))
- return FALSE;
-
- if (session->priv->auth_state != AUTH_STATE_NOT_STARTED) {
- dbus_g_method_return_error (context,
- g_error_new (POLKIT_SESSION_ERROR,
- POLKIT_SESSION_ERROR_AUTHENTICATION_ALREADY_INITIATED,
- "This method cannot be invoked after InitiateAuth() is invoked."));
- return FALSE;
- }
-
- dbus_g_method_return (context,
- g_strdup (session->priv->auth_as_user),
- g_strdup (session->priv->auth_with_pam_service));
- return TRUE;
-}
-
-gboolean
-polkit_session_initiate_auth (PolicyKitSession *session,
- DBusGMethodInvocation *context)
-{
- int fds[2];
- int fdsb[2];
- pid_t pid;
-
- if (!polkit_session_check_caller (session, context))
- return FALSE;
-
- if (session->priv->auth_state != AUTH_STATE_NOT_STARTED) {
- dbus_g_method_return_error (context,
- g_error_new (POLKIT_SESSION_ERROR,
- POLKIT_SESSION_ERROR_AUTHENTICATION_ALREADY_INITIATED,
- "Authentication already initiated."));
- return FALSE;
- }
-
- /*g_debug ("in %s", __FUNCTION__);*/
-
- /* pipe for parent reading from child */
- if (pipe(fds) != 0) {
- g_warning ("pipe() failed: %s", strerror (errno));
- goto fail;
- }
-
- /* pipe for parent writing to child */
- if (pipe(fdsb) != 0) {
- g_warning ("pipe() failed: %s", strerror (errno));
- goto fail;
- }
-
- switch (pid = fork()) {
- case -1:
- g_warning ("fork() failed: %s", strerror (errno));
- goto fail;
-
- case 0:
- /* child; close unused ends */
- close (fds[0]);
- close (fdsb[1]);
-
- do_pam_auth (fds[1], fdsb[0], session->priv);
- break;
-
- default:
- session->priv->auth_state = AUTH_STATE_IN_PROGRESS;
-
- /* parent; close unused ends */
- close (fds[1]);
- close (fdsb[0]);
-
- session->priv->child_pid = (GPid) pid;
- session->priv->pam_channel_write = g_io_channel_unix_new (fdsb[1]);
- session->priv->pam_channel = g_io_channel_unix_new (fds[0]);
-
- /* ref because we need the object in data_from_pam */
- g_object_ref (session);
-
- g_io_add_watch (session->priv->pam_channel,
- G_IO_IN | G_IO_ERR | G_IO_HUP,
- data_from_pam,
- session);
-
- break;
- }
-
- dbus_g_method_return (context);
- return TRUE;
-
-fail:
- dbus_g_method_return_error (context,
- g_error_new (POLKIT_SESSION_ERROR,
- POLKIT_SESSION_ERROR_NO_RESOURCES,
- "InitiateAuth() failed due to lack of resources. Try again later."));
-
- return FALSE;
-}
-
-gboolean
-polkit_session_get_questions (PolicyKitSession *session,
- DBusGMethodInvocation *context)
-{
- int n;
- GSList *i;
- char **questions;
-
- if (!polkit_session_check_caller (session, context))
- return FALSE;
-
- /*g_debug ("in %s", __FUNCTION__);*/
-
- if (session->priv->auth_state != AUTH_STATE_HAVE_QUESTIONS) {
- dbus_g_method_return_error (context,
- g_error_new (POLKIT_SESSION_ERROR,
- POLKIT_SESSION_ERROR_NO_QUESTIONS,
- "There are currently no questions available."));
- return FALSE;
- }
-
- session->priv->auth_state = AUTH_STATE_NEED_ANSWERS;
-
- questions = g_new0 (char *, g_slist_length (session->priv->auth_questions) + 1);
- for (i = session->priv->auth_questions, n = 0; i != NULL; i = g_slist_next (i)) {
- char *question = (char *) i->data;
- questions[n++] = g_strdup (question);
- }
- questions[n] = NULL;
-
- dbus_g_method_return (context, questions);
- return TRUE;
-}
-
-gboolean
-polkit_session_provide_answers (PolicyKitSession *session,
- char **answers,
- DBusGMethodInvocation *context)
-{
- int i;
- GString *str;
- char *cstr;
- gsize strl;
- gsize num_bytes_written;
-
- if (!polkit_session_check_caller (session, context))
- return FALSE;
-
- /*g_debug ("in %s", __FUNCTION__);*/
-
- if (session->priv->auth_state != AUTH_STATE_NEED_ANSWERS) {
- dbus_g_method_return_error (context,
- g_error_new (POLKIT_SESSION_ERROR,
- POLKIT_SESSION_ERROR_NO_QUESTIONS,
- "There are currently no questions pending answers."));
- return FALSE;
- }
-
- session->priv->auth_state = AUTH_STATE_IN_PROGRESS;
-
- str = g_string_new ("");
- for (i = 0; answers[i] != NULL; i++) {
- /*g_debug ("answer %d: %s", i, answers[i]);*/
- g_string_append (str, answers[i]);
- g_string_append_c (str, '\0');
- }
- strl = str->len;
- cstr = g_string_free (str, FALSE);
- g_io_channel_write (session->priv->pam_channel_write, cstr, strl, &num_bytes_written);
- g_free (cstr);
-
- /*g_debug ("wanted to write %d bytes, wrote %d bytes", strl, num_bytes_written);*/
-
- dbus_g_method_return (context);
- return TRUE;
-}
-
-gboolean
-polkit_session_close (PolicyKitSession *session,
- DBusGMethodInvocation *context)
-{
- g_debug ("In polkit_session_close for session %d", session->priv->session_number);
-
- if (!polkit_session_check_caller (session, context))
- return FALSE;
-
- /* if we have a child... kill it */
- if (session->priv->child_pid != 0)
- kill (session->priv->child_pid, SIGTERM);
-
- g_object_unref (session);
-
- dbus_g_method_return (context);
- return TRUE;
-}
-
-gboolean
-polkit_session_grant_privilege_temporarily (PolicyKitSession *session,
- gboolean restrict_to_callers_system_bus_unique_name,
- DBusGMethodInvocation *context)
-{
- if (!polkit_session_check_caller (session, context))
- return FALSE;
-
- if (session->priv->auth_state != AUTH_STATE_DONE) {
- dbus_g_method_return_error (context,
- g_error_new (POLKIT_SESSION_ERROR,
- POLKIT_SESSION_ERROR_AUTHENTICATION_NOT_DONE,
- "Authentication is not done."));
- return FALSE;
- }
-
- if (!session->priv->is_authenticated) {
- dbus_g_method_return_error (context,
- g_error_new (POLKIT_SESSION_ERROR,
- POLKIT_SESSION_ERROR_AUTHENTICATION_FAILED,
- "User failed authentication."));
- return FALSE;
- }
-
- session->priv->grant_system_bus_name_unique_name_restriction = restrict_to_callers_system_bus_unique_name ?
- g_strdup (session->priv->calling_dbus_name) : NULL;
- if (!polkit_manager_add_temporary_privilege (session->priv->manager,
- session->priv->grant_to_uid,
- session->priv->grant_privilege,
- session->priv->grant_resource,
- session->priv->grant_system_bus_name_unique_name_restriction)) {
- g_warning ("Could not add tmp priv '%s' to uid %d for resource '%s' on connection '%s'",
- session->priv->grant_privilege,
- session->priv->grant_to_uid,
- session->priv->grant_resource,
- session->priv->grant_system_bus_name_unique_name_restriction);
- }
-
- session->priv->have_granted_temp_privileges = TRUE;
-
- dbus_g_method_return (context);
- return TRUE;
-}
-
-PolicyKitSession *
-polkit_session_new (DBusGConnection *connection,
- PolicyKitManager *manager,
- uid_t calling_uid,
- const char *calling_dbus_name,
- uid_t uid,
- const char *privilege,
- const char *resource,
- gboolean auth_as_root)
-{
- char *objpath;
- PolicyKitSession *session;
- static int session_number_base = 0;
-
- session = POLKIT_SESSION (g_object_new (POLKIT_TYPE_SESSION, NULL));
- session->priv->connection = dbus_g_connection_ref (connection);
- session->priv->session_number = session_number_base++;
- session->priv->manager = manager;
- objpath = g_strdup_printf ("/org/freedesktop/PolicyKit/sessions/%d", session->priv->session_number);
- dbus_g_connection_register_g_object (connection, objpath, G_OBJECT (session));
- g_free (objpath);
-
- session->priv->calling_uid = calling_uid;
- session->priv->calling_dbus_name = g_strdup (calling_dbus_name);
-
- session->priv->grant_to_uid = uid;
- session->priv->grant_privilege = g_strdup (privilege);
- session->priv->grant_resource = g_strdup (resource);
-
- /* TODO: look up auth_as_user from privilege configuration files */
- if (auth_as_root)
- session->priv->auth_as_user = g_strdup ("root");
- else
- session->priv->auth_as_user = policy_util_uid_to_name (uid, NULL);
- session->priv->auth_with_pam_service = g_strdup ("policy-kit");
-
- g_debug ("In polkit_session_new ; established session %d", session->priv->session_number);
-
- return session;
-}
-
-
-void
-polkit_session_initiator_disconnected (PolicyKitSession *session)
-{
- g_debug ("Initiator for session %d disconnected", session->priv->session_number);
-
- /* if we have a child... kill it */
- if (session->priv->child_pid != 0)
- kill (session->priv->child_pid, SIGTERM);
-
- if (session->priv->have_granted_temp_privileges) {
- g_debug (" Revoking temporary privilege %s on %s for uid %d on connection %s",
- session->priv->grant_privilege,
- session->priv->grant_resource,
- session->priv->grant_to_uid,
- session->priv->grant_system_bus_name_unique_name_restriction);
- if (!polkit_manager_remove_temporary_privilege (session->priv->manager,
- session->priv->grant_to_uid,
- session->priv->grant_privilege,
- session->priv->grant_resource,
- session->priv->grant_system_bus_name_unique_name_restriction,
- FALSE)) {
- g_warning ("Could not remove tmp priv '%s' to uid %d for resource '%s' on connection '%s'",
- session->priv->grant_privilege,
- session->priv->grant_to_uid,
- session->priv->grant_resource,
- session->priv->grant_system_bus_name_unique_name_restriction);
- }
- }
-}
diff --git a/polkitd/polkit-session.h b/polkitd/polkit-session.h
deleted file mode 100644
index 19fac2f..0000000
--- a/polkitd/polkit-session.h
+++ /dev/null
@@ -1,122 +0,0 @@
-/***************************************************************************
- * CVSID: $Id$
- *
- * polkit-session.h : Session object
- *
- * Copyright (C) 2006 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#ifndef _POLKIT_SESSION_H
-#define _POLKIT_SESSION_H
-
-#include <unistd.h>
-#include <glib.h>
-#include <glib-object.h>
-#include <dbus/dbus-glib.h>
-
-#include "polkit-manager.h"
-
-GQuark polkit_session_error_quark (void);
-
-#define POLKIT_SESSION_ERROR (polkit_session_error_quark ())
-
-typedef enum
-{
- POLKIT_SESSION_ERROR_AUTHENTICATION_IN_PROGRESS = 0,
- POLKIT_SESSION_ERROR_AUTHENTICATION_ALREADY_INITIATED = 1,
- POLKIT_SESSION_ERROR_NO_QUESTIONS = 2,
- POLKIT_SESSION_ERROR_AUTHENTICATION_WAS_NOT_DENIED = 3,
- POLKIT_SESSION_ERROR_NO_RESOURCES = 4,
- POLKIT_SESSION_ERROR_AUTHENTICATION_NOT_DONE = 5,
- POLKIT_SESSION_ERROR_AUTHENTICATION_FAILED = 6,
- POLKIT_SESSION_ERROR_NOT_INITIATOR = 7,
- POLKIT_SESSION_NUM_ERRORS
-} PolkitSessionError;
-
-GType polkit_session_error_get_type (void);
-#define POLKIT_SESSION_TYPE_ERROR (polkit_session_error_get_type ())
-
-typedef struct PolicyKitSession PolicyKitSession;
-typedef struct PolicyKitSessionClass PolicyKitSessionClass;
-
-GType polkit_session_get_type (void);
-
-typedef struct PolicyKitSessionPrivate PolicyKitSessionPrivate;
-
-struct PolicyKitSession
-{
- GObject parent;
-
- PolicyKitSessionPrivate *priv;
-};
-
-struct PolicyKitSessionClass
-{
- GObjectClass parent;
-};
-
-#define POLKIT_TYPE_SESSION (polkit_session_get_type ())
-#define POLKIT_SESSION(object) (G_TYPE_CHECK_INSTANCE_CAST ((object), POLKIT_TYPE_SESSION, PolicyKitSession))
-#define POLKIT_SESSION_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), POLKIT_TYPE_SESSION, PolicyKitSessionClass))
-#define POLKIT_IS_SESSION(object) (G_TYPE_CHECK_INSTANCE_TYPE ((object), POLKIT_TYPE_SESSION))
-#define POLKIT_IS_SESSION_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), POLKIT_TYPE_SESSION))
-#define POLKIT_SESSION_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), POLKIT_TYPE_SESSION, PolicyKitSessionClass))
-
-PolicyKitSession *polkit_session_new (DBusGConnection *connection,
- PolicyKitManager *manager,
- uid_t calling_uid,
- const char *calling_dbus_name,
- uid_t uid,
- const char *privilege,
- const char *resource,
- gboolean auth_as_root);
-
-/* remote methods */
-
-gboolean polkit_session_is_authenticated (PolicyKitSession *session,
- DBusGMethodInvocation *context);
-
-gboolean polkit_session_initiate_auth (PolicyKitSession *session,
- DBusGMethodInvocation *context);
-
-gboolean polkit_session_get_questions (PolicyKitSession *session,
- DBusGMethodInvocation *context);
-
-gboolean polkit_session_provide_answers (PolicyKitSession *session,
- char **answers,
- DBusGMethodInvocation *context);
-
-gboolean polkit_session_close (PolicyKitSession *session,
- DBusGMethodInvocation *context);
-
-gboolean polkit_session_get_auth_details (PolicyKitSession *session,
- DBusGMethodInvocation *context);
-
-gboolean polkit_session_get_auth_denied_reason (PolicyKitSession *session,
- DBusGMethodInvocation *context);
-
-gboolean polkit_session_grant_privilege_temporarily (PolicyKitSession *session,
- gboolean restrict_to_callers_system_bus_unique_name,
- DBusGMethodInvocation *context);
-
-/* local methods */
-
-void polkit_session_initiator_disconnected (PolicyKitSession *session);
-
-
-#endif /* _POLKIT_SESSION_H */
diff --git a/polkitd/polkitd-test.c b/polkitd/polkitd-test.c
deleted file mode 100644
index 3d37955..0000000
--- a/polkitd/polkitd-test.c
+++ /dev/null
@@ -1,275 +0,0 @@
-/***************************************************************************
- * CVSID: $Id$
- *
- * polkitd-test.c : Test harness for PolicyKit daemon
- *
- * Copyright (C) 2006 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-
-#include <glib/gstdio.h>
-
-#include "policy.h"
-
-static char *testdir;
-
-static void
-my_exit (int exit_code)
-{
- int rc;
- GDir *dir;
- GError *err;
- const char *f;
-
- g_print ("Removing tmpdir '%s'\n", testdir);
-
- err = NULL;
- if ((dir = g_dir_open (testdir, 0, &err)) == NULL) {
- g_warning ("Unable to open %s: %s", testdir, err->message);
- g_error_free (err);
- goto error;
- }
- while ((f = g_dir_read_name (dir)) != NULL) {
- char *file;
-
- file = g_strdup_printf ("%s/%s", testdir, f);
- rc = g_unlink (file);
- if (rc != 0) {
- g_warning ("Unable to unlink %s: %d (%s)", file, errno, strerror (errno));
- goto error;
- }
- g_free (file);
- }
-
- g_dir_close (dir);
-
- rc = g_rmdir (testdir);
- if (rc != 0) {
- g_warning ("Unable to rmdir %s: %d (%s)", testdir, errno, strerror (errno));
- goto error;
- }
-
-error:
- exit (exit_code);
-}
-
-static void
-do_check (const char *policy,
- uid_t uid,
- int num_gids,
- gid_t *gids,
- const char *resource,
- gboolean expected)
-{
- int i;
- gboolean allowed;
- gboolean is_temporary;
- char *gidstring;
- char **out_is_privileged_but_restricted;
- GString *str;
-
- str = g_string_new ("");
- for (i = 0; i < num_gids; i++) {
- if (i != 0)
- g_string_append (str, ", ");
- g_string_append_printf (str, "%d", gids[i]);
- }
- gidstring = g_string_free (str, FALSE);
-
- if (POLICY_RESULT_OK != policy_is_uid_gid_allowed_for_policy ( uid,
- num_gids,
- gids,
- policy,
- resource,
- &allowed,
- &is_temporary,
- out_is_privileged_but_restricted,
- NULL, NULL)) {
- g_warning ("fail: no policy %s", policy);
- my_exit (1);
- }
-
- if (allowed != expected) {
- g_warning ("fail: for uid %d (gids %s) expected %s on privilege '%s' for resource '%s' but got %s",
- uid, gidstring,
- expected ? "TRUE" : "FALSE",
- policy,
- (char*) (resource != NULL ? resource : ""),
- allowed ? "TRUE" : "FALSE");
- my_exit (1);
- }
-
- g_print ("pass: uid %d (gids %s) got %s on privilege '%s' for resource '%s'\n",
- uid, gidstring,
- expected ? "TRUE " : "FALSE",
- policy,
- (char*) (resource != NULL ? resource : ""));
-
- g_free (gidstring);
-}
-
-static void
-write_test_policy (const char *policy, const char *allow_rule, const char *deny_rule)
-{
- char *file;
- FILE *f;
-
- file = g_strdup_printf ("%s/%s.privilege", testdir, policy);
- f = fopen (file, "w");
- if (f == NULL) {
- g_warning ("Cannot created test policy '%s'", file);
- my_exit (1);
- }
- fprintf (f,
- "[Privilege]\n"
- "SufficientPrivileges=\n"
- "RequiredPrivileges=\n"
- "Allow=%s\n"
- "Deny=%s\n",
- allow_rule, deny_rule);
- fclose (f);
-
- g_print ("Created test policy '%s' at '%s'\n"
- " Allow '%s'\n"
- " Deny '%s'\n",
- policy, file, allow_rule, deny_rule);
-
- g_free (file);
-}
-
-static void
-do_read_tests (void)
-{
- gid_t gid500[1] = {500};
- int gid500_len = sizeof (gid500) / sizeof (gid_t);
- gid_t gid501[1] = {501};
- int gid501_len = sizeof (gid501) / sizeof (gid_t);
- gid_t gid502[1] = {502};
- int gid502_len = sizeof (gid502) / sizeof (gid_t);
-
- gid_t gid500_1[2] = {500, 1};
- int gid500_1_len = sizeof (gid500_1) / sizeof (gid_t);
- gid_t gid501_1[2] = {501, 1};
- int gid501_1_len = sizeof (gid501_1) / sizeof (gid_t);
- gid_t gid502_1[2] = {502, 1};
- int gid502_1_len = sizeof (gid502_1) / sizeof (gid_t);
-
- /* feel free to add more tests here */
-
- write_test_policy ("test0", "uid:__none__ uid:500", "");
- do_check ("test0", 500, gid500_len, gid500, NULL, TRUE);
- do_check ("test0", 501, gid501_len, gid501, NULL, FALSE);
- do_check ("test0", 502, gid502_len, gid502, NULL, FALSE);
-
- write_test_policy ("test1", "uid:__all__", "uid:500:res0");
- do_check ("test1", 500, gid500_len, gid500, NULL, TRUE);
- do_check ("test1", 501, gid501_len, gid501, NULL, TRUE);
- do_check ("test1", 502, gid502_len, gid502, NULL, TRUE);
- do_check ("test1", 500, gid500_len, gid500, "res0", FALSE);
- do_check ("test1", 501, gid501_len, gid501, "res0", TRUE);
- do_check ("test1", 502, gid502_len, gid502, "res0", TRUE);
- do_check ("test1", 500, gid500_len, gid500, "res1", TRUE);
- do_check ("test1", 501, gid501_len, gid501, "res1", TRUE);
- do_check ("test1", 502, gid502_len, gid502, "res1", TRUE);
-
- write_test_policy ("test2", "gid:1", "uid:501");
- do_check ("test2", 500, gid500_len, gid500, NULL, FALSE);
- do_check ("test2", 501, gid501_len, gid501, NULL, FALSE);
- do_check ("test2", 502, gid502_len, gid502, NULL, FALSE);
- do_check ("test2", 500, gid500_1_len, gid500_1, NULL, TRUE);
- do_check ("test2", 501, gid501_1_len, gid501_1, NULL, FALSE);
- do_check ("test2", 502, gid502_1_len, gid502_1, NULL, TRUE);
-
- write_test_policy ("test3", "gid:1 uid:502:res1", "uid:501 uid:500:res0");
- do_check ("test3", 500, gid500_1_len, gid500_1, "res0", FALSE);
- do_check ("test3", 501, gid501_1_len, gid501_1, "res0", FALSE);
- do_check ("test3", 502, gid502_1_len, gid502_1, "res0", TRUE);
- do_check ("test3", 500, gid500_1_len, gid500_1, "res1", TRUE);
- do_check ("test3", 501, gid501_1_len, gid501_1, "res1", FALSE);
- do_check ("test3", 502, gid502_1_len, gid502_1, "res1", TRUE);
- do_check ("test3", 500, gid500_len, gid500, "res1", FALSE);
- do_check ("test3", 501, gid501_len, gid501, "res1", FALSE);
- do_check ("test3", 502, gid502_len, gid502, "res1", TRUE);
-
- write_test_policy ("test4", "gid:1:res1 uid:500:res2", "gid:502:res2");
- do_check ("test4", 500, gid500_1_len, gid500_1, "res0", FALSE);
- do_check ("test4", 501, gid501_1_len, gid501_1, "res0", FALSE);
- do_check ("test4", 502, gid502_1_len, gid502_1, "res0", FALSE);
- do_check ("test4", 500, gid500_1_len, gid500_1, "res1", TRUE);
- do_check ("test4", 501, gid501_1_len, gid501_1, "res1", TRUE);
- do_check ("test4", 502, gid502_1_len, gid502_1, "res1", TRUE);
- do_check ("test4", 500, gid500_len, gid500, "res2", TRUE);
- do_check ("test4", 501, gid501_len, gid501, "res2", FALSE);
- do_check ("test4", 502, gid502_len, gid502, "res2", FALSE);
-
- write_test_policy ("test5", "gid:1", "uid:500:res-has-:colon-in-name");
- do_check ("test5", 500, gid500_1_len, gid500_1, "res-has-:colon-in-name", FALSE);
- do_check ("test5", 501, gid501_1_len, gid501_1, "res-has-:colon-in-name", TRUE);
- do_check ("test5", 502, gid502_1_len, gid502_1, "res-has-:colon-in-name", TRUE);
- do_check ("test5", 500, gid500_len, gid500, "res-has-:colon-in-name", FALSE);
- do_check ("test5", 501, gid501_len, gid501, "res-has-:colon-in-name", FALSE);
- do_check ("test5", 502, gid502_len, gid502, "res-has-:colon-in-name", FALSE);
-
-}
-
-int
-main (int argc, char *argv[])
-{
- int i;
- GList *l;
- GList *policies;
-
- testdir = g_strdup ("/tmp/policy-test-XXXXXX");
- testdir = mkdtemp (testdir);
- if (testdir == NULL) {
- g_warning ("Cannot create tmpdir, errno %d (%s)", errno, strerror (errno));
- g_free (testdir);
- exit (1);
- }
-
- g_message ("policy-test started; using tmpdir=%s", testdir);
-
- policy_util_set_policy_directory (testdir);
-
- do_read_tests ();
-
- if (policy_get_policies (&policies) != POLICY_RESULT_OK) {
- g_message ("Cannot get policies");
- goto fail;
- }
- g_print ("Loaded %d policies\n", g_list_length (policies));
- for (l = policies, i = 0; l != NULL; l = g_list_next (l), i++) {
- const char *policy;
- policy = (const char *) l->data;
- g_print (" policy %d: '%s'\n", i, policy);
- }
- g_list_foreach (policies, (GFunc) g_free, NULL);
- g_list_free (policies);
-
- g_print ("policy-test completed\n");
-
- my_exit (0);
-
-fail:
- my_exit (1);
- return 1;
-}
diff --git a/polkitd/run-polkitd.sh b/polkitd/run-polkitd.sh
deleted file mode 100755
index c8ce52f..0000000
--- a/polkitd/run-polkitd.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/sh
-
-./polkitd --no-daemon --verbose
-
-
-
-
diff --git a/polkitd/valgrind-polkitd.sh b/polkitd/valgrind-polkitd.sh
deleted file mode 100755
index 208d38a..0000000
--- a/polkitd/valgrind-polkitd.sh
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/sh
-
-valgrind --num-callers=20 --show-reachable=yes --leak-check=yes --tool=memcheck ./polkitd --no-daemon --verbose
-
diff --git a/privileges/.gitignore b/privileges/.gitignore
deleted file mode 100644
index 8f1b0d9..0000000
--- a/privileges/.gitignore
+++ /dev/null
@@ -1,3 +0,0 @@
-Makefile
-Makefile.in
-*.o
diff --git a/privileges/Makefile.am b/privileges/Makefile.am
deleted file mode 100644
index ba9463c..0000000
--- a/privileges/Makefile.am
+++ /dev/null
@@ -1,7 +0,0 @@
-
-privilegedir = $(sysconfdir)/PolicyKit/privilege.d
-
-dist_privilege_DATA = desktop-console.privilege
-
-clean-local :
- rm -f *~
diff --git a/privileges/desktop-console.privilege b/privileges/desktop-console.privilege
deleted file mode 100644
index dbd4712..0000000
--- a/privileges/desktop-console.privilege
+++ /dev/null
@@ -1,14 +0,0 @@
-
-# This privilege signfies that users holding it are logged into a
-# physical console attached to the system. Thus, it is useful for
-# other privileges for manipulating local devices to simply require
-# this privilege.
-
-[Privilege]
-RequiredPrivileges=
-SufficientPrivileges=
-Allow=
-Deny=
-CanObtain=False
-CanGrant=False
-ObtainRequireRoot=True
diff --git a/tools/Makefile.am b/tools/Makefile.am
index a16814b..3f2f794 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -12,26 +12,7 @@ INCLUDES = \
@GLIB_CFLAGS@ \
@DBUS_CFLAGS@
-bin_PROGRAMS = \
- polkit-is-privileged \
- polkit-list-privileges \
- polkit-grant-privilege \
- polkit-revoke-privilege
-
-polkit_is_privileged_SOURCES = polkit-is-privileged.c
-polkit_is_privileged_LDADD = @DBUS_CFLAGS@ @GLIB_LIBS@ $(top_builddir)/libpolkit/libpolkit.la
-
-polkit_list_privileges_SOURCES = polkit-list-privileges.c
-polkit_list_privileges_LDADD = @DBUS_CFLAGS@ @GLIB_LIBS@ $(top_builddir)/libpolkit/libpolkit.la
-
-polkit_grant_privilege_SOURCES= \
- polkit-grant-privilege.c
-
-polkit_grant_privilege_LDADD= @DBUS_GLIB_LIBS@ @GLIB_LIBS@ $(top_builddir)/libpolkit/libpolkit.la $(top_builddir)/libpolkit/libpolkit-grant.la
-
-polkit_revoke_privilege_SOURCES= \
- polkit-revoke-privilege.c
-polkit_revoke_privilege_LDADD= @DBUS_GLIB_LIBS@ @GLIB_LIBS@ $(top_builddir)/libpolkit/libpolkit.la
+bin_PROGRAMS =
clean-local :
rm -f *~
diff --git a/tools/polkit-grant-privilege.c b/tools/polkit-grant-privilege.c
deleted file mode 100644
index 24b32d4..0000000
--- a/tools/polkit-grant-privilege.c
+++ /dev/null
@@ -1,331 +0,0 @@
-/***************************************************************************
- * CVSID: $Id$
- *
- * polkit-grant-privilege.c : Grant privileges
- *
- * Copyright (C) 2006 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <getopt.h>
-#include <string.h>
-#include <errno.h>
-
-#include <glib/gstdio.h>
-#include <dbus/dbus-glib.h>
-#include <dbus/dbus-glib-lowlevel.h>
-
-#include <libpolkit/libpolkit.h>
-#include <libpolkit/libpolkit-grant.h>
-
-
-static gboolean is_verbose = FALSE;
-
-
-static void
-questions_cb (LibPolKitGrantContext *ctx,
- const char **questions,
- gpointer user_data)
-{
- int i;
- int num_a;
- char **answers;
- static gboolean showed_user = FALSE;
-
-
- /* print banner for user if we are going to ask questions */
- if (!showed_user) {
- const char *auth_user;
- const char *auth_pam_svc;
-
- showed_user = TRUE;
-
- auth_user = libpolkit_grant_get_user_for_auth (ctx);
- auth_pam_svc = libpolkit_grant_get_pam_service_for_auth (ctx);
-
- if (libpolkit_grant_get_resource (ctx) != NULL) {
- g_print ("\n"
- "Authentication needed for user '%s' in order to grant the\n"
- "privilege '%s' to user '%s' for the \n"
- "resource '%s'.\n"
- "\n"
- "The privilege is configured to use PAM service '%s'.\n"
- "\n",
- auth_user,
- libpolkit_grant_get_privilege (ctx),
- libpolkit_grant_get_user (ctx),
- libpolkit_grant_get_resource (ctx),
- auth_pam_svc);
- } else {
- g_print ("\n"
- "Authentication needed for user '%s' in order to grant the\n"
- "privilege '%s' to user '%s'.\n"
- "\n"
- "The privilege is configured to use PAM service '%s'.\n"
- "\n",
- auth_user,
- libpolkit_grant_get_privilege (ctx),
- libpolkit_grant_get_user (ctx),
- auth_pam_svc);
- }
- }
-
-
- answers = g_new0 (char *, g_strv_length ((char **) questions) + 1);
- num_a = 0;
-
- for (i = 0; questions[i] != NULL && questions[i+1] != NULL; i++) {
- char *answer;
- const char *question = questions[i+1];
- const char *qtype = questions[i];
-
- /*g_debug ("Question 1: '%s' (pamtype %s)\n(warning; secret will be echoed to stdout)", question, qtype);*/
-
- if (strcmp (qtype, "PamPromptEchoOff") == 0) {
- answer = getpass (question);
- answers[num_a++] = g_strdup (answer);
-
- /*g_debug ("Provding answer: '%s'", answer);*/
-
- } else if (strcmp (qtype, "PamPromptEchoOn") == 0) {
- char buf[1024];
-
- fputs (question, stderr);
- answer = fgets ((char *) question, sizeof (buf), stdin);
- answers[num_a++] = g_strdup (answer);
-
- /*g_debug ("Provding answer: '%s'", answer);*/
-
- } else if (strcmp (qtype, "PamErrorMsg") == 0) {
- /*g_debug ("Not providing answer");*/
- ;
- } else if (strcmp (qtype, "PamTextInfo") == 0) {
- /*g_debug ("Not providing answer");*/
- ;
- }
- }
- answers[num_a] = NULL;
-
- libpolkit_grant_provide_answers (ctx, (const char **) answers);
-
- g_strfreev (answers);
-}
-
-static void
-grant_complete_cb (LibPolKitGrantContext *ctx,
- gboolean obtained_privilege,
- const char *reason_not_obtained,
- gpointer user_data)
-{
- if (!obtained_privilege) {
- g_print ("Privilege not granted: %s\n", reason_not_obtained != NULL ? reason_not_obtained : "(null)");
- } else {
- /* keep the privilege */
- libpolkit_grant_close (ctx, FALSE);
- }
-
- libpolkit_grant_free_context (ctx);
-
- exit (0);
-}
-
-
-
-static void
-usage (int argc, char *argv[])
-{
- fprintf (stderr, "polkit-grant-privilege version " PACKAGE_VERSION "\n");
-
- fprintf (stderr, "\n" "usage : %s -p <privilege> [-u user] [-r <resource>]\n", argv[0]);
- fprintf (stderr,
- "\n"
- "Options:\n"
- " -u, --user User to grant privilege to\n"
- " -p, --privilege Privilege to grant\n"
- " -r, --resource Resource\n"
- " -h, --help Show this information and exit\n"
- " -v, --verbose Verbose operation\n"
- " -V, --version Print version number\n"
- "\n"
- "Grant a privilege for accessing a resource. The resource may\n"
- "be omitted.\n");
-}
-
-int
-main (int argc, char **argv)
-{
- int rc;
- GError *error = NULL;
- DBusGConnection *bus;
- char *user = NULL;
- char *resource = NULL;
- char *privilege = NULL;
- static const struct option long_options[] = {
- {"user", required_argument, NULL, 'u'},
- {"resource", required_argument, NULL, 'r'},
- {"privilege", required_argument, NULL, 'p'},
- {"help", no_argument, NULL, 'h'},
- {"verbose", no_argument, NULL, 'v'},
- {"version", no_argument, NULL, 'V'},
- {NULL, 0, NULL, 0}
- };
- gboolean is_privileged = FALSE;
- gboolean is_temporary = FALSE;
- LibPolKitResult result;
- LibPolKitGrantContext *gctx;
- LibPolKitContext *ctx;
- GMainLoop *mainloop;
-
- g_type_init ();
-
- mainloop = g_main_loop_new (NULL, FALSE);
-
-
- rc = 1;
-
- while (TRUE) {
- int c;
-
- c = getopt_long (argc, argv, "u:r:p:hVv", long_options, NULL);
-
- if (c == -1)
- break;
-
- switch (c) {
- case 'u':
- user = g_strdup (optarg);
- break;
-
- case 'r':
- resource = g_strdup (optarg);
- break;
-
- case 'p':
- privilege = g_strdup (optarg);
- break;
-
- case 'v':
- is_verbose = TRUE;
- break;
-
- case 'h':
- usage (argc, argv);
- rc = 0;
- goto out;
-
- case 'V':
- printf ("polkit-grant-privilege version " PACKAGE_VERSION "\n");
- rc = 0;
- goto out;
-
- default:
- usage (argc, argv);
- goto out;
- }
- }
-
- if (privilege == NULL) {
- usage (argc, argv);
- return 1;
- }
-
- if (user == NULL) {
- user = g_strdup (g_get_user_name ());
- }
-
- bus = dbus_g_bus_get (DBUS_BUS_SYSTEM, &error);
- if (bus == NULL) {
- g_warning ("dbus_g_bus_get: %s", error->message);
- g_error_free (error);
- return 1;
- }
-
- gctx = libpolkit_grant_new_context (bus,
- user,
- privilege,
- resource,
- FALSE,
- NULL);
- if (gctx == NULL) {
- g_warning ("Cannot initialize new grant context");
- goto out;
- }
-
- ctx = libpolkit_grant_get_libpolkit_context (gctx);
- result = libpolkit_is_uid_allowed_for_privilege (ctx,
- NULL,
- user,
- privilege,
- resource,
- &is_privileged,
- &is_temporary,
- NULL);
- switch (result) {
- case LIBPOLKIT_RESULT_OK:
- if (is_privileged) {
- if (resource == NULL) {
- g_print ("User '%s' already has privilege '%s'.\n", user, privilege);
- } else {
- g_print ("User '%s' already has privilege '%s' for accessing\n"
- "resource '%s'.\n",
- user, privilege, resource);
- }
- rc = 0;
- goto out;
- }
- break;
-
- case LIBPOLKIT_RESULT_ERROR:
- g_print ("Error granting resource.\n");
- goto out;
-
- case LIBPOLKIT_RESULT_INVALID_CONTEXT:
- g_print ("Invalid context.\n");
- goto out;
-
- case LIBPOLKIT_RESULT_NOT_PRIVILEGED:
- g_print ("Not privileged.\n");
- goto out;
-
- case LIBPOLKIT_RESULT_NO_SUCH_PRIVILEGE:
- g_print ("No such privilege '%s'.\n", privilege);
- goto out;
-
- case LIBPOLKIT_RESULT_NO_SUCH_USER:
- g_print ("No such user '%s'.\n", user);
- goto out;
- }
-
- libpolkit_grant_set_questions_handler (gctx, questions_cb);
- libpolkit_grant_set_grant_complete_handler (gctx, grant_complete_cb);
-
- if (!libpolkit_grant_initiate_temporary_grant (gctx)) {
- g_warning ("Cannot initiate temporary grant; bailing out");
- goto out;
- }
-
- g_main_loop_run (mainloop);
-
-out:
- return rc;
-}
diff --git a/tools/polkit-is-privileged.c b/tools/polkit-is-privileged.c
deleted file mode 100644
index e6e0cf6..0000000
--- a/tools/polkit-is-privileged.c
+++ /dev/null
@@ -1,203 +0,0 @@
-/***************************************************************************
- * CVSID: $Id$
- *
- * polkit-is-privileged.c : Determine if a user has privileges
- *
- * Copyright (C) 2006 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <getopt.h>
-#include <dbus/dbus.h>
-
-#include <libpolkit/libpolkit.h>
-
-static void
-usage (int argc, char *argv[])
-{
- fprintf (stderr, "polkit-is-privileged version " PACKAGE_VERSION "\n");
-
- fprintf (stderr,
- "\n"
- "usage : %s -u <uid> -p <privilege> [-r <resource>]\n"
- " [-s <system-bus-connection-name>]", argv[0]);
- fprintf (stderr,
- "\n"
- "Options:\n"
- " -u, --user Username or user id\n"
- " -s, --system-bus-unique-name Unique system bus connection name\n"
- " -r, --resource Resource\n"
- " -p, --privilege Privilege to test for\n"
- " -h, --help Show this information and exit\n"
- " -v, --verbose Verbose operation\n"
- " -V, --version Print version number\n"
- "\n"
- "Queries system policy whether a given user is allowed for a given\n"
- "privilege for a given resource. The resource may be omitted.\n"
- "\n");
-}
-
-int
-main (int argc, char *argv[])
-{
- int rc;
- char *user = NULL;
- char *privilege = NULL;
- char *resource = NULL;
- char *system_bus_unique_name = NULL;
- static const struct option long_options[] = {
- {"user", required_argument, NULL, 'u'},
- {"system-bus-unique-name", required_argument, NULL, 's'},
- {"resource", required_argument, NULL, 'r'},
- {"privilege", required_argument, NULL, 'p'},
- {"help", no_argument, NULL, 'h'},
- {"verbose", no_argument, NULL, 'v'},
- {"version", no_argument, NULL, 'V'},
- {NULL, 0, NULL, 0}
- };
- LibPolKitContext *ctx = NULL;
- gboolean is_allowed;
- gboolean is_temporary;
- LibPolKitResult result;
- gboolean is_verbose = FALSE;
- DBusError error;
- DBusConnection *connection;
-
- rc = 1;
-
- while (TRUE) {
- int c;
-
- c = getopt_long (argc, argv, "u:r:p:s:hVv", long_options, NULL);
-
- if (c == -1)
- break;
-
- switch (c) {
- case 's':
- system_bus_unique_name = g_strdup (optarg);
- break;
-
- case 'u':
- user = g_strdup (optarg);
- break;
-
- case 'r':
- resource = g_strdup (optarg);
- break;
-
- case 'p':
- privilege = g_strdup (optarg);
- break;
-
- case 'v':
- is_verbose = TRUE;
- break;
-
- case 'h':
- usage (argc, argv);
- rc = 0;
- goto out;
-
- case 'V':
- printf ("polkit-is-privileged version " PACKAGE_VERSION "\n");
- rc = 0;
- goto out;
-
- default:
- usage (argc, argv);
- goto out;
- }
- }
-
- if (user == NULL || privilege == NULL) {
- usage (argc, argv);
- return 1;
- }
-
- if (is_verbose) {
- printf ("user = '%s'\n", user);
- printf ("privilege = '%s'\n", privilege);
- printf ("resource = '%s'\n", resource);
- }
-
- dbus_error_init (&error);
- connection = dbus_bus_get (DBUS_BUS_SYSTEM, &error);
- if (connection == NULL) {
- g_warning ("Cannot connect to system message bus");
- return 1;
- }
-
-
- ctx = libpolkit_new_context (connection);
- if (ctx == NULL) {
- g_warning ("Cannot get libpolkit context");
- goto out;
- }
-
- result = libpolkit_is_uid_allowed_for_privilege (ctx,
- system_bus_unique_name,
- user,
- privilege,
- resource,
- &is_allowed,
- &is_temporary,
- NULL);
- switch (result) {
- case LIBPOLKIT_RESULT_OK:
- rc = is_allowed ? 0 : 1;
- break;
-
- case LIBPOLKIT_RESULT_ERROR:
- g_warning ("Error determing whether user is privileged.");
- break;
-
- case LIBPOLKIT_RESULT_INVALID_CONTEXT:
- g_print ("Invalid context.\n");
- goto out;
-
- case LIBPOLKIT_RESULT_NOT_PRIVILEGED:
- g_print ("Not privileged.\n");
-
- case LIBPOLKIT_RESULT_NO_SUCH_PRIVILEGE:
- g_print ("No such privilege '%s'.\n", privilege);
- goto out;
-
- case LIBPOLKIT_RESULT_NO_SUCH_USER:
- g_print ("No such user '%s'.\n", user);
- goto out;
- }
-
- if (is_verbose) {
- printf ("result %d\n", result);
- printf ("is_allowed %d\n", is_allowed);
- }
-
-out:
- if (ctx != NULL)
- libpolkit_free_context (ctx);
-
- return rc;
-}
-
diff --git a/tools/polkit-list-privileges.c b/tools/polkit-list-privileges.c
deleted file mode 100644
index bd7e941..0000000
--- a/tools/polkit-list-privileges.c
+++ /dev/null
@@ -1,209 +0,0 @@
-/***************************************************************************
- * CVSID: $Id$
- *
- * polkit-list-privileges.c : List privileges possesed by a user
- *
- * Copyright (C) 2006 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-#include <dbus/dbus.h>
-
-#include <libpolkit/libpolkit.h>
-
-static void
-usage (int argc, char *argv[])
-{
- fprintf (stderr, "polkit-list-privileges version " PACKAGE_VERSION "\n");
-
- fprintf (stderr, "\n" "usage : %s [-u <user>]\n", argv[0]);
- fprintf (stderr,
- "\n"
- "Options:\n"
- " -u, --user Username or user id\n"
- " -h, --help Show this information and exit\n"
- " -v, --verbose Verbose operation\n"
- " -V, --version Print version number\n"
- "\n"
- "Lists privileges for a given user.\n"
- "\n");
-}
-
-int
-main (int argc, char *argv[])
-{
- int rc;
- char *user = NULL;
- static const struct option long_options[] = {
- {"user", required_argument, NULL, 'u'},
- {"help", no_argument, NULL, 'h'},
- {"verbose", no_argument, NULL, 'v'},
- {"version", no_argument, NULL, 'V'},
- {NULL, 0, NULL, 0}
- };
- LibPolKitContext *ctx = NULL;
- gboolean is_verbose = FALSE;
- DBusError error;
- DBusConnection *connection;
- int i;
- GList *l;
- GList *privilege_list;
-
- rc = 1;
-
- while (TRUE) {
- int c;
-
- c = getopt_long (argc, argv, "u:p:hVv", long_options, NULL);
-
- if (c == -1)
- break;
-
- switch (c) {
- case 'u':
- user = g_strdup (optarg);
- break;
-
- case 'v':
- is_verbose = TRUE;
- break;
-
- case 'h':
- usage (argc, argv);
- rc = 0;
- goto out;
-
- case 'V':
- printf ("polkit-list-privileges version " PACKAGE_VERSION "\n");
- rc = 0;
- goto out;
-
- default:
- usage (argc, argv);
- goto out;
- }
- }
-
- if (user == NULL) {
- user = g_strdup (g_get_user_name ());
- }
-
- if (is_verbose) {
- printf ("user = '%s'\n", user);
- }
-
- dbus_error_init (&error);
- connection = dbus_bus_get (DBUS_BUS_SYSTEM, &error);
- if (connection == NULL) {
- g_warning ("Cannot connect to system message bus");
- return 1;
- }
-
-
- ctx = libpolkit_new_context (connection);
- if (ctx == NULL) {
- g_warning ("Cannot get libpolkit context");
- goto out;
- }
-
- if (libpolkit_get_privilege_list (ctx, &privilege_list) != LIBPOLKIT_RESULT_OK) {
- g_warning ("Cannot get privilege_list");
- goto out;
- }
- for (l = privilege_list, i = 0; l != NULL; l = g_list_next (l), i++) {
- const char *privilege;
- gboolean is_allowed;
- gboolean is_temporary;
- char *is_privileged_but_restricted_to;
- GList *j;
- GList *k;
- GList *resources;
- GList *restrictions;
- int num_non_temporary;
-
- privilege = (const char *) l->data;
- if (is_verbose) {
- g_print ("testing user %s for privilege '%s'\n", user, privilege);
- }
-
- if (libpolkit_is_uid_allowed_for_privilege (ctx,
- NULL,
- user,
- privilege,
- NULL,
- &is_allowed,
- &is_temporary,
- &is_privileged_but_restricted_to) == LIBPOLKIT_RESULT_OK) {
- if (is_allowed) {
- g_print ("privilege %s%s\n", privilege, is_temporary ? " (temporary)" : "");
- } else if (is_privileged_but_restricted_to != NULL) {
- g_print ("privilege %s (temporary) (restricted to %s)\n",
- privilege, is_privileged_but_restricted_to);
- }
-
- if (libpolkit_get_allowed_resources_for_privilege_for_uid (
- ctx,
- user,
- privilege,
- &resources,
- &restrictions,
- &num_non_temporary) == LIBPOLKIT_RESULT_OK) {
- int n;
-
- for (j = resources, k = restrictions, n = 0; j != NULL; j = g_list_next (j), k = g_list_next (k), n++) {
- const char *resource;
- const char *restriction;
- resource = (const char *) j->data;
- restriction = (const char *) k->data;
- g_print ("resource %s privilege %s%s",
- resource, privilege,
- n >= num_non_temporary ? " (temporary)" : "");
- if (strlen (restriction) > 0)
- g_print (" (restricted to %s)\n", restriction);
- else
- g_print ("\n");
- }
- g_list_foreach (resources, (GFunc) g_free, NULL);
- g_list_free (resources);
- g_list_foreach (restrictions, (GFunc) g_free, NULL);
- g_list_free (restrictions);
- }
- }
-
-
-
- }
- g_list_foreach (privilege_list, (GFunc) g_free, NULL);
- g_list_free (privilege_list);
-
- rc = 0;
-
-out:
- if (ctx != NULL)
- libpolkit_free_context (ctx);
-
- return rc;
-}
diff --git a/tools/polkit-revoke-privilege.c b/tools/polkit-revoke-privilege.c
deleted file mode 100644
index 2e75b8b..0000000
--- a/tools/polkit-revoke-privilege.c
+++ /dev/null
@@ -1,198 +0,0 @@
-/***************************************************************************
- * CVSID: $Id$
- *
- * polkit-grant-privilege.c : Grant privileges
- *
- * Copyright (C) 2006 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <getopt.h>
-#include <string.h>
-#include <errno.h>
-
-#include <glib/gstdio.h>
-#include <dbus/dbus-glib.h>
-#include <dbus/dbus-glib-lowlevel.h>
-
-#include <libpolkit/libpolkit.h>
-
-static void
-usage (int argc, char *argv[])
-{
- fprintf (stderr, "polkit-revoke-privilege version " PACKAGE_VERSION "\n");
-
- fprintf (stderr, "\n" "usage : %s -p <privilege> [-u user] [-r <resource>]\n", argv[0]);
- fprintf (stderr,
- "\n"
- "Options:\n"
- " -u, --user User to revoke privilege from\n"
- " -p, --privilege Privilege to revoke\n"
- " -r, --resource Resource\n"
- " -h, --help Show this information and exit\n"
- " -v, --verbose Verbose operation\n"
- " -V, --version Print version number\n"
- "\n"
- "Revokes a privilege for accessing a resource. The resource may\n"
- "be omitted.\n");
-}
-
-static gboolean is_verbose = FALSE;
-
-int
-main (int argc, char **argv)
-{
- int rc;
- GError *error = NULL;
- DBusGConnection *bus;
- LibPolKitContext *ctx;
- char *user = NULL;
- char *resource = NULL;
- char *privilege = NULL;
- static const struct option long_options[] = {
- {"user", required_argument, NULL, 'u'},
- {"resource", required_argument, NULL, 'r'},
- {"privilege", required_argument, NULL, 'p'},
- {"help", no_argument, NULL, 'h'},
- {"verbose", no_argument, NULL, 'v'},
- {"version", no_argument, NULL, 'V'},
- {NULL, 0, NULL, 0}
- };
- gboolean was_revoked;
-
- g_type_init ();
-
- rc = 1;
-
- while (TRUE) {
- int c;
-
- c = getopt_long (argc, argv, "u:r:p:hVv", long_options, NULL);
-
- if (c == -1)
- break;
-
- switch (c) {
- case 'u':
- user = g_strdup (optarg);
- break;
-
- case 'r':
- resource = g_strdup (optarg);
- break;
-
- case 'p':
- privilege = g_strdup (optarg);
- break;
-
- case 'v':
- is_verbose = TRUE;
- break;
-
- case 'h':
- usage (argc, argv);
- rc = 0;
- goto out;
-
- case 'V':
- printf ("polkit-grant-privilege version " PACKAGE_VERSION "\n");
- rc = 0;
- goto out;
-
- default:
- usage (argc, argv);
- goto out;
- }
- }
-
- if (privilege == NULL) {
- usage (argc, argv);
- return 1;
- }
-
- if (user == NULL) {
- user = g_strdup (g_get_user_name ());
- }
-
- bus = dbus_g_bus_get (DBUS_BUS_SYSTEM, &error);
- if (bus == NULL) {
- g_warning ("dbus_g_bus_get: %s", error->message);
- g_error_free (error);
- return 1;
- }
-
- ctx = libpolkit_new_context (dbus_g_connection_get_connection (bus));
-
- LibPolKitResult result;
-
- result = libpolkit_revoke_temporary_privilege (ctx,
- user,
- privilege,
- resource,
- &was_revoked);
- switch (result) {
- case LIBPOLKIT_RESULT_OK:
- if (was_revoked) {
- if (resource == NULL) {
- g_print ("Privilege '%s' succesfully revoked from user '%s'.\n", privilege, user);
- } else {
- g_print ("Privilege '%s' succesfully revoked from user '%s' on\n"
- "resource '%s'.\n",
- privilege, user, resource);
- }
- rc = 0;
- goto out;
- }
- break;
-
- case LIBPOLKIT_RESULT_ERROR:
- g_print ("Error: There was an error granting the privilege.\n");
- goto out;
-
- case LIBPOLKIT_RESULT_INVALID_CONTEXT:
- g_print ("Error: Invalid context.\n");
- goto out;
-
- case LIBPOLKIT_RESULT_NOT_PRIVILEGED:
- g_print ("Error: Not privileged to perform this operation.\n");
- goto out;
-
- case LIBPOLKIT_RESULT_NO_SUCH_PRIVILEGE:
- if (resource == NULL) {
- g_print ("Error: User '%s' does not have privilege '%s'.\n", user, privilege);
- } else {
- g_print ("Error: User '%s' does not have privilege '%s' for accessing\n"
- "resource '%s'.\n",
- user, privilege, resource);
- }
- goto out;
-
- case LIBPOLKIT_RESULT_NO_SUCH_USER:
- g_print ("Error: No such user '%s'.\n", user);
- goto out;
- }
-
-
-out:
- return rc;
-}
More information about the hal-commit
mailing list