PolicyKit: Branch 'master' - 2 commits
David Zeuthen
david at kemper.freedesktop.org
Thu Nov 8 09:40:59 PST 2007
Makefile.am | 6
configure.in | 7
doc/Makefile.am | 12
polkit-dbus/Makefile.am | 47
polkit-dbus/polkit-dbus.c | 1492 -----------------
polkit-dbus/polkit-dbus.h | 66
polkit-dbus/polkit-read-auth-helper.c | 471 -----
polkit-grant/Makefile.am | 89 -
polkit-grant/polkit-authorization-db-dummy-write.c | 96 -
polkit-grant/polkit-authorization-db-write.c | 680 -------
polkit-grant/polkit-explicit-grant-helper.c | 268 ---
polkit-grant/polkit-grant-helper-pam.c | 232 --
polkit-grant/polkit-grant-helper.c | 842 ---------
polkit-grant/polkit-grant.c | 538 ------
polkit-grant/polkit-grant.h | 369 ----
polkit-grant/polkit-revoke-helper.c | 379 ----
polkit/.gitignore | 9
polkit/Makefile.am | 149 -
polkit/polkit-action.c | 304 ---
polkit/polkit-action.h | 55
polkit/polkit-authorization-constraint.c | 491 -----
polkit/polkit-authorization-constraint.h | 94 -
polkit/polkit-authorization-db-dummy.c | 191 --
polkit/polkit-authorization-db.c | 848 ---------
polkit/polkit-authorization-db.h | 156 -
polkit/polkit-authorization.c | 567 ------
polkit/polkit-authorization.h | 100 -
polkit/polkit-caller.c | 455 -----
polkit/polkit-caller.h | 61
polkit/polkit-config.c | 772 --------
polkit/polkit-config.h | 87
polkit/polkit-context.c | 803 ---------
polkit/polkit-context.h | 190 --
polkit/polkit-debug.c | 81
polkit/polkit-debug.h | 33
polkit/polkit-error.c | 246 --
polkit/polkit-error.h | 88 -
polkit/polkit-hash.c | 560 ------
polkit/polkit-hash.h | 147 -
polkit/polkit-list.c | 330 ---
polkit/polkit-list.h | 85
polkit/polkit-memory.c | 373 ----
polkit/polkit-memory.h | 75
polkit/polkit-policy-cache.c | 355 ----
polkit/polkit-policy-cache.h | 75
polkit/polkit-policy-default.c | 442 -----
polkit/polkit-policy-default.h | 67
polkit/polkit-policy-file-entry.c | 471 -----
polkit/polkit-policy-file-entry.h | 76
polkit/polkit-policy-file.c | 809 ---------
polkit/polkit-policy-file.h | 67
polkit/polkit-private.h | 107 -
polkit/polkit-result.c | 152 -
polkit/polkit-result.h | 110 -
polkit/polkit-seat.c | 231 --
polkit/polkit-seat.h | 53
polkit/polkit-session.c | 501 -----
polkit/polkit-session.h | 64
polkit/polkit-sysdeps.c | 159 -
polkit/polkit-sysdeps.h | 45
polkit/polkit-test.c | 112 -
polkit/polkit-test.h | 69
polkit/polkit-types.h | 105 -
polkit/polkit-utils.c | 153 -
polkit/polkit-utils.h | 41
polkit/polkit.h | 52
polkitd/Makefile.am | 6
src/polkit-dbus/Makefile.am | 47
src/polkit-dbus/polkit-dbus.c | 1492 +++++++++++++++++
src/polkit-dbus/polkit-dbus.h | 66
src/polkit-dbus/polkit-read-auth-helper.c | 471 +++++
src/polkit-grant/Makefile.am | 89 +
src/polkit-grant/polkit-authorization-db-dummy-write.c | 96 +
src/polkit-grant/polkit-authorization-db-write.c | 680 +++++++
src/polkit-grant/polkit-explicit-grant-helper.c | 268 +++
src/polkit-grant/polkit-grant-helper-pam.c | 232 ++
src/polkit-grant/polkit-grant-helper.c | 842 +++++++++
src/polkit-grant/polkit-grant.c | 538 ++++++
src/polkit-grant/polkit-grant.h | 369 ++++
src/polkit-grant/polkit-revoke-helper.c | 379 ++++
src/polkit/.gitignore | 9
src/polkit/Makefile.am | 149 +
src/polkit/polkit-action.c | 304 +++
src/polkit/polkit-action.h | 55
src/polkit/polkit-authorization-constraint.c | 491 +++++
src/polkit/polkit-authorization-constraint.h | 94 +
src/polkit/polkit-authorization-db-dummy.c | 191 ++
src/polkit/polkit-authorization-db.c | 848 +++++++++
src/polkit/polkit-authorization-db.h | 156 +
src/polkit/polkit-authorization.c | 567 ++++++
src/polkit/polkit-authorization.h | 100 +
src/polkit/polkit-caller.c | 455 +++++
src/polkit/polkit-caller.h | 61
src/polkit/polkit-config.c | 772 ++++++++
src/polkit/polkit-config.h | 87
src/polkit/polkit-context.c | 803 +++++++++
src/polkit/polkit-context.h | 190 ++
src/polkit/polkit-debug.c | 81
src/polkit/polkit-debug.h | 33
src/polkit/polkit-error.c | 246 ++
src/polkit/polkit-error.h | 88 +
src/polkit/polkit-hash.c | 560 ++++++
src/polkit/polkit-hash.h | 147 +
src/polkit/polkit-list.c | 330 +++
src/polkit/polkit-list.h | 85
src/polkit/polkit-memory.c | 373 ++++
src/polkit/polkit-memory.h | 75
src/polkit/polkit-policy-cache.c | 355 ++++
src/polkit/polkit-policy-cache.h | 75
src/polkit/polkit-policy-default.c | 442 +++++
src/polkit/polkit-policy-default.h | 67
src/polkit/polkit-policy-file-entry.c | 471 +++++
src/polkit/polkit-policy-file-entry.h | 76
src/polkit/polkit-policy-file.c | 809 +++++++++
src/polkit/polkit-policy-file.h | 67
src/polkit/polkit-private.h | 107 +
src/polkit/polkit-result.c | 152 +
src/polkit/polkit-result.h | 110 +
src/polkit/polkit-seat.c | 231 ++
src/polkit/polkit-seat.h | 53
src/polkit/polkit-session.c | 501 +++++
src/polkit/polkit-session.h | 64
src/polkit/polkit-sysdeps.c | 159 +
src/polkit/polkit-sysdeps.h | 45
src/polkit/polkit-test.c | 112 +
src/polkit/polkit-test.h | 69
src/polkit/polkit-types.h | 105 +
src/polkit/polkit-utils.c | 153 +
src/polkit/polkit-utils.h | 41
src/polkit/polkit.h | 52
tools/Makefile.am | 10
131 files changed, 17256 insertions(+), 17255 deletions(-)
New commits:
commit f97ead3e56f682324415910e7e504e63314fdb4d
Author: David Zeuthen <davidz at redhat.com>
Date: Thu Nov 8 12:37:38 2007 -0500
fix build with all library soruce in src/
diff --git a/Makefile.am b/Makefile.am
index f34379b..f549113 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,6 +1,6 @@
## Process this file with automake to produce Makefile.in
-SUBDIRS = data polkit polkit-dbus polkit-grant polkitd doc tools policy po test
+SUBDIRS = data src polkitd doc tools policy po test
# Creating ChangeLog from git log (taken from cairo/Makefile.am):
ChangeLog: $(srcdir)/ChangeLog
@@ -22,8 +22,8 @@ $(srcdir)/ChangeLog:
if POLKIT_GCOV_ENABLED
.PHONY: ChangeLog $(srcdir)/ChangeLog coverage-report.txt
coverage-report.txt :
- make -C polkit check-coverage
- cat polkit/coverage-report.txt > coverage-report.txt
+ make -C src/polkit check-coverage
+ cat src/polkit/coverage-report.txt > coverage-report.txt
check-coverage: coverage-report.txt
cat coverage-report.txt
diff --git a/configure.in b/configure.in
index 4490a31..22004f2 100644
--- a/configure.in
+++ b/configure.in
@@ -453,9 +453,10 @@ data/polkit
data/polkit.pc
data/polkit-dbus.pc
data/polkit-grant.pc
-polkit/Makefile
-polkit-dbus/Makefile
-polkit-grant/Makefile
+src/Makefile
+src/polkit/Makefile
+src/polkit-dbus/Makefile
+src/polkit-grant/Makefile
polkitd/Makefile
tools/Makefile
doc/Makefile
diff --git a/doc/Makefile.am b/doc/Makefile.am
index 6fd8c06..02b4b24 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -16,11 +16,11 @@ DOC_MAIN_SGML_FILE=polkit-docs.xml
SCAN_OPTIONS=--ignore-headers=config.h
# The directory containing the source code. Relative to $(srcdir)
-DOC_SOURCE_DIR=..
+DOC_SOURCE_DIR=../src
# Used for dependencies
-HFILE_GLOB=$(top_srcdir)/polkit*/*.h
-CFILE_GLOB=$(top_srcdir)/polkit*/*.c
+HFILE_GLOB=$(top_srcdir)/src/polkit*/*.h
+CFILE_GLOB=$(top_srcdir)/src/polkit*/*.c
# Headers to ignore
IGNORE_HFILES= \
@@ -31,14 +31,14 @@ IGNORE_HFILES= \
INCLUDES = \
$(DBUS_GLIB_CFLAGS) \
$(GLIB_CFLAGS) \
- -I$(top_srcdir) \
- -I$(top_builddir) \
+ -I$(top_srcdir)/src \
+ -I$(top_builddir)/src \
$(NULL)
GTKDOC_LIBS = \
$(DBUS_GLIB_LIBS) \
$(GLIB_LIBS) \
- $(top_builddir)/polkit/libpolkit.la \
+ $(top_builddir)/src/polkit/libpolkit.la \
$(NULL)
# Extra options to supply to gtkdoc-mkdb
diff --git a/polkitd/Makefile.am b/polkitd/Makefile.am
index 815e72a..f1a12a6 100644
--- a/polkitd/Makefile.am
+++ b/polkitd/Makefile.am
@@ -1,7 +1,7 @@
## Process this file with automake to produce Makefile.in
INCLUDES = \
- -I$(top_builddir) -I$(top_srcdir) \
+ -I$(top_builddir)/src -I$(top_srcdir)/src \
-DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
-DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
-DPACKAGE_DATA_DIR=\""$(datadir)"\" \
@@ -28,7 +28,7 @@ polkitd_SOURCES = \
$(BUILT_SOURCES)
polkitd_CPPFLAGS = \
- -I$(top_srcdir) \
+ -I$(top_srcdir)/src \
-DG_LOG_DOMAIN=\"polkitd\" \
-DDATADIR=\""$(pkgdatadir)"\" \
-DGNOMELOCALEDIR=\""$(datadir)/locale"\" \
@@ -36,7 +36,7 @@ polkitd_CPPFLAGS = \
$(AM_CPPFLAGS)
polkitd_LDADD = \
- $(DBUS_GLIB_LIBS) $(top_builddir)/polkit/libpolkit.la $(top_builddir)/polkit-dbus/libpolkit-dbus.la $(top_builddir)/polkit-grant/libpolkit-grant.la
+ $(DBUS_GLIB_LIBS) $(top_builddir)/src/polkit/libpolkit.la $(top_builddir)/src/polkit-dbus/libpolkit-dbus.la $(top_builddir)/src/polkit-grant/libpolkit-grant.la
servicedir = $(datadir)/dbus-1/system-services
diff --git a/src/polkit-dbus/Makefile.am b/src/polkit-dbus/Makefile.am
index 3c7fac1..e39d046 100644
--- a/src/polkit-dbus/Makefile.am
+++ b/src/polkit-dbus/Makefile.am
@@ -1,7 +1,7 @@
## Process this file with automake to produce Makefile.in
INCLUDES = \
- -I$(top_builddir) -I$(top_srcdir) \
+ -I$(top_builddir)/src -I$(top_srcdir)/src \
-DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
-DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
-DPACKAGE_DATA_DIR=\""$(datadir)"\" \
@@ -23,7 +23,7 @@ libpolkit_dbusinclude_HEADERS = \
libpolkit_dbus_la_SOURCES = \
polkit-dbus.h polkit-dbus.c
-libpolkit_dbus_la_LIBADD = @DBUS_LIBS@ $(top_builddir)/polkit/libpolkit.la $(SELINUX_LIBS)
+libpolkit_dbus_la_LIBADD = @DBUS_LIBS@ $(top_builddir)/src/polkit/libpolkit.la $(SELINUX_LIBS)
libpolkit_dbus_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
@@ -32,7 +32,7 @@ libexec_PROGRAMS = polkit-read-auth-helper
polkit_read_auth_helper_SOURCES = polkit-read-auth-helper.c
polkit_read_auth_helper_CFLAGS = @DBUS_CFLAGS@
-polkit_read_auth_helper_LDADD = $(top_builddir)/polkit/libpolkit.la $(top_builddir)/polkit-dbus/libpolkit-dbus.la
+polkit_read_auth_helper_LDADD = $(top_builddir)/src/polkit/libpolkit.la $(top_builddir)/src/polkit-dbus/libpolkit-dbus.la
# polkit-read-auth-helper needs to be setgid $POLKIT_GROUP to be able
# to read authorization files in /var/lib/PolicyKit and
diff --git a/src/polkit-grant/Makefile.am b/src/polkit-grant/Makefile.am
index 05a2ee5..ed7a5f7 100644
--- a/src/polkit-grant/Makefile.am
+++ b/src/polkit-grant/Makefile.am
@@ -1,7 +1,7 @@
## Process this file with automake to produce Makefile.in
INCLUDES = \
- -I$(top_builddir) -I$(top_srcdir) \
+ -I$(top_builddir)/src -I$(top_srcdir)/src \
-DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
-DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
-DPACKAGE_DATA_DIR=\""$(datadir)"\" \
@@ -32,7 +32,7 @@ if POLKIT_AUTHDB_DEFAULT
libpolkit_grant_la_SOURCES += polkit-authorization-db-write.c
endif
-libpolkit_grant_la_LIBADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/polkit/libpolkit.la
+libpolkit_grant_la_LIBADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/src/polkit/libpolkit.la
libpolkit_grant_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
@@ -44,18 +44,18 @@ if POLKIT_AUTHDB_DEFAULT
libexec_PROGRAMS = polkit-grant-helper polkit-grant-helper-pam polkit-explicit-grant-helper polkit-revoke-helper
polkit_grant_helper_SOURCES = polkit-grant-helper.c
-polkit_grant_helper_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/polkit/libpolkit.la $(top_builddir)/polkit-dbus/libpolkit-dbus.la $(top_builddir)/polkit-grant/libpolkit-grant.la
+polkit_grant_helper_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/src/polkit/libpolkit.la $(top_builddir)/src/polkit-dbus/libpolkit-dbus.la $(top_builddir)/src/polkit-grant/libpolkit-grant.la
polkit_grant_helper_pam_SOURCES = polkit-grant-helper-pam.c
polkit_grant_helper_pam_LDADD = @AUTH_LIBS@
polkit_explicit_grant_helper_SOURCES = polkit-explicit-grant-helper.c
polkit_explicit_grant_helper_CFLAGS = @DBUS_CFLAGS@
-polkit_explicit_grant_helper_LDADD = $(top_builddir)/polkit/libpolkit.la $(top_builddir)/polkit-dbus/libpolkit-dbus.la $(top_builddir)/polkit-grant/libpolkit-grant.la
+polkit_explicit_grant_helper_LDADD = $(top_builddir)/src/polkit/libpolkit.la $(top_builddir)/src/polkit-dbus/libpolkit-dbus.la $(top_builddir)/src/polkit-grant/libpolkit-grant.la
polkit_revoke_helper_SOURCES = polkit-revoke-helper.c
polkit_revoke_helper_CFLAGS = @DBUS_CFLAGS@
-polkit_revoke_helper_LDADD = $(top_builddir)/polkit/libpolkit.la $(top_builddir)/polkit-dbus/libpolkit-dbus.la
+polkit_revoke_helper_LDADD = $(top_builddir)/src/polkit/libpolkit.la $(top_builddir)/src/polkit-dbus/libpolkit-dbus.la
# polkit-grant-helper needs to be setgid polkituser to be able to
# write cookies to /var/lib/PolicyKit and /var/run/PolicyKit
diff --git a/src/polkit/Makefile.am b/src/polkit/Makefile.am
index c15017f..17f0b61 100644
--- a/src/polkit/Makefile.am
+++ b/src/polkit/Makefile.am
@@ -1,7 +1,7 @@
## Process this file with automake to produce Makefile.in
INCLUDES = \
- -I$(top_builddir) -I$(top_srcdir) \
+ -I$(top_builddir)/src -I$(top_srcdir)/src \
-DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
-DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
-DPACKAGE_DATA_DIR=\""$(datadir)"\" \
@@ -117,7 +117,7 @@ noinst_PROGRAMS=$(TESTS)
polkit_test_SOURCES= \
polkit-test.h polkit-test.c
-polkit_test_LDADD=$(top_builddir)/polkit/libpolkit.la
+polkit_test_LDADD=$(top_builddir)/src/polkit/libpolkit.la
polkit_test_LDFLAGS=
#@R_DYNAMIC_LDFLAG@
diff --git a/tools/Makefile.am b/tools/Makefile.am
index b7ed1de..faa0937 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -1,7 +1,7 @@
## Process this file with automake to produce Makefile.in
INCLUDES = \
- -I$(top_builddir) -I$(top_srcdir) \
+ -I$(top_builddir)/src -I$(top_srcdir)/src \
-DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
-DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
-DPACKAGE_DATA_DIR=\""$(datadir)"\" \
@@ -14,16 +14,16 @@ INCLUDES = \
bin_PROGRAMS = polkit-config-file-validate polkit-policy-file-validate polkit-action polkit-auth
polkit_config_file_validate_SOURCES = polkit-config-file-validate.c
-polkit_config_file_validate_LDADD = $(top_builddir)/polkit/libpolkit.la
+polkit_config_file_validate_LDADD = $(top_builddir)/src/polkit/libpolkit.la
polkit_policy_file_validate_SOURCES = polkit-policy-file-validate.c
-polkit_policy_file_validate_LDADD = $(top_builddir)/polkit/libpolkit.la
+polkit_policy_file_validate_LDADD = $(top_builddir)/src/polkit/libpolkit.la
polkit_auth_SOURCES = polkit-auth.c
-polkit_auth_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/polkit/libpolkit.la $(top_builddir)/polkit-grant/libpolkit-grant.la $(top_builddir)/polkit-dbus/libpolkit-dbus.la
+polkit_auth_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/src/polkit/libpolkit.la $(top_builddir)/src/polkit-grant/libpolkit-grant.la $(top_builddir)/src/polkit-dbus/libpolkit-dbus.la
polkit_action_SOURCES = polkit-action.c
-polkit_action_LDADD = $(GLIB) $(top_builddir)/polkit/libpolkit.la
+polkit_action_LDADD = $(GLIB) $(top_builddir)/src/polkit/libpolkit.la
profiledir = $(sysconfdir)/profile.d
profile_SCRIPTS = polkit-bash-completion.sh
commit 05af5cfe684f4c8cfa58090b11e337de5f24d23f
Author: David Zeuthen <davidz at redhat.com>
Date: Thu Nov 8 12:26:31 2007 -0500
move all library source to a src/ directory
This is primarily so gtk-doc can target only libraries. Needs lots of
fixing; will be done in upcoming commits.
diff --git a/polkit-dbus/Makefile.am b/polkit-dbus/Makefile.am
deleted file mode 100644
index 3c7fac1..0000000
--- a/polkit-dbus/Makefile.am
+++ /dev/null
@@ -1,47 +0,0 @@
-## Process this file with automake to produce Makefile.in
-
-INCLUDES = \
- -I$(top_builddir) -I$(top_srcdir) \
- -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
- -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
- -DPACKAGE_DATA_DIR=\""$(datadir)"\" \
- -DPACKAGE_BIN_DIR=\""$(bindir)"\" \
- -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \
- -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \
- -DPACKAGE_LIB_DIR=\""$(libdir)"\" \
- -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \
- -DPOLKIT_COMPILATION \
- @GLIB_CFLAGS@ @DBUS_CFLAGS@
-
-lib_LTLIBRARIES=libpolkit-dbus.la
-
-libpolkit_dbusincludedir=$(includedir)/PolicyKit/polkit-dbus
-
-libpolkit_dbusinclude_HEADERS = \
- polkit-dbus.h
-
-libpolkit_dbus_la_SOURCES = \
- polkit-dbus.h polkit-dbus.c
-
-libpolkit_dbus_la_LIBADD = @DBUS_LIBS@ $(top_builddir)/polkit/libpolkit.la $(SELINUX_LIBS)
-
-libpolkit_dbus_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
-
-if POLKIT_AUTHDB_DEFAULT
-libexec_PROGRAMS = polkit-read-auth-helper
-
-polkit_read_auth_helper_SOURCES = polkit-read-auth-helper.c
-polkit_read_auth_helper_CFLAGS = @DBUS_CFLAGS@
-polkit_read_auth_helper_LDADD = $(top_builddir)/polkit/libpolkit.la $(top_builddir)/polkit-dbus/libpolkit-dbus.la
-
-# polkit-read-auth-helper needs to be setgid $POLKIT_GROUP to be able
-# to read authorization files in /var/lib/PolicyKit and
-# /var/run/PolicyKit
-#
-install-exec-hook:
- -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-read-auth-helper
- -chmod 2755 $(DESTDIR)$(libexecdir)/polkit-read-auth-helper
-endif
-
-clean-local :
- rm -f *~ $(BUILT_SOURCES)
diff --git a/polkit-dbus/polkit-dbus.c b/polkit-dbus/polkit-dbus.c
deleted file mode 100644
index 9ead04a..0000000
--- a/polkit-dbus/polkit-dbus.c
+++ /dev/null
@@ -1,1492 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-dbus.h : helper library for obtaining seat, session and
- * caller information via D-Bus and ConsoleKit
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-/**
- * SECTION:polkit-dbus
- * @title: Caller Determination
- * @short_description: Obtaining seat, session and caller information
- * via D-Bus and ConsoleKit.
- *
- * Helper library for obtaining seat, session and caller information
- * via D-Bus and ConsoleKit. This library is only useful when writing
- * a mechanism.
- *
- * If the mechanism itself is a daemon exposing a remote services via
- * the system message bus it's often a better idea, to reduce
- * roundtrips, to use the high-level #PolKitTracker class rather than
- * the low-level functions polkit_caller_new_from_dbus_name() and
- * polkit_caller_new_from_pid().
- *
- * These functions are in <literal>libpolkit-dbus</literal>.
- **/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <sys/time.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <unistd.h>
-#include <errno.h>
-#include <time.h>
-#include <glib.h>
-#include <string.h>
-
-#ifdef HAVE_SELINUX
-#include <selinux/selinux.h>
-#endif
-
-#include "polkit-dbus.h"
-#include <polkit/polkit-debug.h>
-
-/**
- * polkit_session_new_from_objpath:
- * @con: D-Bus system bus connection
- * @objpath: object path of ConsoleKit session object
- * @uid: the user owning the session or -1 if unknown
- * @error: D-Bus error
- *
- * This function will construct a #PolKitSession object by querying
- * the ConsoleKit daemon for information. Note that this will do a lot
- * of blocking IO so it is best avoided if your process already
- * tracks/caches all the information. If you pass in @uid as a
- * non-negative number, a round trip can be saved.
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Returns: the new object or #NULL if an error occured (in which case
- * @error will be set)
- **/
-PolKitSession *
-polkit_session_new_from_objpath (DBusConnection *con, const char *objpath, uid_t uid, DBusError *error)
-{
- PolKitSeat *seat;
- PolKitSession *session;
- DBusMessage *message;
- DBusMessage *reply;
- char *str;
- dbus_bool_t is_active;
- dbus_bool_t is_local;
- char *remote_host;
- char *seat_path;
-
- g_return_val_if_fail (con != NULL, NULL);
- g_return_val_if_fail (objpath != NULL, NULL);
- g_return_val_if_fail (error != NULL, NULL);
- g_return_val_if_fail (! dbus_error_is_set (error), NULL);
-
- session = NULL;
- remote_host = NULL;
- seat_path = NULL;
-
- message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
- objpath,
- "org.freedesktop.ConsoleKit.Session",
- "IsActive");
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- g_warning ("Error doing Session.IsActive on ConsoleKit: %s: %s", error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- goto out;
- }
- if (!dbus_message_get_args (reply, NULL,
- DBUS_TYPE_BOOLEAN, &is_active,
- DBUS_TYPE_INVALID)) {
- g_warning ("Invalid IsActive reply from CK");
- goto out;
- }
- dbus_message_unref (message);
- dbus_message_unref (reply);
-
- message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
- objpath,
- "org.freedesktop.ConsoleKit.Session",
- "IsLocal");
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- g_warning ("Error doing Session.IsLocal on ConsoleKit: %s: %s", error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- goto out;
- }
- if (!dbus_message_get_args (reply, NULL,
- DBUS_TYPE_BOOLEAN, &is_local,
- DBUS_TYPE_INVALID)) {
- g_warning ("Invalid IsLocal reply from CK");
- goto out;
- }
- dbus_message_unref (message);
- dbus_message_unref (reply);
-
- if (!is_local) {
- message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
- objpath,
- "org.freedesktop.ConsoleKit.Session",
- "GetRemoteHostName");
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- g_warning ("Error doing Session.GetRemoteHostName on ConsoleKit: %s: %s",
- error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- goto out;
- }
- if (!dbus_message_get_args (reply, NULL,
- DBUS_TYPE_STRING, &str,
- DBUS_TYPE_INVALID)) {
- g_warning ("Invalid GetRemoteHostName reply from CK");
- goto out;
- }
- remote_host = g_strdup (str);
- dbus_message_unref (message);
- dbus_message_unref (reply);
- }
-
- message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
- objpath,
- "org.freedesktop.ConsoleKit.Session",
- "GetSeatId");
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- g_warning ("Error doing Session.GetSeatId on ConsoleKit: %s: %s",
- error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- goto out;
- }
- if (!dbus_message_get_args (reply, NULL,
- DBUS_TYPE_OBJECT_PATH, &str,
- DBUS_TYPE_INVALID)) {
- g_warning ("Invalid GetSeatId reply from CK");
- goto out;
- }
- seat_path = g_strdup (str);
- dbus_message_unref (message);
- dbus_message_unref (reply);
-
- if ((int) uid == -1) {
- message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
- objpath,
- "org.freedesktop.ConsoleKit.Session",
- "GetUnixUser");
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- g_warning ("Error doing Session.GetUnixUser on ConsoleKit: %s: %s",error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- goto out;
- }
- if (!dbus_message_get_args (reply, NULL,
- DBUS_TYPE_INT32, &uid,
- DBUS_TYPE_INVALID)) {
- g_warning ("Invalid GetUnixUser reply from CK");
- goto out;
- }
- dbus_message_unref (message);
- dbus_message_unref (reply);
- }
-
- session = polkit_session_new ();
- if (session == NULL) {
- goto out;
- }
- if (!polkit_session_set_uid (session, uid)) {
- polkit_session_unref (session);
- session = NULL;
- goto out;
- }
- if (!polkit_session_set_ck_objref (session, objpath)) {
- polkit_session_unref (session);
- session = NULL;
- goto out;
- }
- if (!polkit_session_set_ck_is_active (session, is_active)) {
- polkit_session_unref (session);
- session = NULL;
- goto out;
- }
- if (!polkit_session_set_ck_is_local (session, is_local)) {
- polkit_session_unref (session);
- session = NULL;
- goto out;
- }
- if (!is_local) {
- if (!polkit_session_set_ck_remote_host (session, remote_host)) {
- polkit_session_unref (session);
- session = NULL;
- goto out;
- }
-
- }
-
- seat = polkit_seat_new ();
- if (seat == NULL) {
- polkit_session_unref (session);
- session = NULL;
- goto out;
- }
- if (!polkit_seat_set_ck_objref (seat, seat_path)) {
- polkit_seat_unref (seat);
- seat = NULL;
- polkit_session_unref (session);
- session = NULL;
- goto out;
- }
- if (!polkit_seat_validate (seat)) {
- polkit_seat_unref (seat);
- seat = NULL;
- polkit_session_unref (session);
- session = NULL;
- goto out;
- }
-
- if (!polkit_session_set_seat (session, seat)) {
- polkit_seat_unref (seat);
- seat = NULL;
- polkit_session_unref (session);
- session = NULL;
- goto out;
- }
- polkit_seat_unref (seat); /* session object now owns this object */
- seat = NULL;
-
- if (!polkit_session_validate (session)) {
- polkit_session_unref (session);
- session = NULL;
- goto out;
- }
-
-out:
- g_free (remote_host);
- g_free (seat_path);
- return session;
-}
-
-/**
- * polkit_session_new_from_cookie:
- * @con: D-Bus system bus connection
- * @cookie: a ConsoleKit XDG_SESSION_COOKIE
- * @error: D-Bus error
- *
- * This function will construct a #PolKitSession object by querying
- * the ConsoleKit daemon for information. Note that this will do a lot
- * of blocking IO so it is best avoided if your process already
- * tracks/caches all the information.
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Returns: the new object or #NULL if an error occured (in which case
- * @error will be set)
- **/
-PolKitSession *
-polkit_session_new_from_cookie (DBusConnection *con, const char *cookie, DBusError *error)
-{
- PolKitSession *session;
- DBusMessage *message;
- DBusMessage *reply;
- char *str;
- char *objpath;
-
- g_return_val_if_fail (con != NULL, NULL);
- g_return_val_if_fail (cookie != NULL, NULL);
- g_return_val_if_fail (error != NULL, NULL);
- g_return_val_if_fail (! dbus_error_is_set (error), NULL);
-
- objpath = NULL;
- session = NULL;
-
- message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
- "/org/freedesktop/ConsoleKit/Manager",
- "org.freedesktop.ConsoleKit.Manager",
- "GetSessionForCookie");
- dbus_message_append_args (message, DBUS_TYPE_STRING, &cookie, DBUS_TYPE_INVALID);
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- //g_warning ("Error doing Manager.GetSessionForCookie on ConsoleKit: %s: %s", error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- goto out;
- }
- if (!dbus_message_get_args (reply, NULL,
- DBUS_TYPE_OBJECT_PATH, &str,
- DBUS_TYPE_INVALID)) {
- g_warning ("Invalid GetSessionForCookie reply from CK");
- goto out;
- }
- objpath = g_strdup (str);
- dbus_message_unref (message);
- dbus_message_unref (reply);
-
- session = polkit_session_new_from_objpath (con, objpath, -1, error);
-
-out:
- g_free (objpath);
- return session;
-}
-
-
-/**
- * polkit_caller_new_from_dbus_name:
- * @con: D-Bus system bus connection
- * @dbus_name: unique system bus connection name
- * @error: D-Bus error
- *
- * This function will construct a #PolKitCaller object by querying
- * both the system bus daemon and the ConsoleKit daemon for
- * information. Note that this will do a lot of blocking IO so it is
- * best avoided if your process already tracks/caches all the
- * information. You can use the #PolKitTracker class for this.
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Returns: the new object or #NULL if an error occured (in which case
- * @error will be set)
- **/
-PolKitCaller *
-polkit_caller_new_from_dbus_name (DBusConnection *con, const char *dbus_name, DBusError *error)
-{
- PolKitCaller *caller;
- pid_t pid;
- uid_t uid;
- char *selinux_context;
- char *ck_session_objpath;
- PolKitSession *session;
- DBusMessage *message;
- DBusMessage *reply;
- DBusMessageIter iter;
- DBusMessageIter sub_iter;
- char *str;
- int num_elems;
-
- g_return_val_if_fail (con != NULL, NULL);
- g_return_val_if_fail (dbus_name != NULL, NULL);
- g_return_val_if_fail (error != NULL, NULL);
- g_return_val_if_fail (! dbus_error_is_set (error), NULL);
-
- selinux_context = NULL;
- ck_session_objpath = NULL;
-
- caller = NULL;
- session = NULL;
-
- uid = dbus_bus_get_unix_user (con, dbus_name, error);
- if (dbus_error_is_set (error)) {
- g_warning ("Could not get uid for connection: %s %s", error->name, error->message);
- goto out;
- }
-
- message = dbus_message_new_method_call ("org.freedesktop.DBus",
- "/org/freedesktop/DBus/Bus",
- "org.freedesktop.DBus",
- "GetConnectionUnixProcessID");
- dbus_message_iter_init_append (message, &iter);
- dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &dbus_name);
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- g_warning ("Error doing GetConnectionUnixProcessID on Bus: %s: %s", error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- goto out;
- }
- dbus_message_iter_init (reply, &iter);
- dbus_message_iter_get_basic (&iter, &pid);
- dbus_message_unref (message);
- dbus_message_unref (reply);
-
- message = dbus_message_new_method_call ("org.freedesktop.DBus",
- "/org/freedesktop/DBus/Bus",
- "org.freedesktop.DBus",
- "GetConnectionSELinuxSecurityContext");
- dbus_message_iter_init_append (message, &iter);
- dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &dbus_name);
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- /* SELinux might not be enabled */
- if (dbus_error_is_set (error) &&
- strcmp (error->name, "org.freedesktop.DBus.Error.SELinuxSecurityContextUnknown") == 0) {
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- dbus_error_init (error);
- } else if (reply == NULL || dbus_error_is_set (error)) {
- g_warning ("Error doing GetConnectionSELinuxSecurityContext on Bus: %s: %s", error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- goto out;
- } else {
- /* TODO: verify signature */
- dbus_message_iter_init (reply, &iter);
- dbus_message_iter_recurse (&iter, &sub_iter);
- dbus_message_iter_get_fixed_array (&sub_iter, (void *) &str, &num_elems);
- if (str != NULL && num_elems > 0)
- selinux_context = g_strndup (str, num_elems);
- dbus_message_unref (message);
- dbus_message_unref (reply);
- }
-
- message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
- "/org/freedesktop/ConsoleKit/Manager",
- "org.freedesktop.ConsoleKit.Manager",
- "GetSessionForUnixProcess");
- dbus_message_iter_init_append (message, &iter);
- dbus_message_iter_append_basic (&iter, DBUS_TYPE_UINT32, &pid);
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- //g_warning ("Error doing GetSessionForUnixProcess on ConsoleKit: %s: %s", error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- /* OK, this is not a catastrophe; just means the caller is not a
- * member of any session or that ConsoleKit is not available..
- */
- goto not_in_session;
- }
- dbus_message_iter_init (reply, &iter);
- dbus_message_iter_get_basic (&iter, &str);
- ck_session_objpath = g_strdup (str);
- dbus_message_unref (message);
- dbus_message_unref (reply);
-
- session = polkit_session_new_from_objpath (con, ck_session_objpath, uid, error);
- if (session == NULL) {
- g_warning ("Got a session objpath but couldn't construct session object!");
- goto out;
- }
- if (!polkit_session_validate (session)) {
- polkit_session_unref (session);
- session = NULL;
- goto out;
- }
-
-not_in_session:
-
- caller = polkit_caller_new ();
- if (caller == NULL) {
- if (session != NULL) {
- polkit_session_unref (session);
- session = NULL;
- }
- goto out;
- }
-
- if (!polkit_caller_set_dbus_name (caller, dbus_name)) {
- if (session != NULL) {
- polkit_session_unref (session);
- session = NULL;
- }
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
- if (!polkit_caller_set_uid (caller, uid)) {
- if (session != NULL) {
- polkit_session_unref (session);
- session = NULL;
- }
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
- if (!polkit_caller_set_pid (caller, pid)) {
- if (session != NULL) {
- polkit_session_unref (session);
- session = NULL;
- }
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
- if (selinux_context != NULL) {
- if (!polkit_caller_set_selinux_context (caller, selinux_context)) {
- if (session != NULL) {
- polkit_session_unref (session);
- session = NULL;
- }
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
- }
- if (session != NULL) {
- if (!polkit_caller_set_ck_session (caller, session)) {
- if (session != NULL) {
- polkit_session_unref (session);
- session = NULL;
- }
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
- polkit_session_unref (session); /* caller object now own this object */
- session = NULL;
- }
-
- if (!polkit_caller_validate (caller)) {
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
-
-out:
- g_free (selinux_context);
- g_free (ck_session_objpath);
- return caller;
-}
-
-/**
- * polkit_caller_new_from_pid:
- * @con: D-Bus system bus connection
- * @pid: process id
- * @error: D-Bus error
- *
- * This function will construct a #PolKitCaller object by querying
- * both information in /proc (on Linux) and the ConsoleKit daemon for
- * information about a given process. Note that this will do a lot of
- * blocking IO so it is best avoided if your process already
- * tracks/caches all the information. You can use the #PolKitTracker
- * class for this.
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Returns: the new object or #NULL if an error occured (in which case
- * @error will be set)
- **/
-PolKitCaller *
-polkit_caller_new_from_pid (DBusConnection *con, pid_t pid, DBusError *error)
-{
- PolKitCaller *caller;
- uid_t uid;
- char *selinux_context;
- char *ck_session_objpath;
- PolKitSession *session;
- DBusMessage *message;
- DBusMessage *reply;
- DBusMessageIter iter;
- char *str;
- char *proc_path;
- struct stat statbuf;
-#ifdef HAVE_SELINUX
- security_context_t secon;
-#endif
-
- g_return_val_if_fail (con != NULL, NULL);
- g_return_val_if_fail (error != NULL, NULL);
- g_return_val_if_fail (! dbus_error_is_set (error), NULL);
-
- selinux_context = NULL;
- ck_session_objpath = NULL;
- caller = NULL;
- session = NULL;
- proc_path = NULL;
-
- proc_path = g_strdup_printf ("/proc/%d", pid);
- if (stat (proc_path, &statbuf) != 0) {
- g_warning ("Cannot lookup information for pid %d: %s", pid, strerror (errno));
- goto out;
- }
- uid = statbuf.st_uid;
-
-#ifdef HAVE_SELINUX
- /* only get the context if we are enabled */
- selinux_context = NULL;
- if (is_selinux_enabled () != 0) {
- if (getpidcon (pid, &secon) != 0) {
- g_warning ("Cannot lookup SELinux context for pid %d: %s", pid, strerror (errno));
- goto out;
- }
- selinux_context = g_strdup (secon);
- freecon (secon);
- }
-#else
- selinux_context = NULL;
-#endif
-
- message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
- "/org/freedesktop/ConsoleKit/Manager",
- "org.freedesktop.ConsoleKit.Manager",
- "GetSessionForUnixProcess");
- dbus_message_iter_init_append (message, &iter);
- dbus_message_iter_append_basic (&iter, DBUS_TYPE_UINT32, &pid);
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- //g_warning ("Error doing GetSessionForUnixProcess on ConsoleKit: %s: %s", error->name, error->message);
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- /* OK, this is not a catastrophe; just means the caller is not a
- * member of any session or that ConsoleKit is not available..
- */
- goto not_in_session;
- }
- dbus_message_iter_init (reply, &iter);
- dbus_message_iter_get_basic (&iter, &str);
- ck_session_objpath = g_strdup (str);
- dbus_message_unref (message);
- dbus_message_unref (reply);
-
- session = polkit_session_new_from_objpath (con, ck_session_objpath, uid, error);
- if (session == NULL) {
- g_warning ("Got a session objpath but couldn't construct session object!");
- goto out;
- }
- if (!polkit_session_validate (session)) {
- polkit_session_unref (session);
- session = NULL;
- goto out;
- }
-
-not_in_session:
-
- caller = polkit_caller_new ();
- if (caller == NULL) {
- if (session != NULL) {
- polkit_session_unref (session);
- session = NULL;
- }
- goto out;
- }
-
- if (!polkit_caller_set_uid (caller, uid)) {
- if (session != NULL) {
- polkit_session_unref (session);
- session = NULL;
- }
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
- if (!polkit_caller_set_pid (caller, pid)) {
- if (session != NULL) {
- polkit_session_unref (session);
- session = NULL;
- }
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
- if (selinux_context != NULL) {
- if (!polkit_caller_set_selinux_context (caller, selinux_context)) {
- if (session != NULL) {
- polkit_session_unref (session);
- session = NULL;
- }
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
- }
- if (session != NULL) {
- if (!polkit_caller_set_ck_session (caller, session)) {
- if (session != NULL) {
- polkit_session_unref (session);
- session = NULL;
- }
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
- polkit_session_unref (session); /* caller object now own this object */
- session = NULL;
- }
-
- if (!polkit_caller_validate (caller)) {
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
-
-out:
- g_free (selinux_context);
- g_free (ck_session_objpath);
- g_free (proc_path);
- return caller;
-}
-
-static GSList *
-_get_list_of_sessions (DBusConnection *con, uid_t uid, DBusError *error)
-{
- GSList *ret;
- DBusMessage *message;
- DBusMessage *reply;
- DBusMessageIter iter;
- DBusMessageIter iter_array;
- const char *value;
-
- ret = NULL;
-
- message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
- "/org/freedesktop/ConsoleKit/Manager",
- "org.freedesktop.ConsoleKit.Manager",
- "GetSessionsForUnixUser");
- dbus_message_append_args (message, DBUS_TYPE_UINT32, &uid, DBUS_TYPE_INVALID);
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
- if (reply == NULL || dbus_error_is_set (error)) {
- goto out;
- }
-
- dbus_message_iter_init (reply, &iter);
- if (dbus_message_iter_get_arg_type (&iter) != DBUS_TYPE_ARRAY) {
- g_warning ("Wrong reply from ConsoleKit (not an array)");
- goto out;
- }
-
- dbus_message_iter_recurse (&iter, &iter_array);
- while (dbus_message_iter_get_arg_type (&iter_array) != DBUS_TYPE_INVALID) {
-
- if (dbus_message_iter_get_arg_type (&iter_array) != DBUS_TYPE_OBJECT_PATH) {
- g_warning ("Wrong reply from ConsoleKit (element is not a string)");
- g_slist_foreach (ret, (GFunc) g_free, NULL);
- g_slist_free (ret);
- goto out;
- }
-
- dbus_message_iter_get_basic (&iter_array, &value);
- ret = g_slist_append (ret, g_strdup (value));
-
- dbus_message_iter_next (&iter_array);
- }
-
-out:
- if (message != NULL)
- dbus_message_unref (message);
- if (reply != NULL)
- dbus_message_unref (reply);
- return ret;
-}
-
-static polkit_bool_t
-_polkit_is_authorization_relevant_internal (DBusConnection *con,
- PolKitAuthorization *auth,
- GSList *sessions,
- DBusError *error)
-{
- pid_t pid;
- polkit_uint64_t pid_start_time;
- polkit_bool_t ret;
- polkit_bool_t del_sessions;
- GSList *i;
- uid_t uid;
-
- g_return_val_if_fail (con != NULL, FALSE);
- g_return_val_if_fail (auth != NULL, FALSE);
- g_return_val_if_fail (error != NULL, FALSE);
- g_return_val_if_fail (! dbus_error_is_set (error), FALSE);
-
- ret = FALSE;
-
- uid = polkit_authorization_get_uid (auth);
-
- switch (polkit_authorization_get_scope (auth)) {
- case POLKIT_AUTHORIZATION_SCOPE_PROCESS_ONE_SHOT:
- case POLKIT_AUTHORIZATION_SCOPE_PROCESS:
- if (!polkit_authorization_scope_process_get_pid (auth,
- &pid,
- &pid_start_time)) {
- /* this should never fail */
- g_warning ("Cannot determine (pid,start_time) for authorization");
- goto out;
- }
- if (polkit_sysdeps_get_start_time_for_pid (pid) == pid_start_time) {
- ret = TRUE;
- goto out;
- }
- break;
-
- case POLKIT_AUTHORIZATION_SCOPE_SESSION:
- del_sessions = FALSE;
- if (sessions == NULL) {
- sessions = _get_list_of_sessions (con, uid, error);
- del_sessions = TRUE;
- }
-
- for (i = sessions; i != NULL; i = i->next) {
- char *session_id = i->data;
- if (strcmp (session_id, polkit_authorization_scope_session_get_ck_objref (auth)) == 0) {
- ret = TRUE;
- break;
- }
- }
-
- if (del_sessions) {
- g_slist_foreach (sessions, (GFunc) g_free, NULL);
- g_slist_free (sessions);
- }
- break;
-
- case POLKIT_AUTHORIZATION_SCOPE_ALWAYS:
- ret = TRUE;
- break;
- }
-
-out:
- return ret;
-}
-
-/**
- * polkit_is_authorization_relevant:
- * @con: D-Bus system bus connection
- * @auth: authorization to check for
- * @error: return location for error
- *
- * As explicit authorizations are scoped (process single shot,
- * process, session or everything), they become irrelevant once the
- * entity (process or session) ceases to exist. This function
- * determines whether the authorization is still relevant; it's useful
- * for reporting and graphical tools displaying authorizations.
- *
- * Note that this may do blocking IO to check for session
- * authorizations so it is best avoided if your process already
- * tracks/caches all the information. You can use the
- * polkit_tracker_is_authorization_relevant() method on the
- * #PolKitTracker class for this.
- *
- * Returns: #TRUE if the authorization still applies, #FALSE if an
- * error occurred (then error will be set) or if the entity the
- * authorization refers to has gone out of scope.
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_is_authorization_relevant (DBusConnection *con, PolKitAuthorization *auth, DBusError *error)
-{
- return _polkit_is_authorization_relevant_internal (con, auth, NULL, error);
-}
-
-/**
- * PolKitTracker:
- *
- * Instances of this class are used to cache information about
- * callers; typically this is used in scenarios where the same caller
- * is calling into a mechanism multiple times.
- *
- * Thus, an application can use this class to get the #PolKitCaller
- * object; the class will listen to both NameOwnerChanged and
- * ActivityChanged signals from the message bus and update / retire
- * the #PolKitCaller objects.
- *
- * An example of how to use #PolKitTracker is provided here. First, build the following program
- *
- * <programlisting><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../examples/tracker-example/tracker-example.c" parse="text"><xi:fallback>FIXME: MISSING XINCLUDE CONTENT</xi:fallback></xi:include></programlisting>
- *
- * with
- *
- * <programlisting>gcc -o tracker-example `pkg-config --cflags --libs dbus-glib-1 polkit-dbus` tracker-example.c</programlisting>
- *
- * Then put the following content
- *
- * <programlisting><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../examples/tracker-example/dk.fubar.PolKitTestService.conf" parse="text"><xi:fallback>FIXME: MISSING XINCLUDE CONTENT</xi:fallback></xi:include></programlisting>
- *
- * in the file <literal>/etc/dbus-1/system.d/dk.fubar.PolKitTestService.conf</literal>. Finally,
- * create a small Python client like this
- *
- * <programlisting><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../examples/tracker-example/tracker-example-client.py" parse="text"><xi:fallback>FIXME: MISSING XINCLUDE CONTENT</xi:fallback></xi:include></programlisting>
- *
- * as <literal>tracker-example-client.py</literal>. Now, run <literal>tracker-example</literal>
- * in one window and <literal>tracker-example-client</literal> in another. The output of
- * the former should look like this
- *
- *
- * <programlisting>
- * 18:20:00.414: PolKitCaller: refcount=1 dbus_name=:1.473 uid=500 pid=8636 selinux_context=system_u:system_r:unconfined_t
- * 18:20:00.414: PolKitSession: refcount=1 uid=0 objpath=/org/freedesktop/ConsoleKit/Session1 is_active=1 is_local=1 remote_host=(null)
- * 18:20:00.414: PolKitSeat: refcount=1 objpath=/org/freedesktop/ConsoleKit/Seat1
- *
- * 18:20:01.424: PolKitCaller: refcount=1 dbus_name=:1.473 uid=500 pid=8636 selinux_context=system_u:system_r:unconfined_t
- * 18:20:01.424: PolKitSession: refcount=1 uid=0 objpath=/org/freedesktop/ConsoleKit/Session1 is_active=1 is_local=1 remote_host=(null)
- * 18:20:01.424: PolKitSeat: refcount=1 objpath=/org/freedesktop/ConsoleKit/Seat1
- *
- * 18:20:02.434: PolKitCaller: refcount=1 dbus_name=:1.473 uid=500 pid=8636 selinux_context=system_u:system_r:unconfined_t
- * 18:20:02.434: PolKitSession: refcount=1 uid=0 objpath=/org/freedesktop/ConsoleKit/Session1 is_active=0 is_local=1 remote_host=(null)
- * 18:20:02.434: PolKitSeat: refcount=1 objpath=/org/freedesktop/ConsoleKit/Seat1
- *
- * 18:20:03.445: PolKitCaller: refcount=1 dbus_name=:1.473 uid=500 pid=8636 selinux_context=system_u:system_r:unconfined_t
- * 18:20:03.445: PolKitSession: refcount=1 uid=0 objpath=/org/freedesktop/ConsoleKit/Session1 is_active=1 is_local=1 remote_host=(null)
- * 18:20:03.445: PolKitSeat: refcount=1 objpath=/org/freedesktop/ConsoleKit/Seat1
- * </programlisting>
- *
- * The point of the test program is simply to gather caller
- * information about clients (the small Python program, you may launch
- * multiple instances of it) that repeatedly calls into the D-Bus
- * service; if one runs <literal>strace(1)</literal> in front of the
- * test program one will notice that there is only syscall / IPC
- * overhead (except for printing to stdout) on the first call from the
- * client.
- *
- * The careful reader will notice that, during the testing session, we
- * did a quick VT switch away from the session (and back) which is
- * reflected in the output.
- *
- * These functions are in <literal>libpolkit-dbus</literal>.
- **/
-struct _PolKitTracker {
- int refcount;
- DBusConnection *con;
-
- GHashTable *dbus_name_to_caller;
-
- GHashTable *pid_start_time_to_caller;
-};
-
-typedef struct {
- pid_t pid;
- polkit_uint64_t start_time;
-} _PidStartTimePair;
-
-static _PidStartTimePair *
-_pid_start_time_new (pid_t pid, polkit_uint64_t start_time)
-{
- _PidStartTimePair *obj;
- obj = g_new (_PidStartTimePair, 1);
- obj->pid = pid;
- obj->start_time = start_time;
- return obj;
-}
-
-static guint
-_pid_start_time_hash (gconstpointer a)
-{
- int val;
- _PidStartTimePair *pst = (_PidStartTimePair *) a;
-
- val = pst->pid + ((int) pst->start_time);
-
- return g_int_hash (&val);
-}
-
-static gboolean
-_pid_start_time_equal (gconstpointer a, gconstpointer b)
-{
- _PidStartTimePair *_a = (_PidStartTimePair *) a;
- _PidStartTimePair *_b = (_PidStartTimePair *) b;
-
- return (_a->pid == _b->pid) && (_a->start_time == _b->start_time);
-}
-
-/**
- * polkit_tracker_new:
- *
- * Creates a new #PolKitTracker object.
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Returns: the new object
- *
- * Since: 0.7
- **/
-PolKitTracker *
-polkit_tracker_new (void)
-{
- PolKitTracker *pk_tracker;
- pk_tracker = g_new0 (PolKitTracker, 1);
- pk_tracker->refcount = 1;
- pk_tracker->dbus_name_to_caller = g_hash_table_new_full (g_str_hash,
- g_str_equal,
- g_free,
- (GDestroyNotify) polkit_caller_unref);
- pk_tracker->pid_start_time_to_caller = g_hash_table_new_full (_pid_start_time_hash,
- _pid_start_time_equal,
- g_free,
- (GDestroyNotify) polkit_caller_unref);
- return pk_tracker;
-}
-
-/**
- * polkit_tracker_ref:
- * @pk_tracker: the tracker object
- *
- * Increase reference count.
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Returns: the object
- *
- * Since: 0.7
- **/
-PolKitTracker *
-polkit_tracker_ref (PolKitTracker *pk_tracker)
-{
- g_return_val_if_fail (pk_tracker != NULL, pk_tracker);
- pk_tracker->refcount++;
- return pk_tracker;
-}
-
-/**
- * polkit_tracker_unref:
- * @pk_tracker: the tracker object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Since: 0.7
- **/
-void
-polkit_tracker_unref (PolKitTracker *pk_tracker)
-{
- g_return_if_fail (pk_tracker != NULL);
- pk_tracker->refcount--;
- if (pk_tracker->refcount > 0)
- return;
- g_hash_table_destroy (pk_tracker->dbus_name_to_caller);
- g_hash_table_destroy (pk_tracker->pid_start_time_to_caller);
- dbus_connection_unref (pk_tracker->con);
- g_free (pk_tracker);
-}
-
-/**
- * polkit_tracker_set_system_bus_connection:
- * @pk_tracker: the tracker object
- * @con: the connection to the system message bus
- *
- * Tell the #PolKitTracker object to use the given D-Bus connection
- * when it needs to fetch information from the system message bus and
- * ConsoleKit services. This is used for priming the cache.
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Since: 0.7
- */
-void
-polkit_tracker_set_system_bus_connection (PolKitTracker *pk_tracker, DBusConnection *con)
-{
- g_return_if_fail (pk_tracker != NULL);
- pk_tracker->con = dbus_connection_ref (con);
-}
-
-/**
- * polkit_tracker_init:
- * @pk_tracker: the tracker object
- *
- * Initialize the tracker.
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Since: 0.7
- */
-void
-polkit_tracker_init (PolKitTracker *pk_tracker)
-{
- g_return_if_fail (pk_tracker != NULL);
- /* This is currently a no-op */
-}
-
-/*--------------------------------------------------------------------------------------------------------------*/
-
-static void
-_set_session_inactive_iter (gpointer key, PolKitCaller *caller, const char *session_objpath)
-{
- char *objpath;
- PolKitSession *session;
- if (!polkit_caller_get_ck_session (caller, &session))
- return;
- if (!polkit_session_get_ck_objref (session, &objpath))
- return;
- if (strcmp (objpath, session_objpath) != 0)
- return;
- polkit_session_set_ck_is_active (session, FALSE);
-}
-
-static void
-_set_session_active_iter (gpointer key, PolKitCaller *caller, const char *session_objpath)
-{
- char *objpath;
- PolKitSession *session;
- if (!polkit_caller_get_ck_session (caller, &session))
- return;
- if (!polkit_session_get_ck_objref (session, &objpath))
- return;
- if (strcmp (objpath, session_objpath) != 0)
- return;
- polkit_session_set_ck_is_active (session, TRUE);
-}
-
-static void
-_update_session_is_active (PolKitTracker *pk_tracker, const char *session_objpath, gboolean is_active)
-{
- g_hash_table_foreach (pk_tracker->dbus_name_to_caller,
- (GHFunc) (is_active ? _set_session_active_iter : _set_session_inactive_iter),
- (gpointer) session_objpath);
-}
-
-/*--------------------------------------------------------------------------------------------------------------*/
-
-static gboolean
-_remove_caller_by_session_iter (gpointer key, PolKitCaller *caller, const char *session_objpath)
-{
- char *objpath;
- PolKitSession *session;
- if (!polkit_caller_get_ck_session (caller, &session))
- return FALSE;
- if (!polkit_session_get_ck_objref (session, &objpath))
- return FALSE;
- if (strcmp (objpath, session_objpath) != 0)
- return FALSE;
- return TRUE;
-}
-
-static void
-_remove_caller_by_session (PolKitTracker *pk_tracker, const char *session_objpath)
-{
- g_hash_table_foreach_remove (pk_tracker->dbus_name_to_caller,
- (GHRFunc) _remove_caller_by_session_iter,
- (gpointer) session_objpath);
-}
-
-/*--------------------------------------------------------------------------------------------------------------*/
-
-static gboolean
-_remove_caller_by_dbus_name_iter (gpointer key, PolKitCaller *caller, const char *dbus_name)
-{
- char *name;
- if (!polkit_caller_get_dbus_name (caller, &name))
- return FALSE;
- if (strcmp (name, dbus_name) != 0)
- return FALSE;
- return TRUE;
-}
-
-static void
-_remove_caller_by_dbus_name (PolKitTracker *pk_tracker, const char *dbus_name)
-{
- g_hash_table_foreach_remove (pk_tracker->dbus_name_to_caller,
- (GHRFunc) _remove_caller_by_dbus_name_iter,
- (gpointer) dbus_name);
-}
-
-/*--------------------------------------------------------------------------------------------------------------*/
-
-/**
- * polkit_tracker_dbus_func:
- * @pk_tracker: the tracker object
- * @message: message to pass
- *
- * The owner of the #PolKitTracker object must pass signals from the
- * system message bus (just NameOwnerChanged will do) and all signals
- * from the ConsoleKit service into this function.
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Returns: #TRUE only if there was a change in the ConsoleKit database.
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_tracker_dbus_func (PolKitTracker *pk_tracker, DBusMessage *message)
-{
- gboolean ret;
-
- ret = FALSE;
-
- if (dbus_message_is_signal (message, DBUS_INTERFACE_DBUS, "NameOwnerChanged")) {
- char *name;
- char *new_service_name;
- char *old_service_name;
-
- if (!dbus_message_get_args (message, NULL,
- DBUS_TYPE_STRING, &name,
- DBUS_TYPE_STRING, &old_service_name,
- DBUS_TYPE_STRING, &new_service_name,
- DBUS_TYPE_INVALID)) {
-
- /* TODO: should be _pk_critical */
- _pk_debug ("The NameOwnerChanged signal on the " DBUS_INTERFACE_DBUS " "
- "interface has the wrong signature! Your system is misconfigured.");
- goto out;
- }
-
- if (strlen (new_service_name) == 0) {
- _remove_caller_by_dbus_name (pk_tracker, name);
- }
-
- } else if (dbus_message_is_signal (message, "org.freedesktop.ConsoleKit.Session", "ActiveChanged")) {
- dbus_bool_t is_active;
- DBusError error;
- const char *session_objpath;
-
- ret = TRUE;
-
- dbus_error_init (&error);
- session_objpath = dbus_message_get_path (message);
- if (!dbus_message_get_args (message, &error,
- DBUS_TYPE_BOOLEAN, &is_active,
- DBUS_TYPE_INVALID)) {
-
- /* TODO: should be _pk_critical */
- g_warning ("The ActiveChanged signal on the org.freedesktop.ConsoleKit.Session "
- "interface for object %s has the wrong signature! "
- "Your system is misconfigured.", session_objpath);
-
- /* as a security measure, remove all sessions with this path from the cache;
- * cuz then the user of PolKitTracker probably gets to deal with a DBusError
- * the next time he tries something...
- */
- _remove_caller_by_session (pk_tracker, session_objpath);
- goto out;
- }
-
- /* now go through all Caller objects and update the is_active field as appropriate */
- _update_session_is_active (pk_tracker, session_objpath, is_active);
-
- } else if (dbus_message_is_signal (message, "org.freedesktop.ConsoleKit.Seat", "SessionAdded")) {
- DBusError error;
- const char *seat_objpath;
- const char *session_objpath;
-
- /* If a session is added, update our list of sessions.. also notify the user.. */
-
- ret = TRUE;
-
- dbus_error_init (&error);
- seat_objpath = dbus_message_get_path (message);
- if (!dbus_message_get_args (message, &error,
- DBUS_TYPE_STRING, &session_objpath,
- DBUS_TYPE_INVALID)) {
-
- /* TODO: should be _pk_critical */
- g_warning ("The SessionAdded signal on the org.freedesktop.ConsoleKit.Seat "
- "interface for object %s has the wrong signature! "
- "Your system is misconfigured.", seat_objpath);
-
- goto out;
- }
-
- /* TODO: add to sessions - see polkit_tracker_is_authorization_relevant() */
-
- } else if (dbus_message_is_signal (message, "org.freedesktop.ConsoleKit.Seat", "SessionRemoved")) {
- DBusError error;
- const char *seat_objpath;
- const char *session_objpath;
-
- /* If a session is removed, authorizations scoped for that session
- * may become inactive.. so do notify the user about it..
- */
-
- ret = TRUE;
-
- dbus_error_init (&error);
- seat_objpath = dbus_message_get_path (message);
- if (!dbus_message_get_args (message, &error,
- DBUS_TYPE_STRING, &session_objpath,
- DBUS_TYPE_INVALID)) {
-
- /* TODO: should be _pk_critical */
- g_warning ("The SessionRemoved signal on the org.freedesktop.ConsoleKit.Seat "
- "interface for object %s has the wrong signature! "
- "Your system is misconfigured.", seat_objpath);
-
- goto out;
- }
-
- _remove_caller_by_session (pk_tracker, session_objpath);
-
- /* TODO: remove from sessions - see polkit_tracker_is_authorization_relevant() */
- }
-
- /* TODO: when ConsoleKit gains the ability to attach/detach a session to a seat (think
- * hot-desking), we want to update our local caches too
- */
-
-out:
- return ret;
-}
-
-/**
- * polkit_tracker_get_caller_from_dbus_name:
- * @pk_tracker: the tracker object
- * @dbus_name: unique name on the system message bus
- * @error: D-Bus error
- *
- * This function is similar to polkit_caller_new_from_dbus_name()
- * except that it uses the cache in #PolKitTracker. So on the second
- * and subsequent calls, for the same D-Bus name, there will be no
- * syscall or IPC overhead in calling this function.
- *
- * Returns: A #PolKitCaller object; the caller must use
- * polkit_caller_unref() on the object when done with it. Returns
- * #NULL if an error occured (in which case error will be set).
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Since: 0.7
- */
-PolKitCaller *
-polkit_tracker_get_caller_from_dbus_name (PolKitTracker *pk_tracker, const char *dbus_name, DBusError *error)
-{
- PolKitCaller *caller;
-
- g_return_val_if_fail (pk_tracker != NULL, NULL);
- g_return_val_if_fail (pk_tracker->con != NULL, NULL);
- g_return_val_if_fail (! dbus_error_is_set (error), NULL);
-
- /* g_debug ("Looking up cache for PolKitCaller for dbus_name %s...", dbus_name); */
-
- caller = g_hash_table_lookup (pk_tracker->dbus_name_to_caller, dbus_name);
- if (caller != NULL)
- return polkit_caller_ref (caller);
-
- /* g_debug ("Have to compute PolKitCaller for dbus_name %s...", dbus_name); */
-
- caller = polkit_caller_new_from_dbus_name (pk_tracker->con, dbus_name, error);
- if (caller == NULL)
- return NULL;
-
- g_hash_table_insert (pk_tracker->dbus_name_to_caller, g_strdup (dbus_name), caller);
- return polkit_caller_ref (caller);
-}
-
-
-/**
- * polkit_tracker_get_caller_from_pid:
- * @pk_tracker: the tracker object
- * @pid: UNIX process id to look at
- * @error: D-Bus error
- *
- * This function is similar to polkit_caller_new_from_pid()
- * except that it uses the cache in #PolKitTracker. So on the second
- * and subsequent calls, for the same D-Bus name, there will be no
- * IPC overhead in calling this function.
- *
- * There will be some syscall overhead to lookup the time when the
- * given process is started (on Linux, looking up /proc/$pid/stat);
- * this is needed because pid's can be recycled and the cache thus
- * needs to record this in addition to the pid.
- *
- * Returns: A #PolKitCaller object; the caller must use
- * polkit_caller_unref() on the object when done with it. Returns
- * #NULL if an error occured (in which case error will be set).
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Since: 0.7
- */
-PolKitCaller *
-polkit_tracker_get_caller_from_pid (PolKitTracker *pk_tracker, pid_t pid, DBusError *error)
-{
- PolKitCaller *caller;
- polkit_uint64_t start_time;
- _PidStartTimePair *pst;
-
- g_return_val_if_fail (pk_tracker != NULL, NULL);
- g_return_val_if_fail (pk_tracker->con != NULL, NULL);
- g_return_val_if_fail (! dbus_error_is_set (error), NULL);
-
- start_time = polkit_sysdeps_get_start_time_for_pid (pid);
- if (start_time == 0) {
- if (error != NULL) {
- dbus_set_error (error,
- "org.freedesktop.PolicyKit",
- "Cannot look up start time for pid %d", pid);
- }
- return NULL;
- }
-
- pst = _pid_start_time_new (pid, start_time);
-
- /* g_debug ("Looking up cache for pid %d (start_time %lld)...", pid, start_time); */
-
- caller = g_hash_table_lookup (pk_tracker->pid_start_time_to_caller, pst);
- if (caller != NULL) {
- g_free (pst);
- return polkit_caller_ref (caller);
- }
-
- /* g_debug ("Have to compute PolKitCaller from pid %d (start_time %lld)...", pid, start_time); */
-
- caller = polkit_caller_new_from_pid (pk_tracker->con, pid, error);
- if (caller == NULL) {
- g_free (pst);
- return NULL;
- }
-
- /* TODO: we need to evict old entries..
- *
- * Say, timestamp the entries in _PidStartTimePair and do
- * garbage collection every hour or so (e.g. record when we
- * last did garbage collection and check this time on the next
- * call into this function).
- */
-
- g_hash_table_insert (pk_tracker->pid_start_time_to_caller, pst, caller);
- return polkit_caller_ref (caller);
-}
-
-
-/**
- * polkit_tracker_is_authorization_relevant:
- * @pk_tracker: the tracker
- * @auth: authorization to check for
- * @error: return location for error
- *
- * As explicit authorizations are scoped (process single shot,
- * process, session or everything), they become irrelevant once the
- * entity (process or session) ceases to exist. This function
- * determines whether the authorization is still relevant; it's useful
- * for reporting and graphical tools displaying authorizations.
- *
- * This function is similar to polkit_is_authorization_relevant() only
- * that it avoids IPC overhead on the 2nd and subsequent calls when
- * checking authorizations scoped for a session.
- *
- * Returns: #TRUE if the authorization still applies, #FALSE if an
- * error occurred (then error will be set) or if the entity the
- * authorization refers to has gone out of scope.
- *
- * This function is in <literal>libpolkit-dbus</literal>.
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_tracker_is_authorization_relevant (PolKitTracker *pk_tracker, PolKitAuthorization *auth, DBusError *error)
-{
-
- g_return_val_if_fail (pk_tracker != NULL, FALSE);
- g_return_val_if_fail (pk_tracker->con != NULL, FALSE);
- g_return_val_if_fail (! dbus_error_is_set (error), FALSE);
-
- /* TODO: optimize... in order to do this sanely we need CK's Manager object to export
- * a method GetAllSessions() - otherwise we'd need to key off every uid.
- *
- * It's no biggie we don't have this optimization yet.. it's only used by polkit-auth(1)
- * and the GNOME utility for managing authorizations.
- */
- return _polkit_is_authorization_relevant_internal (pk_tracker->con, auth, NULL, error);
-}
diff --git a/polkit-dbus/polkit-dbus.h b/polkit-dbus/polkit-dbus.h
deleted file mode 100644
index 98f2353..0000000
--- a/polkit-dbus/polkit-dbus.h
+++ /dev/null
@@ -1,66 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-dbus.h : helper library for obtaining seat, session and
- * caller information via D-Bus and ConsoleKit
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#ifndef POLKIT_DBUS_H
-#define POLKIT_DBUS_H
-
-#include <polkit/polkit.h>
-#include <dbus/dbus.h>
-
-POLKIT_BEGIN_DECLS
-
-PolKitSession *polkit_session_new_from_objpath (DBusConnection *con, const char *objpath, uid_t uid, DBusError *error);
-PolKitSession *polkit_session_new_from_cookie (DBusConnection *con, const char *cookie, DBusError *error);
-
-PolKitCaller *polkit_caller_new_from_dbus_name (DBusConnection *con, const char *dbus_name, DBusError *error);
-
-PolKitCaller *polkit_caller_new_from_pid (DBusConnection *con, pid_t pid, DBusError *error);
-
-polkit_bool_t polkit_is_authorization_relevant (DBusConnection *con, PolKitAuthorization *auth, DBusError *error);
-
-
-struct _PolKitTracker;
-typedef struct _PolKitTracker PolKitTracker;
-
-PolKitTracker *polkit_tracker_new (void);
-PolKitTracker *polkit_tracker_ref (PolKitTracker *pk_tracker);
-void polkit_tracker_unref (PolKitTracker *pk_tracker);
-void polkit_tracker_set_system_bus_connection (PolKitTracker *pk_tracker, DBusConnection *con);
-void polkit_tracker_init (PolKitTracker *pk_tracker);
-
-polkit_bool_t polkit_tracker_dbus_func (PolKitTracker *pk_tracker, DBusMessage *message);
-
-PolKitCaller *polkit_tracker_get_caller_from_dbus_name (PolKitTracker *pk_tracker, const char *dbus_name, DBusError *error);
-
-PolKitCaller *polkit_tracker_get_caller_from_pid (PolKitTracker *pk_tracker, pid_t pid, DBusError *error);
-
-polkit_bool_t polkit_tracker_is_authorization_relevant (PolKitTracker *pk_tracker, PolKitAuthorization *auth, DBusError *error);
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_DBUS_H */
-
-
diff --git a/polkit-dbus/polkit-read-auth-helper.c b/polkit-dbus/polkit-read-auth-helper.c
deleted file mode 100644
index 3a067d9..0000000
--- a/polkit-dbus/polkit-read-auth-helper.c
+++ /dev/null
@@ -1,471 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-read-auth-helper.c : setgid polkituser helper for PolicyKit
- * to read authorizations
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#define _GNU_SOURCE
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <security/pam_appl.h>
-#include <grp.h>
-#include <pwd.h>
-#include <syslog.h>
-#include <errno.h>
-#include <string.h>
-#include <utime.h>
-#include <fcntl.h>
-#include <dirent.h>
-
-#include <polkit-dbus/polkit-dbus.h>
-
-/* This is a bit incestuous; we are, effectively, calling into
- * ourselves.. it's safe though; this function will never get hit..
- */
-static polkit_bool_t
-check_for_auth (uid_t caller_uid, pid_t caller_pid)
-{
- polkit_bool_t ret;
- DBusError error;
- DBusConnection *bus;
- PolKitCaller *caller;
- PolKitAction *action;
- PolKitContext *context;
- PolKitError *pk_error;
- PolKitResult pk_result;
-
- ret = FALSE;
-
- dbus_error_init (&error);
- bus = dbus_bus_get (DBUS_BUS_SYSTEM, &error);
- if (bus == NULL) {
- fprintf (stderr, "polkit-read-auth-helper: cannot connect to system bus: %s: %s\n",
- error.name, error.message);
- dbus_error_free (&error);
- goto out;
- }
-
- caller = polkit_caller_new_from_pid (bus, caller_pid, &error);
- if (caller == NULL) {
- fprintf (stderr, "polkit-read-auth-helper: cannot get caller from pid: %s: %s\n",
- error.name, error.message);
- goto out;
- }
-
- action = polkit_action_new ();
- if (action == NULL) {
- fprintf (stderr, "polkit-read-auth-helper: cannot allocate PolKitAction\n");
- goto out;
- }
- if (!polkit_action_set_action_id (action, "org.freedesktop.policykit.read")) {
- fprintf (stderr, "polkit-read-auth-helper: cannot set action_id\n");
- goto out;
- }
-
- context = polkit_context_new ();
- if (context == NULL) {
- fprintf (stderr, "polkit-read-auth-helper: cannot allocate PolKitContext\n");
- goto out;
- }
-
- pk_error = NULL;
- if (!polkit_context_init (context, &pk_error)) {
- fprintf (stderr, "polkit-read-auth-helper: cannot initialize polkit context: %s: %s\n",
- polkit_error_get_error_name (pk_error),
- polkit_error_get_error_message (pk_error));
- polkit_error_free (pk_error);
- goto out;
- }
-
- pk_result = polkit_context_is_caller_authorized (context, action, caller, FALSE, &pk_error);
- if (polkit_error_is_set (pk_error)) {
-
- if (polkit_error_get_error_code (pk_error) ==
- POLKIT_ERROR_NOT_AUTHORIZED_TO_READ_AUTHORIZATIONS_FOR_OTHER_USERS) {
- polkit_error_free (pk_error);
- pk_error = NULL;
- } else {
- fprintf (stderr, "polkit-read-auth-helper: cannot determine if caller is authorized: %s: %s\n",
- polkit_error_get_error_name (pk_error),
- polkit_error_get_error_message (pk_error));
- polkit_error_free (pk_error);
- goto out;
- }
- }
-
- if (pk_result != POLKIT_RESULT_YES) {
- /* having 'grant' (which is a lot more powerful) is also sufficient.. this is because 'read'
- * is required to 'grant' (to check if there's a similar authorization already)
- */
- if (!polkit_action_set_action_id (action, "org.freedesktop.policykit.grant")) {
- fprintf (stderr, "polkit-read-auth-helper: cannot set action_id\n");
- goto out;
- }
-
- pk_result = polkit_context_is_caller_authorized (context, action, caller, FALSE, &pk_error);
- if (polkit_error_is_set (pk_error)) {
- fprintf (stderr, "polkit-read-auth-helper: cannot determine if caller is authorized: %s: %s\n",
- polkit_error_get_error_name (pk_error),
- polkit_error_get_error_message (pk_error));
- polkit_error_free (pk_error);
- goto out;
- }
-
- if (pk_result != POLKIT_RESULT_YES) {
- goto out;
- }
- }
-
- ret = TRUE;
-out:
-
- return ret;
-}
-
-static polkit_bool_t
-dump_auths_from_file (const char *path, uid_t uid)
-{
- int ret;
- int fd;
- char buf[256];
- struct stat statbuf;
- ssize_t num_bytes_read;
- ssize_t num_bytes_to_read;
- ssize_t num_bytes_remaining_to_read;
- ssize_t num_bytes_to_write;
- ssize_t num_bytes_written;
- ssize_t num_bytes_remaining_to_write;
- polkit_bool_t have_written_uid;
-
- ret = FALSE;
-
- if (stat (path, &statbuf) != 0) {
- /* this is fine; the file does not have to exist.. */
- if (errno == ENOENT) {
- ret = TRUE;
- goto out;
- }
- fprintf (stderr, "polkit-read-auth-helper: cannot stat %s: %m\n", path);
- goto out;
- }
-
- fd = open (path, O_RDONLY);
- if (fd < 0) {
- fprintf (stderr, "polkit-read-auth-helper: cannot open %s: %m\n", path);
- goto out;
- }
-
- num_bytes_remaining_to_read = statbuf.st_size;
-
- have_written_uid = FALSE;
- while (num_bytes_remaining_to_read > 0) {
-
- /* start with writing the uid - this is necessary when dumping all authorizations via uid=1 */
- if (!have_written_uid) {
- have_written_uid = TRUE;
- snprintf (buf, sizeof (buf), "#uid=%d\n", uid);
- num_bytes_read = strlen (buf);
- } else {
-
- if (num_bytes_remaining_to_read > (ssize_t) sizeof (buf))
- num_bytes_to_read = (ssize_t) sizeof (buf);
- else
- num_bytes_to_read = num_bytes_remaining_to_read;
-
- again:
- num_bytes_read = read (fd, buf, num_bytes_to_read);
- if (num_bytes_read == -1) {
- if (errno == EAGAIN || errno == EINTR) {
- goto again;
- } else {
- fprintf (stderr, "polkit-read-auth-helper: error reading file %s: %m\n", path);
- close (fd);
- goto out;
- }
- }
-
- num_bytes_remaining_to_read -= num_bytes_read;
- }
-
- /* write to stdout */
- num_bytes_to_write = num_bytes_read;
- num_bytes_remaining_to_write = num_bytes_read;
-
- while (num_bytes_remaining_to_write > 0) {
- again_write:
- num_bytes_written = write (STDOUT_FILENO,
- buf + (num_bytes_to_write - num_bytes_remaining_to_write),
- num_bytes_remaining_to_write);
- if (num_bytes_written == -1) {
- if (errno == EAGAIN || errno == EINTR) {
- goto again_write;
- } else {
- fprintf (stderr, "polkit-read-auth-helper: error writing to stdout: %m\n");
- close (fd);
- goto out;
- }
- }
-
- num_bytes_remaining_to_write -= num_bytes_written;
- }
-
- }
-
-
- close (fd);
-
- ret = TRUE;
-
-out:
- return ret;
-}
-
-static polkit_bool_t
-dump_auths_all (const char *root)
-{
- DIR *dir;
- int dfd;
- struct dirent64 *d;
- polkit_bool_t ret;
-
- ret = FALSE;
-
- dir = opendir (root);
- if (dir == NULL) {
- fprintf (stderr, "polkit-read-auth-helper: error calling opendir on %s: %m\n", root);
- goto out;
- }
-
- dfd = dirfd (dir);
- if (dfd == -1) {
- fprintf (stderr, "polkit-read-auth-helper: error calling dirfd(): %m\n");
- goto out;
- }
-
- while ((d = readdir64(dir)) != NULL) {
- unsigned int n, m;
- uid_t uid;
- size_t name_len;
- char *filename;
- char username[PATH_MAX];
- char path[PATH_MAX];
- static const char suffix[] = ".auths";
- struct passwd *pw;
-
- if (d->d_type != DT_REG)
- continue;
-
- if (d->d_name == NULL)
- continue;
-
- filename = d->d_name;
- name_len = strlen (filename);
- if (name_len < sizeof (suffix))
- continue;
-
- if (strcmp ((filename + name_len - sizeof (suffix) + 1), suffix) != 0)
- continue;
-
- /* find the user name.. */
- for (n = 0; n < name_len; n++) {
- if (filename[n] == '-')
- break;
- }
- if (filename[n] == '\0') {
- fprintf (stderr, "polkit-read-auth-helper: file name '%s' is malformed (1)\n", filename);
- continue;
- }
- n++;
- m = n;
- for ( ; n < name_len; n++) {
- if (filename[n] == '.')
- break;
- }
-
- if (filename[n] == '\0') {
- fprintf (stderr, "polkit-read-auth-helper: file name '%s' is malformed (2)\n", filename);
- continue;
- }
- if (n - m > sizeof (username) - 1) {
- fprintf (stderr, "polkit-read-auth-helper: file name '%s' is malformed (3)\n", filename);
- continue;
- }
- strncpy (username, filename + m, n - m);
- username[n - m] = '\0';
-
- pw = getpwnam (username);
- if (pw == NULL) {
- fprintf (stderr, "polkit-read-auth-helper: cannot look up uid for username %s\n", username);
- continue;
- }
- uid = pw->pw_uid;
-
- if (snprintf (path, sizeof (path), "%s/%s", root, filename) >= (int) sizeof (path)) {
- fprintf (stderr, "polkit-read-auth-helper: string was truncated (1)\n");
- goto out;
- }
-
- if (!dump_auths_from_file (path, uid))
- goto out;
- }
-
- ret = TRUE;
-
-out:
- if (dir != NULL)
- closedir(dir);
- return ret;
-}
-
-static polkit_bool_t
-dump_auths_for_uid (const char *root, uid_t uid)
-{
- char path[256];
- struct passwd *pw;
-
- pw = getpwuid (uid);
- if (pw == NULL) {
- fprintf (stderr, "polkit-read-auth-helper: cannot lookup user name for uid %d\n", uid);
- return FALSE;
- }
-
- if (snprintf (path, sizeof (path), "%s/user-%s.auths", root, pw->pw_name) >= (int) sizeof (path)) {
- fprintf (stderr, "polkit-read-auth-helper: string was truncated (1)\n");
- return FALSE;
- }
-
- return dump_auths_from_file (path, uid);
-}
-
-
-int
-main (int argc, char *argv[])
-{
- int ret;
- gid_t egid;
- struct group *group;
- uid_t caller_uid;
- uid_t requesting_info_for_uid;
- char *endp;
- struct passwd *pw;
- uid_t uid_for_polkit_user;
-
- ret = 1;
- /* clear the entire environment to avoid attacks using with libraries honoring environment variables */
- //if (clearenv () != 0)
- // goto out;
- /* set a minimal environment */
- //setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
-
- openlog ("polkit-read-auth-helper", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
-
- /* check for correct invocation */
- if (argc != 2) {
- syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
- fprintf (stderr, "polkit-read-auth-helper: wrong number of arguments. This incident has been logged.\n");
- goto out;
- }
-
- caller_uid = getuid ();
-
- /* check we're running with a non-tty stdin */
- if (isatty (STDIN_FILENO) != 0) {
- syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ());
- fprintf (stderr, "polkit-read-auth-helper: inappropriate use of helper, stdin is a tty. This incident has been logged.\n");
- goto out;
- }
-
- /* check that we are setgid polkituser */
- egid = getegid ();
- group = getgrgid (egid);
- if (group == NULL) {
- fprintf (stderr, "polkit-read-auth-helper: cannot lookup group info for gid %d\n", egid);
- goto out;
- }
- if (strcmp (group->gr_name, POLKIT_GROUP) != 0) {
- fprintf (stderr, "polkit-read-auth-helper: needs to be setgid " POLKIT_GROUP "\n");
- goto out;
- }
-
- pw = getpwnam (POLKIT_USER);
- if (pw == NULL) {
- fprintf (stderr, "polkit-read-auth-helper: cannot lookup uid for " POLKIT_USER "\n");
- goto out;
- }
- uid_for_polkit_user = pw->pw_uid;
-
- /*----------------------------------------------------------------------------------------------------*/
-
- requesting_info_for_uid = strtoul (argv[1], &endp, 10);
- if (*endp != '\0') {
- fprintf (stderr, "polkit-read-auth-helper: requesting_info_for_uid malformed (3)\n");
- goto out;
- }
-
- /* uid 0 and user polkituser is allowed to read anything */
- if (caller_uid != 0 && caller_uid != uid_for_polkit_user) {
- if (caller_uid != requesting_info_for_uid) {
-
- /* see if calling user has the
- *
- * org.freedesktop.policykit.read
- *
- * authorization
- */
- if (!check_for_auth (caller_uid, getppid ())) {
- //fprintf (stderr,
- // "polkit-read-auth-helper: uid %d cannot read authorizations for uid %d.\n",
- // caller_uid,
- // requesting_info_for_uid);
- goto out;
- }
- }
- }
-
- if (requesting_info_for_uid == (uid_t) -1) {
- if (!dump_auths_all (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit"))
- goto out;
-
- if (!dump_auths_all (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit"))
- goto out;
- } else {
- if (!dump_auths_for_uid (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit", requesting_info_for_uid))
- goto out;
-
- if (!dump_auths_for_uid (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit", requesting_info_for_uid))
- goto out;
- }
-
- ret = 0;
-
-out:
- return ret;
-}
-
diff --git a/polkit-grant/Makefile.am b/polkit-grant/Makefile.am
deleted file mode 100644
index 05a2ee5..0000000
--- a/polkit-grant/Makefile.am
+++ /dev/null
@@ -1,89 +0,0 @@
-## Process this file with automake to produce Makefile.in
-
-INCLUDES = \
- -I$(top_builddir) -I$(top_srcdir) \
- -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
- -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
- -DPACKAGE_DATA_DIR=\""$(datadir)"\" \
- -DPACKAGE_BIN_DIR=\""$(bindir)"\" \
- -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \
- -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \
- -DPACKAGE_LIB_DIR=\""$(libdir)"\" \
- -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \
- -DPOLKIT_COMPILATION \
- @GLIB_CFLAGS@ @DBUS_CFLAGS@
-
-lib_LTLIBRARIES=libpolkit-grant.la
-
-libpolkit_grantincludedir=$(includedir)/PolicyKit/polkit-grant
-
-libpolkit_grantinclude_HEADERS = \
- polkit-grant.h
-
-libpolkit_grant_la_SOURCES = \
- polkit-grant.h polkit-grant.c
-
-
-if POLKIT_AUTHDB_DUMMY
-libpolkit_grant_la_SOURCES += polkit-authorization-db-dummy-write.c
-endif
-
-if POLKIT_AUTHDB_DEFAULT
-libpolkit_grant_la_SOURCES += polkit-authorization-db-write.c
-endif
-
-libpolkit_grant_la_LIBADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/polkit/libpolkit.la
-
-libpolkit_grant_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
-
-# Only if the authdb backend has the capability POLKIT_AUTHORIZATION_DB_CAPABILITY_CAN_OBTAIN
-# then the backend must supply the /usr/libexec/polkit-grant-helper program.. also remember to
-# adjust the PAM stuff in data/Makefile.am
-#
-if POLKIT_AUTHDB_DEFAULT
-libexec_PROGRAMS = polkit-grant-helper polkit-grant-helper-pam polkit-explicit-grant-helper polkit-revoke-helper
-
-polkit_grant_helper_SOURCES = polkit-grant-helper.c
-polkit_grant_helper_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/polkit/libpolkit.la $(top_builddir)/polkit-dbus/libpolkit-dbus.la $(top_builddir)/polkit-grant/libpolkit-grant.la
-
-polkit_grant_helper_pam_SOURCES = polkit-grant-helper-pam.c
-polkit_grant_helper_pam_LDADD = @AUTH_LIBS@
-
-polkit_explicit_grant_helper_SOURCES = polkit-explicit-grant-helper.c
-polkit_explicit_grant_helper_CFLAGS = @DBUS_CFLAGS@
-polkit_explicit_grant_helper_LDADD = $(top_builddir)/polkit/libpolkit.la $(top_builddir)/polkit-dbus/libpolkit-dbus.la $(top_builddir)/polkit-grant/libpolkit-grant.la
-
-polkit_revoke_helper_SOURCES = polkit-revoke-helper.c
-polkit_revoke_helper_CFLAGS = @DBUS_CFLAGS@
-polkit_revoke_helper_LDADD = $(top_builddir)/polkit/libpolkit.la $(top_builddir)/polkit-dbus/libpolkit-dbus.la
-
-# polkit-grant-helper needs to be setgid polkituser to be able to
-# write cookies to /var/lib/PolicyKit and /var/run/PolicyKit
-#
-# polkit-grant-helper-pam need to be setuid root because it's used to
-# authenticate not only the invoking user, but possibly also root
-# and/or other users. As only polkit-grant-helper will invoke it
-# we make it owned by the polkitiuser group and non-readable /
-# non-executable to the world
-#
-# polkit-explicit-grant-helper needs to be setgid $POLKIT_GROUP to be
-# able to edit authorization files in /var/lib/PolicyKit and
-# /var/run/PolicyKit
-#
-# polkit-revoke-helper needs to be setgid $POLKIT_GROUP to be able to
-# edit authorization files in /var/lib/PolicyKit and
-# /var/run/PolicyKit
-#
-install-exec-hook:
- -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-grant-helper
- -chmod 2755 $(DESTDIR)$(libexecdir)/polkit-grant-helper
- -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-grant-helper-pam
- -chmod 4750 $(DESTDIR)$(libexecdir)/polkit-grant-helper-pam
- -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-explicit-grant-helper
- -chmod 2755 $(DESTDIR)$(libexecdir)/polkit-explicit-grant-helper
- -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-revoke-helper
- -chmod 2755 $(DESTDIR)$(libexecdir)/polkit-revoke-helper
-endif
-
-clean-local :
- rm -f *~ $(BUILT_SOURCES)
diff --git a/polkit-grant/polkit-authorization-db-dummy-write.c b/polkit-grant/polkit-authorization-db-dummy-write.c
deleted file mode 100644
index 9852da1..0000000
--- a/polkit-grant/polkit-authorization-db-dummy-write.c
+++ /dev/null
@@ -1,96 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-authorization-db.c : Dummy authorization database
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/wait.h>
-#include <errno.h>
-#include <string.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <pwd.h>
-
-#include <glib.h>
-
-#include <polkit/polkit-debug.h>
-#include <polkit/polkit-authorization-db.h>
-#include <polkit/polkit-utils.h>
-#include <polkit/polkit-private.h>
-
-/* PolKitAuthorizationDB structure is defined in polkit/polkit-private.h */
-
-polkit_bool_t
-polkit_authorization_db_add_entry_process_one_shot (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitCaller *caller,
- uid_t user_authenticated_as)
-{
- return FALSE;
-}
-
-polkit_bool_t
-polkit_authorization_db_add_entry_process (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitCaller *caller,
- uid_t user_authenticated_as)
-{
- return FALSE;
-}
-
-polkit_bool_t
-polkit_authorization_db_add_entry_session (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitCaller *caller,
- uid_t user_authenticated_as)
-{
- return FALSE;
-}
-
-polkit_bool_t
-polkit_authorization_db_add_entry_always (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitCaller *caller,
- uid_t user_authenticated_as)
-{
- return FALSE;
-}
-
-polkit_bool_t
-polkit_authorization_db_grant_to_uid (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- uid_t uid,
- PolKitAuthorizationConstraint *constraint,
- PolKitError **error)
-{
- polkit_error_set_error (error, POLKIT_ERROR_NOT_SUPPORTED, "Not supported");
- return FALSE;
-}
diff --git a/polkit-grant/polkit-authorization-db-write.c b/polkit-grant/polkit-authorization-db-write.c
deleted file mode 100644
index 145aed9..0000000
--- a/polkit-grant/polkit-authorization-db-write.c
+++ /dev/null
@@ -1,680 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-authorization-db.c : Represents the authorization database
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/wait.h>
-#include <errno.h>
-#include <string.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <pwd.h>
-
-#include <glib.h>
-
-#include <polkit/polkit-debug.h>
-#include <polkit/polkit-authorization-db.h>
-#include <polkit/polkit-utils.h>
-#include <polkit/polkit-private.h>
-
-/**
- * SECTION:polkit-authorization-db
- **/
-
-
-static polkit_bool_t
-_write_to_fd (int fd, const char *str, ssize_t str_len)
-{
- polkit_bool_t ret;
- ssize_t written;
-
- ret = FALSE;
-
- written = 0;
- while (written < str_len) {
- ssize_t ret;
- ret = write (fd, str + written, str_len - written);
- if (ret < 0) {
- if (errno == EAGAIN || errno == EINTR) {
- continue;
- } else {
- goto out;
- }
- }
- written += ret;
- }
-
- ret = TRUE;
-
-out:
- return ret;
-}
-
-polkit_bool_t
-_polkit_authorization_db_auth_file_add (const char *root, polkit_bool_t transient, uid_t uid, char *str_to_add)
-{
- int fd;
- char *contents;
- gsize contents_size;
- char *path;
- char *path_tmp;
- GError *error;
- polkit_bool_t ret;
- struct stat statbuf;
- struct passwd *pw;
-
- ret = FALSE;
- path = NULL;
- path_tmp = NULL;
- contents = NULL;
-
- pw = getpwuid (uid);
- if (pw == NULL) {
- g_warning ("cannot lookup user name for uid %d\n", uid);
- goto out;
- }
-
- path = g_strdup_printf ("%s/user-%s.auths", root, pw->pw_name);
- path_tmp = g_strdup_printf ("%s.XXXXXX", path);
-
- if (stat (path, &statbuf) != 0 && errno == ENOENT) {
- //fprintf (stderr, "path=%s does not exist (egid=%d): %m!\n", path, getegid ());
-
- g_free (path_tmp);
- path_tmp = path;
- path = NULL;
-
- /* Write a nice blurb if we're creating the file for the first time */
-
- contents = g_strdup_printf (
- "# This file lists authorizations for user %s\n"
- "%s"
- "# \n"
- "# File format may change at any time; do not rely on it. To manage\n"
- "# authorizations use polkit-auth(1) instead.\n"
- "\n",
- pw->pw_name,
- transient ? "# (these are temporary and will be removed on the next system boot)\n" : "");
- contents_size = strlen (contents);
- } else {
- error = NULL;
- if (!g_file_get_contents (path, &contents, &contents_size, &error)) {
- g_warning ("Cannot read authorizations file %s: %s", path, error->message);
- g_error_free (error);
- goto out;
- }
- }
-
- if (path != NULL) {
- fd = mkstemp (path_tmp);
- if (fd < 0) {
- fprintf (stderr, "Cannot create file '%s': %m\n", path_tmp);
- goto out;
- }
- if (fchmod (fd, 0464) != 0) {
- fprintf (stderr, "Cannot change mode for '%s' to 0460: %m\n", path_tmp);
- close (fd);
- unlink (path_tmp);
- goto out;
- }
- } else {
- fd = open (path_tmp, O_RDWR|O_CREAT, 0464);
- if (fd < 0) {
- fprintf (stderr, "Cannot create file '%s': %m\n", path_tmp);
- goto out;
- }
- }
-
- if (!_write_to_fd (fd, contents, contents_size)) {
- g_warning ("Cannot write to temporary authorizations file %s: %m", path_tmp);
- close (fd);
- if (unlink (path_tmp) != 0) {
- g_warning ("Cannot unlink %s: %m", path_tmp);
- }
- goto out;
- }
- if (!_write_to_fd (fd, str_to_add, strlen (str_to_add))) {
- g_warning ("Cannot write to temporary authorizations file %s: %m", path_tmp);
- close (fd);
- if (unlink (path_tmp) != 0) {
- g_warning ("Cannot unlink %s: %m", path_tmp);
- }
- goto out;
- }
- close (fd);
-
- if (path != NULL) {
- if (rename (path_tmp, path) != 0) {
- g_warning ("Cannot rename %s to %s: %m", path_tmp, path);
- if (unlink (path_tmp) != 0) {
- g_warning ("Cannot unlink %s: %m", path_tmp);
- }
- goto out;
- }
- }
-
- /* trigger a reload */
- if (utimes (PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload", NULL) != 0) {
- g_warning ("Error updating access+modification time on file '%s': %m\n",
- PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload");
- }
-
- ret = TRUE;
-
-out:
- if (contents != NULL)
- g_free (contents);
- if (path != NULL)
- g_free (path);
- if (path_tmp != NULL)
- g_free (path_tmp);
- return ret;
-}
-
-
-/**
- * polkit_authorization_db_add_entry_process_one_shot:
- * @authdb: the authorization database
- * @action: the action
- * @caller: the caller
- * @user_authenticated_as: the user that was authenticated
- *
- * Write an entry to the authorization database to indicate that the
- * given caller is authorized for the given action a single time.
- *
- * Note that this function should only be used by
- * <literal>libpolkit-grant</literal> or other sufficiently privileged
- * processes that deals with managing authorizations. It should never
- * be used by mechanisms or applications. The caller must have
- * egid=polkituser and umask set so creating files with mode 0460 will
- * work.
- *
- * This function is in <literal>libpolkit-grant</literal>.
- *
- * Returns: #TRUE if an entry was written to the authorization
- * database, #FALSE if the caller of this function is not sufficiently
- * privileged.
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_authorization_db_add_entry_process_one_shot (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitCaller *caller,
- uid_t user_authenticated_as)
-{
- char *action_id;
- uid_t caller_uid;
- pid_t caller_pid;
- char *grant_line;
- polkit_bool_t ret;
- polkit_uint64_t pid_start_time;
- struct timeval now;
- PolKitAuthorizationConstraint *constraint;
- char cbuf[256];
-
- g_return_val_if_fail (authdb != NULL, FALSE);
- g_return_val_if_fail (action != NULL, FALSE);
- g_return_val_if_fail (caller != NULL, FALSE);
-
- if (!polkit_action_get_action_id (action, &action_id))
- return FALSE;
-
- if (!polkit_caller_get_pid (caller, &caller_pid))
- return FALSE;
-
- if (!polkit_caller_get_uid (caller, &caller_uid))
- return FALSE;
-
- pid_start_time = polkit_sysdeps_get_start_time_for_pid (caller_pid);
- if (pid_start_time == 0)
- return FALSE;
-
- if (gettimeofday (&now, NULL) != 0) {
- g_warning ("Error calling gettimeofday: %m");
- return FALSE;
- }
-
- constraint = polkit_authorization_constraint_get_from_caller (caller);
- if (polkit_authorization_constraint_to_string (constraint, cbuf, sizeof (cbuf)) >= sizeof (cbuf)) {
- g_warning ("buffer for auth constraint is too small");
- return FALSE;
- }
-
- grant_line = g_strdup_printf ("process-one-shot:%d:%Lu:%s:%Lu:%d:%s\n",
- caller_pid,
- pid_start_time,
- action_id,
- (polkit_uint64_t) now.tv_sec,
- user_authenticated_as,
- cbuf);
-
- ret = _polkit_authorization_db_auth_file_add (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit",
- TRUE,
- caller_uid,
- grant_line);
- g_free (grant_line);
- return ret;
-}
-
-/**
- * polkit_authorization_db_add_entry_process:
- * @authdb: the authorization database
- * @action: the action
- * @caller: the caller
- * @user_authenticated_as: the user that was authenticated
- *
- * Write an entry to the authorization database to indicate that the
- * given caller is authorized for the given action.
- *
- * Note that this function should only be used by
- * <literal>libpolkit-grant</literal> or other sufficiently privileged
- * processes that deals with managing authorizations. It should never
- * be used by mechanisms or applications. The caller must have
- * egid=polkituser and umask set so creating files with mode 0460 will
- * work.
- *
- * This function is in <literal>libpolkit-grant</literal>.
- *
- * Returns: #TRUE if an entry was written to the authorization
- * database, #FALSE if the caller of this function is not sufficiently
- * privileged.
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_authorization_db_add_entry_process (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitCaller *caller,
- uid_t user_authenticated_as)
-{
- char *action_id;
- uid_t caller_uid;
- pid_t caller_pid;
- char *grant_line;
- polkit_bool_t ret;
- polkit_uint64_t pid_start_time;
- struct timeval now;
- PolKitAuthorizationConstraint *constraint;
- char cbuf[256];
-
- g_return_val_if_fail (authdb != NULL, FALSE);
- g_return_val_if_fail (action != NULL, FALSE);
- g_return_val_if_fail (caller != NULL, FALSE);
-
- if (!polkit_action_get_action_id (action, &action_id))
- return FALSE;
-
- if (!polkit_caller_get_pid (caller, &caller_pid))
- return FALSE;
-
- if (!polkit_caller_get_uid (caller, &caller_uid))
- return FALSE;
-
- pid_start_time = polkit_sysdeps_get_start_time_for_pid (caller_pid);
- if (pid_start_time == 0)
- return FALSE;
-
- if (gettimeofday (&now, NULL) != 0) {
- g_warning ("Error calling gettimeofday: %m");
- return FALSE;
- }
-
- constraint = polkit_authorization_constraint_get_from_caller (caller);
- if (polkit_authorization_constraint_to_string (constraint, cbuf, sizeof (cbuf)) >= sizeof (cbuf)) {
- g_warning ("buffer for auth constraint is too small");
- return FALSE;
- }
-
- grant_line = g_strdup_printf ("process:%d:%Lu:%s:%Lu:%d:%s\n",
- caller_pid,
- pid_start_time,
- action_id,
- (polkit_uint64_t) now.tv_sec,
- user_authenticated_as,
- cbuf);
-
- ret = _polkit_authorization_db_auth_file_add (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit",
- TRUE,
- caller_uid,
- grant_line);
- g_free (grant_line);
- return ret;
-}
-
-/**
- * polkit_authorization_db_add_entry_session:
- * @authdb: the authorization database
- * @action: the action
- * @caller: the caller
- * @user_authenticated_as: the user that was authenticated
- *
- * Write an entry to the authorization database to indicate that the
- * session for the given caller is authorized for the given action for
- * the remainer of the session.
- *
- * Note that this function should only be used by
- * <literal>libpolkit-grant</literal> or other sufficiently privileged
- * processes that deals with managing authorizations. It should never
- * be used by mechanisms or applications. The caller must have
- * egid=polkituser and umask set so creating files with mode 0460 will
- * work.
- *
- * This function is in <literal>libpolkit-grant</literal>.
- *
- * Returns: #TRUE if an entry was written to the authorization
- * database, #FALSE if the caller of this function is not sufficiently
- * privileged.
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_authorization_db_add_entry_session (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitCaller *caller,
- uid_t user_authenticated_as)
-{
- uid_t session_uid;
- char *action_id;
- char *grant_line;
- PolKitSession *session;
- char *session_objpath;
- polkit_bool_t ret;
- struct timeval now;
- PolKitAuthorizationConstraint *constraint;
- char cbuf[256];
-
- g_return_val_if_fail (authdb != NULL, FALSE);
- g_return_val_if_fail (action != NULL, FALSE);
- g_return_val_if_fail (caller != NULL, FALSE);
-
- if (!polkit_action_get_action_id (action, &action_id))
- return FALSE;
-
- if (!polkit_caller_get_ck_session (caller, &session))
- return FALSE;
-
- if (!polkit_session_get_ck_objref (session, &session_objpath))
- return FALSE;
-
- if (!polkit_session_get_uid (session, &session_uid))
- return FALSE;
-
- constraint = polkit_authorization_constraint_get_from_caller (caller);
- if (polkit_authorization_constraint_to_string (constraint, cbuf, sizeof (cbuf)) >= sizeof (cbuf)) {
- g_warning ("buffer for auth constraint is too small");
- return FALSE;
- }
-
- if (gettimeofday (&now, NULL) != 0) {
- g_warning ("Error calling gettimeofday: %m");
- return FALSE;
- }
-
- grant_line = g_strdup_printf ("session:%s:%s:%Lu:%d:%s\n",
- session_objpath,
- action_id,
- (polkit_uint64_t) now.tv_sec,
- user_authenticated_as,
- cbuf);
-
- ret = _polkit_authorization_db_auth_file_add (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit",
- TRUE,
- session_uid,
- grant_line);
- g_free (grant_line);
- return ret;
-}
-
-/**
- * polkit_authorization_db_add_entry_always:
- * @authdb: the authorization database
- * @action: the action
- * @caller: the caller
- * @user_authenticated_as: the user that was authenticated
- *
- * Write an entry to the authorization database to indicate that the
- * given user is authorized for the given action.
- *
- * Note that this function should only be used by
- * <literal>libpolkit-grant</literal> or other sufficiently privileged
- * processes that deals with managing authorizations. It should never
- * be used by mechanisms or applications. The caller must have
- * egid=polkituser and umask set so creating files with mode 0460 will
- * work.
- *
- * This function is in <literal>libpolkit-grant</literal>.
- *
- * Returns: #TRUE if an entry was written to the authorization
- * database, #FALSE if the caller of this function is not sufficiently
- * privileged.
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_authorization_db_add_entry_always (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitCaller *caller,
- uid_t user_authenticated_as)
-{
- uid_t uid;
- char *action_id;
- char *grant_line;
- polkit_bool_t ret;
- struct timeval now;
- PolKitAuthorizationConstraint *constraint;
- char cbuf[256];
-
- g_return_val_if_fail (authdb != NULL, FALSE);
- g_return_val_if_fail (action != NULL, FALSE);
- g_return_val_if_fail (caller != NULL, FALSE);
-
- if (!polkit_caller_get_uid (caller, &uid))
- return FALSE;
-
- if (!polkit_action_get_action_id (action, &action_id))
- return FALSE;
-
- if (gettimeofday (&now, NULL) != 0) {
- g_warning ("Error calling gettimeofday: %m");
- return FALSE;
- }
-
- constraint = polkit_authorization_constraint_get_from_caller (caller);
- if (polkit_authorization_constraint_to_string (constraint, cbuf, sizeof (cbuf)) >= sizeof (cbuf)) {
- g_warning ("buffer for auth constraint is too small");
- return FALSE;
- }
-
- grant_line = g_strdup_printf ("always:%s:%Lu:%d:%s\n",
- action_id,
- (polkit_uint64_t) now.tv_sec,
- user_authenticated_as,
- cbuf);
-
- ret = _polkit_authorization_db_auth_file_add (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit",
- FALSE,
- uid,
- grant_line);
- g_free (grant_line);
- return ret;
-}
-
-
-typedef struct {
- char *action_id;
- PolKitAuthorizationConstraint *constraint;
-} CheckDataGrant;
-
-static polkit_bool_t
-_check_auth_for_grant (PolKitAuthorizationDB *authdb, PolKitAuthorization *auth, void *user_data)
-{
- uid_t pimp;
- polkit_bool_t ret;
- CheckDataGrant *cd = (CheckDataGrant *) user_data;
-
- ret = FALSE;
-
- if (strcmp (polkit_authorization_get_action_id (auth), cd->action_id) != 0)
- goto no_match;
-
- if (!polkit_authorization_was_granted_explicitly (auth, &pimp))
- goto no_match;
-
- if (!polkit_authorization_constraint_equal (polkit_authorization_get_constraint (auth), cd->constraint))
- goto no_match;
-
- ret = TRUE;
-
-no_match:
- return ret;
-}
-
-/**
- * polkit_authorization_db_grant_to_uid:
- * @authdb: authorization database
- * @action: action
- * @uid: uid to grant to
- * @constraint: what constraint to put on the authorization
- * @error: return location for error
- *
- * Grants an authorization to a user for a specific action. This
- * requires the org.freedesktop.policykit.grant authorization.
- *
- * This function is in <literal>libpolkit-grant</literal>.
- *
- * Returns: #TRUE if the authorization was granted, #FALSE otherwise
- * and error will be set
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_authorization_db_grant_to_uid (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- uid_t uid,
- PolKitAuthorizationConstraint *constraint,
- PolKitError **error)
-{
- GError *g_error;
- char *helper_argv[6] = {PACKAGE_LIBEXEC_DIR "/polkit-explicit-grant-helper", NULL, NULL, NULL, NULL, NULL};
- gboolean ret;
- gint exit_status;
- char cbuf[256];
- CheckDataGrant cd;
-
- ret = FALSE;
-
- g_return_val_if_fail (authdb != NULL, FALSE);
- g_return_val_if_fail (action != NULL, FALSE);
- g_return_val_if_fail (constraint != NULL, FALSE);
-
- if (!polkit_action_get_action_id (action, &(cd.action_id))) {
- polkit_error_set_error (error,
- POLKIT_ERROR_GENERAL_ERROR,
- "Given action does not have action_id set");
- goto out;
- }
-
- if (polkit_authorization_constraint_to_string (constraint, cbuf, sizeof (cbuf)) >= sizeof (cbuf)) {
- g_warning ("buffer for auth constraint is too small");
- polkit_error_set_error (error,
- POLKIT_ERROR_GENERAL_ERROR,
- "buffer for auth constraint is too small");
- goto out;
- }
-
- /* check if we have the auth already */
- cd.constraint = constraint;
- if (!polkit_authorization_db_foreach_for_uid (authdb,
- uid,
- _check_auth_for_grant,
- &cd,
- error)) {
- /* happens if caller can't read auths of target user */
- if (error != NULL && polkit_error_is_set (*error)) {
- goto out;
- }
- } else {
- /* so it did exist.. */
- polkit_error_set_error (error,
- POLKIT_ERROR_AUTHORIZATION_ALREADY_EXISTS,
- "An authorization for uid %d for the action %s with constraint '%s' already exists",
- uid, cd.action_id, cbuf);
- goto out;
- }
-
-
- helper_argv[1] = cd.action_id;
- helper_argv[2] = cbuf;
- helper_argv[3] = "uid";
- helper_argv[4] = g_strdup_printf ("%d", uid);
- helper_argv[5] = NULL;
-
- g_error = NULL;
- if (!g_spawn_sync (NULL, /* const gchar *working_directory */
- helper_argv, /* gchar **argv */
- NULL, /* gchar **envp */
- 0, /* GSpawnFlags flags */
- NULL, /* GSpawnChildSetupFunc child_setup */
- NULL, /* gpointer user_data */
- NULL, /* gchar **standard_output */
- NULL, /* gchar **standard_error */
- &exit_status, /* gint *exit_status */
- &g_error)) { /* GError **error */
- polkit_error_set_error (error,
- POLKIT_ERROR_GENERAL_ERROR,
- "Error spawning explicit grant helper: %s",
- g_error->message);
- g_error_free (g_error);
- goto out;
- }
-
- if (!WIFEXITED (exit_status)) {
- g_warning ("Explicit grant helper crashed!");
- polkit_error_set_error (error,
- POLKIT_ERROR_GENERAL_ERROR,
- "Explicit grant helper crashed!");
- goto out;
- } else if (WEXITSTATUS(exit_status) != 0) {
- polkit_error_set_error (error,
- POLKIT_ERROR_NOT_AUTHORIZED_TO_GRANT_AUTHORIZATION,
- "uid %d is not authorized to grant authorization for action %s to uid %d (requires org.freedesktop.policykit.grant)",
- getuid (), cd.action_id, uid);
- } else {
- ret = TRUE;
- }
-
-out:
- g_free (helper_argv[4]);
- return ret;
-
-}
diff --git a/polkit-grant/polkit-explicit-grant-helper.c b/polkit-grant/polkit-explicit-grant-helper.c
deleted file mode 100644
index 3f5d2ef..0000000
--- a/polkit-grant/polkit-explicit-grant-helper.c
+++ /dev/null
@@ -1,268 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-explicit-grant-helper.c : setgid polkituser explicit grant
- * helper for PolicyKit
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#define _GNU_SOURCE
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/time.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <security/pam_appl.h>
-#include <grp.h>
-#include <pwd.h>
-#include <syslog.h>
-#include <errno.h>
-#include <string.h>
-#include <utime.h>
-#include <fcntl.h>
-
-#include <polkit-dbus/polkit-dbus.h>
-#include <polkit/polkit-private.h>
-
-static polkit_bool_t
-check_pid_for_authorization (pid_t caller_pid, const char *action_id)
-{
- polkit_bool_t ret;
- DBusError error;
- DBusConnection *bus;
- PolKitCaller *caller;
- PolKitAction *action;
- PolKitContext *context;
- PolKitError *pk_error;
- PolKitResult pk_result;
-
- ret = FALSE;
-
- dbus_error_init (&error);
- bus = dbus_bus_get (DBUS_BUS_SYSTEM, &error);
- if (bus == NULL) {
- fprintf (stderr, "polkit-explicit-grant-helper: cannot connect to system bus: %s: %s\n",
- error.name, error.message);
- dbus_error_free (&error);
- goto out;
- }
-
- caller = polkit_caller_new_from_pid (bus, caller_pid, &error);
- if (caller == NULL) {
- fprintf (stderr, "polkit-explicit-grant-helper: cannot get caller from pid: %s: %s\n",
- error.name, error.message);
- goto out;
- }
-
- action = polkit_action_new ();
- if (action == NULL) {
- fprintf (stderr, "polkit-explicit-grant-helper: cannot allocate PolKitAction\n");
- goto out;
- }
- if (!polkit_action_set_action_id (action, action_id)) {
- fprintf (stderr, "polkit-explicit-grant-helper: cannot set action_id\n");
- goto out;
- }
-
- context = polkit_context_new ();
- if (context == NULL) {
- fprintf (stderr, "polkit-explicit-grant-helper: cannot allocate PolKitContext\n");
- goto out;
- }
-
- pk_error = NULL;
- if (!polkit_context_init (context, &pk_error)) {
- fprintf (stderr, "polkit-explicit-grant-helper: cannot initialize polkit context: %s: %s\n",
- polkit_error_get_error_name (pk_error),
- polkit_error_get_error_message (pk_error));
- polkit_error_free (pk_error);
- goto out;
- }
-
- pk_result = polkit_context_is_caller_authorized (context, action, caller, FALSE, &pk_error);
- if (polkit_error_is_set (pk_error)) {
- fprintf (stderr, "polkit-explicit-grant-helper: cannot determine if caller is authorized: %s: %s\n",
- polkit_error_get_error_name (pk_error),
- polkit_error_get_error_message (pk_error));
- polkit_error_free (pk_error);
- goto out;
- }
-
- if (pk_result != POLKIT_RESULT_YES) {
- //fprintf (stderr,
- // "polkit-explicit-grant-helper: uid %d (pid %d) does not have the "
- // "org.freedesktop.policykit.read-other-authorizations authorization\n",
- // caller_uid, caller_pid);
- goto out;
- }
-
- ret = TRUE;
-out:
-
- return ret;
-}
-
-int
-main (int argc, char *argv[])
-{
- int ret;
- gid_t egid;
- struct group *group;
- uid_t invoking_uid;
- char *action_id;
- char *endp;
- char grant_line[512];
- struct timeval now;
-
- ret = 1;
-
- /* clear the entire environment to avoid attacks using with libraries honoring environment variables */
- if (clearenv () != 0)
- goto out;
- /* set a minimal environment */
- setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
-
- openlog ("polkit-explicit-grant-helper", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
-
- /* check for correct invocation */
- if (argc != 5) {
- syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
- fprintf (stderr, "polkit-explicit-grant-helper: wrong number of arguments. This incident has been logged.\n");
- goto out;
- }
-
- /* check we're running with a non-tty stdin */
- if (isatty (STDIN_FILENO) != 0) {
- syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ());
- fprintf (stderr, "polkit-explicit-grant-helper: inappropriate use of helper, stdin is a tty. This incident has been logged.\n");
- goto out;
- }
-
- invoking_uid = getuid ();
-
- /* check that we are setgid polkituser */
- egid = getegid ();
- group = getgrgid (egid);
- if (group == NULL) {
- fprintf (stderr, "polkit-explicit-grant-helper: cannot lookup group info for gid %d\n", egid);
- goto out;
- }
- if (strcmp (group->gr_name, POLKIT_GROUP) != 0) {
- fprintf (stderr, "polkit-explicit-grant-helper: needs to be setgid " POLKIT_GROUP "\n");
- goto out;
- }
-
- /*----------------------------------------------------------------------------------------------------*/
-
- /* check and validate incoming parameters */
-
- /* first one is action_id */
- action_id = argv[1];
- if (!polkit_action_validate_id (action_id)) {
- syslog (LOG_NOTICE, "action_id is malformed [uid=%d]", getuid ());
- fprintf (stderr, "polkit-explicit-grant-helper: action_id is malformed. This incident has been logged.\n");
- goto out;
- }
-
- char *authc_str;
- PolKitAuthorizationConstraint *authc;
-
- /* second is the auth constraint */
- authc_str = argv[2];
- authc = polkit_authorization_constraint_from_string (authc_str);
- if (authc == NULL) {
- syslog (LOG_NOTICE, "auth constraint is malformed [uid=%d]", getuid ());
- fprintf (stderr, "polkit-explicit-grant-helper: auth constraint is malformed. This incident has been logged.\n");
- goto out;
- }
-
-#define TARGET_UID 0
- int target;
- uid_t target_uid = -1;
-
- /* (third, fourth) is one of: ("uid", uid) */
- if (strcmp (argv[3], "uid") == 0) {
-
- target = TARGET_UID;
- target_uid = strtol (argv[4], &endp, 10);
- if (*endp != '\0') {
- syslog (LOG_NOTICE, "target uid is malformed [uid=%d]", getuid ());
- fprintf (stderr, "polkit-explicit-grant-helper: target uid is malformed. This incident has been logged.\n");
- goto out;
- }
- } else {
- syslog (LOG_NOTICE, "target type is malformed [uid=%d]", getuid ());
- fprintf (stderr, "polkit-explicit-grant-helper: target type is malformed. This incident has been logged.\n");
- goto out;
- }
-
-
- //fprintf (stderr, "action_id=%s constraint=%s uid=%d\n", action_id, authc_str, target_uid);
-
- /* OK, we're done parsing ... check if the user is authorized */
-
- if (invoking_uid != 0) {
- /* see if calling user is authorized for
- *
- * org.freedesktop.policykit.grant
- */
- if (!check_pid_for_authorization (getppid (), "org.freedesktop.policykit.grant")) {
- goto out;
- }
- }
-
- /* he is.. proceed to add the grant */
-
- umask (002);
-
- if (gettimeofday (&now, NULL) != 0) {
- fprintf (stderr, "polkit-explicit-grant-helper: error calling gettimeofday: %m");
- return FALSE;
- }
-
- if (snprintf (grant_line,
- sizeof (grant_line),
- "grant:%s:%Lu:%d:%s\n",
- action_id,
- (polkit_uint64_t) now.tv_sec,
- invoking_uid,
- authc_str) >= (int) sizeof (grant_line)) {
- fprintf (stderr, "polkit-explicit-grant-helper: str to add is too long!\n");
- goto out;
- }
-
- if (_polkit_authorization_db_auth_file_add (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit",
- FALSE,
- target_uid,
- grant_line)) {
- ret = 0;
- }
-
-out:
-
- return ret;
-}
-
diff --git a/polkit-grant/polkit-grant-helper-pam.c b/polkit-grant/polkit-grant-helper-pam.c
deleted file mode 100644
index 7c9c35a..0000000
--- a/polkit-grant/polkit-grant-helper-pam.c
+++ /dev/null
@@ -1,232 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-grant-helper-pam.c : setuid root pam grant helper for PolicyKit
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-/* TODO: FIXME: XXX: this code needs security review before it can be released! */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <syslog.h>
-#include <security/pam_appl.h>
-
-/* Development aid: define PGH_DEBUG to get debugging output. Do _NOT_
- * enable this in production builds; it may leak passwords and other
- * sensitive information.
- */
-#undef PGH_DEBUG
-/* #define PGH_DEBUG */
-
-static int conversation_function (int n, const struct pam_message **msg, struct pam_response **resp, void *data);
-
-int
-main (int argc, char *argv[])
-{
- int rc;
- char user_to_auth[256];
- struct pam_conv pam_conversation;
- pam_handle_t *pam_h;
- const void *authed_user;
-
- rc = 0;
- pam_h = NULL;
-
- /* clear the entire environment to avoid attacks using with libraries honoring environment variables */
- if (clearenv () != 0)
- goto error;
- /* set a minimal environment */
- setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
-
- /* check that we are setuid root */
- if (geteuid () != 0) {
- fprintf (stderr, "polkit-grant-helper-pam: needs to be setuid root\n");
- goto error;
- }
-
- openlog ("polkit-grant-helper-pam", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
-
- /* check for correct invocation */
- if (argc != 1) {
- syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
- fprintf (stderr, "polkit-grant-helper-pam: wrong number of arguments. This incident has been logged.\n");
- goto error;
- }
-
- if (getuid () != 0) {
- /* check we're running with a non-tty stdin */
- if (isatty (STDIN_FILENO) != 0) {
- syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ());
- fprintf (stderr, "polkit-grant-helper-pam: inappropriate use of helper, stdin is a tty. This incident has been logged.\n");
- goto error;
- }
- }
-
- /* get user to auth */
- if (fgets (user_to_auth, sizeof user_to_auth, stdin) == NULL)
- goto error;
- if (strlen (user_to_auth) > 0 && user_to_auth[strlen (user_to_auth) - 1] == '\n')
- user_to_auth[strlen (user_to_auth) - 1] = '\0';
-
-#ifdef PGH_DEBUG
- fprintf (stderr, "polkit-grant-helper-pam: user to auth is '%s'.\n", user_to_auth);
-#endif /* PGH_DEBUG */
-
- pam_conversation.conv = conversation_function;
- pam_conversation.appdata_ptr = NULL;
-
- /* start the pam stack */
- rc = pam_start ("polkit",
- user_to_auth,
- &pam_conversation,
- &pam_h);
- if (rc != PAM_SUCCESS) {
- fprintf (stderr, "polkit-grant-helper-pam: pam_start failed: %s\n", pam_strerror (pam_h, rc));
- goto error;
- }
-
- /* set the requesting user */
- rc = pam_set_item (pam_h, PAM_RUSER, user_to_auth);
- if (rc != PAM_SUCCESS) {
- fprintf (stderr, "polkit-grant-helper-pam: pam_set_item failed: %s\n", pam_strerror (pam_h, rc));
- goto error;
- }
-
- /* is user really user? */
- rc = pam_authenticate (pam_h, 0);
- if (rc != PAM_SUCCESS) {
- fprintf (stderr, "polkit-grant-helper-pam: pam_authenticated failed: %s\n", pam_strerror (pam_h, rc));
- goto error;
- }
-
- /* permitted access? */
- rc = pam_acct_mgmt (pam_h, 0);
- if (rc != PAM_SUCCESS) {
- fprintf (stderr, "polkit-grant-helper-pam: pam_acct_mgmt failed: %s\n", pam_strerror (pam_h, rc));
- goto error;
- }
-
- /* did we auth the right user? */
- rc = pam_get_item (pam_h, PAM_USER, &authed_user);
- if (rc != PAM_SUCCESS) {
- fprintf (stderr, "polkit-grant-helper-pam: pam_get_item failed: %s\n", pam_strerror (pam_h, rc));
- goto error;
- }
-
- if (strcmp (authed_user, user_to_auth) != 0) {
- fprintf (stderr, "polkit-grant-helper-pam: Tried to auth user '%s' but we got auth for user '%s' instead",
- user_to_auth, (const char *) authed_user);
- goto error;
- }
-
-#ifdef PGH_DEBUG
- fprintf (stderr, "polkit-grant-helper-pam: successfully authenticated user '%s'.\n", user_to_auth);
-#endif /* PGH_DEBUG */
-
- fprintf (stdout, "SUCCESS\n");
- fflush (stdout);
-
- pam_end (pam_h, rc);
- return 0;
-error:
- if (pam_h != NULL)
- pam_end (pam_h, rc);
-
- fprintf (stdout, "FAILURE\n");
- fflush (stdout);
- return 1;
-}
-
-static int
-conversation_function (int n, const struct pam_message **msg, struct pam_response **resp, void *data)
-{
- struct pam_response *aresp;
- char buf[PAM_MAX_RESP_SIZE];
- int i;
-
- data = data;
- if (n <= 0 || n > PAM_MAX_NUM_MSG)
- return PAM_CONV_ERR;
-
- if ((aresp = calloc(n, sizeof *aresp)) == NULL)
- return PAM_BUF_ERR;
-
- for (i = 0; i < n; ++i) {
- aresp[i].resp_retcode = 0;
- aresp[i].resp = NULL;
- switch (msg[i]->msg_style) {
- case PAM_PROMPT_ECHO_OFF:
- fprintf (stdout, "PAM_PROMPT_ECHO_OFF ");
- goto conv1;
- case PAM_PROMPT_ECHO_ON:
- fprintf (stdout, "PAM_PROMPT_ECHO_ON ");
- conv1:
- fputs (msg[i]->msg, stdout);
- if (strlen (msg[i]->msg) > 0 &&
- msg[i]->msg[strlen (msg[i]->msg) - 1] != '\n')
- fputc ('\n', stdout);
- fflush (stdout);
-
- if (fgets (buf, sizeof buf, stdin) == NULL)
- goto error;
- if (strlen (buf) > 0 &&
- buf[strlen (buf) - 1] == '\n')
- buf[strlen (buf) - 1] = '\0';
-
- aresp[i].resp = strdup (buf);
- if (aresp[i].resp == NULL)
- goto error;
- break;
-
- case PAM_ERROR_MSG:
- fprintf (stdout, "PAM_ERROR_MSG ");
- goto conv2;
-
- case PAM_TEXT_INFO:
- fprintf (stdout, "PAM_TEXT_INFO ");
- conv2:
- fputs (msg[i]->msg, stdout);
- if (strlen (msg[i]->msg) > 0 &&
- msg[i]->msg[strlen (msg[i]->msg) - 1] != '\n')
- fputc ('\n', stdout);
- fflush (stdout);
- break;
- default:
- goto error;
- }
- }
- *resp = aresp;
- return PAM_SUCCESS;
-
-error:
- for (i = 0; i < n; ++i) {
- if (aresp[i].resp != NULL) {
- memset (aresp[i].resp, 0, strlen(aresp[i].resp));
- free (aresp[i].resp);
- }
- }
- memset (aresp, 0, n * sizeof *aresp);
- *resp = NULL;
- return PAM_CONV_ERR;
-}
diff --git a/polkit-grant/polkit-grant-helper.c b/polkit-grant/polkit-grant-helper.c
deleted file mode 100644
index d1694b1..0000000
--- a/polkit-grant/polkit-grant-helper.c
+++ /dev/null
@@ -1,842 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-grant-helper.c : setgid polkituser grant helper for PolicyKit
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-/* TODO: FIXME: XXX: this code needs security review before it can be released! */
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <security/pam_appl.h>
-#include <grp.h>
-#include <pwd.h>
-#include <syslog.h>
-#include <errno.h>
-#include <string.h>
-#include <utime.h>
-
-#include <glib.h>
-
-#include <polkit-dbus/polkit-dbus.h>
-// #include <polkit/polkit-grant-database.h>
-
-/* Development aid: define PGH_DEBUG to get debugging output. Do _NOT_
- * enable this in production builds; it may leak passwords and other
- * sensitive information.
- */
-#undef PGH_DEBUG
-/* #define PGH_DEBUG */
-#define PGH_DEBUG
-
-/* synopsis: polkit-grant-helper <pid> <action-name>
- *
- * <pid> : process id of caller to grant privilege to
- * <action-name> : the PolicyKit action
- *
- * Error/debug messages goes to stderr. Interaction with the program
- * launching this helper happens via stdin/stdout. A rough high-level
- * interaction diagram looks like this (120 character width):
- *
- * Program using
- * libpolkit-grant polkit-grant-helper polkit-grant-helper-pam
- * ------------- ------------------- -----------------------
- *
- * Spawn polkit-grant-helper
- * with args <pid>, <action-name> -->
- *
- * Create PolKitCaller object
- * from <pid>. Involves querying
- * ConsoleKit over the system
- * message-bus. Verify that
- * the caller qualifies for
- * for authentication to gain
- * the right to do the Action.
- *
- * <-- Tell libpolkit-grant about grant details, e.g.
- * {self,admin}_{,keep_session,keep_always} +
- * what users can authenticate using stdout
- *
- * Receive grant details on stdin.
- * Caller prepares UI dialog depending
- * on grant details.
- *
- * if admin_users is not empty, wait for
- * user name of admin user to auth on stdin
- *
- * if admin_users is not empty, write
- * user name of admin user to auth on stdout -->
- *
- *
- * verify that given username is
- * in admin_users
- *
- *
- * Spawn polkit-grant-helper-pam
- * with no args -->
- *
- * Write username to auth as
- * on stdout -->
- *
- * Receive username on stdin.
- * Start the PAM stack
- * auth_in_progess:
- * Write a PAM request on stdout, one off
- * - PAM_PROMPT_ECHO_OFF
- * - PAM_PROMPT_ECHO_ON
- * - PAM_ERROR_MSG
- * - PAM_TEXT_INFO
- *
- * Receive PAM request on stdin.
- * Send it to libpolkit-grant on stdout
- *
- * Receive PAM request on stdin.
- * Program deals with it.
- * Write reply on stdout
- *
- * Receive PAM reply on stdin
- * Send PAM reply on stdout
- *
- * Deal with PAM reply on stdin.
- * Now either
- * - GOTO auth_in_progress; or
- * - Write SUCCESS|FAILURE on stdout and then
- * die
- *
- * Receive either SUCCESS or
- * FAILURE on stdin. If FAILURE
- * is received, then die with exit
- * code 1. If SUCCESS, leave a cookie
- * in /var/{lib,run}/PolicyKit indicating
- * the grant was successful and die with
- * exit code 0
- *
- *
- * If auth fails, we exit with code 1.
- * If input is not valid we exit with code 2.
- * If any other error occur we exit with code 3
- * If privilege was granted, we exit code 0.
- */
-
-
-/**
- * do_auth:
- *
- * the authentication itself is done via a setuid root helper; this is
- * to make the code running as uid 0 easier to audit.
- *
- */
-static polkit_bool_t
-do_auth (const char *user_to_auth)
-{
- int helper_pid;
- int helper_stdin;
- int helper_stdout;
- GError *g_error;
- char *helper_argv[2] = {PACKAGE_LIBEXEC_DIR "/polkit-grant-helper-pam", NULL};
- char buf[256];
- FILE *child_stdin;
- FILE *child_stdout;
- gboolean ret;
-
- child_stdin = NULL;
- child_stdout = NULL;
- ret = FALSE;
-
- g_error = NULL;
- if (!g_spawn_async_with_pipes (NULL,
- (char **) helper_argv,
- NULL,
- 0,
- NULL,
- NULL,
- &helper_pid,
- &helper_stdin,
- &helper_stdout,
- NULL,
- &g_error)) {
- fprintf (stderr, "polkit-grant-helper: cannot spawn helper: %s\n", g_error->message);
- g_error_free (g_error);
- g_free (helper_argv[1]);
- goto out;
- }
-
- child_stdin = fdopen (helper_stdin, "w");
- if (child_stdin == NULL) {
- fprintf (stderr, "polkit-grant-helper: fdopen (helper_stdin) failed: %s\n", strerror (errno));
- goto out;
- }
- child_stdout = fdopen (helper_stdout, "r");
- if (child_stdout == NULL) {
- fprintf (stderr, "polkit-grant-helper: fdopen (helper_stdout) failed: %s\n", strerror (errno));
- goto out;
- }
-
- /* First, tell the pam helper what user we wish to auth */
- fprintf (child_stdin, "%s\n", user_to_auth);
- fflush (child_stdin);
-
- /* now act as middle man between our parent and our child */
-
- while (TRUE) {
- /* read from child */
- if (fgets (buf, sizeof buf, child_stdout) == NULL)
- goto out;
-#ifdef PGH_DEBUG
- fprintf (stderr, "received: '%s' from child; sending to parent\n", buf);
-#endif /* PGH_DEBUG */
- /* see if we're done? */
- if (strcmp (buf, "SUCCESS\n") == 0) {
- ret = TRUE;
- goto out;
- }
- if (strcmp (buf, "FAILURE\n") == 0) {
- goto out;
- }
- /* send to parent */
- fprintf (stdout, buf);
- fflush (stdout);
-
- /* read from parent */
- if (fgets (buf, sizeof buf, stdin) == NULL)
- goto out;
-
-#ifdef PGH_DEBUG
- fprintf (stderr, "received: '%s' from parent; sending to child\n", buf);
-#endif /* PGH_DEBUG */
- /* send to child */
- fprintf (child_stdin, buf);
- fflush (child_stdin);
- }
-
-out:
- if (child_stdin != NULL)
- fclose (child_stdin);
- if (child_stdout != NULL)
- fclose (child_stdout);
- return ret;
-}
-
-/**
- * verify_with_polkit:
- * @caller: the caller
- * @action: the action
- * @out_result: return location for result AKA how the user can auth
- * @out_admin_users: return location for a NULL-terminated array of
- * strings that can be user to auth as admin. Is set to NULL if the
- * super user (e.g. uid 0) should be user to auth as admin.
- *
- * Verify that the given caller can authenticate to gain a privilege
- * to do the given action. If the authentication requires
- * administrator privileges, also return a list of users that can be
- * used to do this cf. the <define_admin_auth/> element in the
- * configuration file; see the PolicyKit.conf(5) manual page for
- * details.
- *
- * Returns: #TRUE if, and only if, the given caller can authenticate to
- * gain a privilege to do the given action.
- */
-static polkit_bool_t
-verify_with_polkit (PolKitContext *pol_ctx,
- PolKitCaller *caller,
- PolKitAction *action,
- PolKitResult *out_result,
- char ***out_admin_users)
-{
- PolKitError *pk_error;
-
- pk_error = NULL;
- *out_result = polkit_context_is_caller_authorized (pol_ctx, action, caller, FALSE, &pk_error);
- if (polkit_error_is_set (pk_error)) {
- fprintf (stderr, "polkit-grant-helper: cannot determine if caller is authorized: %s: %s\n",
- polkit_error_get_error_name (pk_error),
- polkit_error_get_error_message (pk_error));
- polkit_error_free (pk_error);
- goto error;
- }
-
- if (*out_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT &&
- *out_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH &&
- *out_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION &&
- *out_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS &&
- *out_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT &&
- *out_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH &&
- *out_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION &&
- *out_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS) {
- fprintf (stderr, "polkit-grant-helper: given auth type (%d -> %s) is bogus\n",
- *out_result, polkit_result_to_string_representation (*out_result));
- goto error;
- }
-
- *out_admin_users = NULL;
-
- /* for admin auth, get a list of users that can be used - this is basically evaluating the
- * <define_admin_auth/> directives in the config file...
- */
- if (*out_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT ||
- *out_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH ||
- *out_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION ||
- *out_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS) {
- PolKitConfig *pk_config;
- PolKitConfigAdminAuthType admin_auth_type;
- const char *admin_auth_data;
-
- pk_config = polkit_context_get_config (pol_ctx, NULL);
- /* if the configuration file is malformed, bail out */
- if (pk_config == NULL)
- goto error;
-
- if (polkit_config_determine_admin_auth_type (pk_config,
- action,
- caller,
- &admin_auth_type,
- &admin_auth_data)) {
-#ifdef PGH_DEBUG
- fprintf (stderr, "polkit-grant-helper: admin_auth_type=%d data='%s'\n", admin_auth_type, admin_auth_data);
-#endif /* PGH_DEBUG */
- switch (admin_auth_type) {
- case POLKIT_CONFIG_ADMIN_AUTH_TYPE_USER:
- if (admin_auth_data != NULL)
- *out_admin_users = g_strsplit (admin_auth_data, "|", 0);
- break;
- case POLKIT_CONFIG_ADMIN_AUTH_TYPE_GROUP:
- if (admin_auth_data != NULL) {
- int n;
- char **groups;
- GSList *i;
- GSList *users;
-
-
- users = NULL;
- groups = g_strsplit (admin_auth_data, "|", 0);
- for (n = 0; groups[n] != NULL; n++) {
- int m;
- struct group *group;
-
- /* This is fine; we're a single-threaded app */
- if ((group = getgrnam (groups[n])) == NULL)
- continue;
-
- for (m = 0; group->gr_mem[m] != NULL; m++) {
- const char *user;
- gboolean found;
-
- user = group->gr_mem[m];
- found = FALSE;
-
-#ifdef PGH_DEBUG
- fprintf (stderr, "polkit-grant-helper: examining member '%s' of group '%s'\n", user, groups[n]);
-#endif /* PGH_DEBUG */
-
- /* skip user 'root' since he is often member of 'wheel' etc. */
- if (strcmp (user, "root") == 0)
- continue;
- /* TODO: we should probably only consider users with an uid
- * in a given "safe" range, e.g. between 500 and 32000 or
- * something like that...
- */
-
- for (i = users; i != NULL; i = g_slist_next (i)) {
- if (strcmp (user, (const char *) i->data) == 0) {
- found = TRUE;
- break;
- }
- }
- if (found)
- continue;
-
-#ifdef PGH_DEBUG
- fprintf (stderr, "polkit-grant-helper: added user '%s'\n", user);
-#endif /* PGH_DEBUG */
-
- users = g_slist_prepend (users, g_strdup (user));
- }
-
- }
- g_strfreev (groups);
-
- users = g_slist_sort (users, (GCompareFunc) strcmp);
-
- *out_admin_users = g_new0 (char *, g_slist_length (users) + 1);
- for (i = users, n = 0; i != NULL; i = g_slist_next (i)) {
- (*out_admin_users)[n++] = i->data;
- }
-
- g_slist_free (users);
- }
- break;
- }
- }
- }
-
-
- /* TODO: we should probably clean up */
-
- return TRUE;
-error:
- return FALSE;
-}
-
-static polkit_bool_t
-get_and_validate_override_details (PolKitResult *result)
-{
- char buf[256];
- char *textual_result;
- PolKitResult desired_result;
-
- if (fgets (buf, sizeof buf, stdin) == NULL)
- goto error;
- if (strlen (buf) > 0 &&
- buf[strlen (buf) - 1] == '\n')
- buf[strlen (buf) - 1] = '\0';
-
- if (strncmp (buf,
- "POLKIT_GRANT_CALLER_PASS_OVERRIDE_GRANT_TYPE ",
- sizeof "POLKIT_GRANT_CALLER_PASS_OVERRIDE_GRANT_TYPE " - 1) != 0) {
- goto error;
- }
- textual_result = buf + sizeof "POLKIT_GRANT_CALLER_PASS_OVERRIDE_GRANT_TYPE " - 1;
-
-#ifdef PGH_DEBUG
- fprintf (stderr, "polkit-grant-helper: caller said '%s'\n", textual_result);
-#endif /* PGH_DEBUG */
-
- if (!polkit_result_from_string_representation (textual_result, &desired_result))
- goto error;
-
-#ifdef PGH_DEBUG
- fprintf (stderr, "polkit-grant-helper: testing for voluntarily downgrade from '%s' to '%s'\n",
- polkit_result_to_string_representation (*result),
- polkit_result_to_string_representation (desired_result));
-#endif /* PGH_DEBUG */
-
- /* See the huge comment in main() below...
- *
- * it comes down to this... users can only choose a more restricted granting type...
- */
- switch (*result) {
- case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT:
- if (desired_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT)
- goto error;
- break;
- case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH:
- if (desired_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT &&
- desired_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH)
- goto error;
- break;
- case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION:
- if (desired_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT &&
- desired_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH &&
- desired_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION)
- goto error;
- break;
- case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS:
- if (desired_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT &&
- desired_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH &&
- desired_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION &&
- desired_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS)
- goto error;
- break;
-
- case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT:
- if (desired_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT)
- goto error;
- break;
- case POLKIT_RESULT_ONLY_VIA_SELF_AUTH:
- if (desired_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT &&
- desired_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH)
- goto error;
- break;
- case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION:
- if (desired_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT &&
- desired_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH &&
- desired_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION)
- goto error;
- break;
- case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS:
- if (desired_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT &&
- desired_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH &&
- desired_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION &&
- desired_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS)
- goto error;
- break;
-
- default:
- /* we should never reach this */
- goto error;
- }
-
-#ifdef PGH_DEBUG
- if (*result != desired_result) {
- fprintf (stderr, "polkit-grant-helper: voluntarily downgrading from '%s' to '%s'\n",
- polkit_result_to_string_representation (*result),
- polkit_result_to_string_representation (desired_result));
- }
-#endif /* PGH_DEBUG */
-
- *result = desired_result;
-
- return TRUE;
-error:
- return FALSE;
-}
-
-int
-main (int argc, char *argv[])
-{
- int ret;
- uid_t invoking_user_id;
- pid_t caller_pid;
- gid_t egid;
- struct group *group;
- char *endp;
- const char *invoking_user_name;
- const char *action_name;
- PolKitResult result;
- const char *user_to_auth;
- uid_t uid_of_user_to_auth;
- char *session_objpath;
- struct passwd *pw;
- polkit_bool_t dbres;
- char **admin_users;
- DBusError error;
- DBusConnection *bus;
- PolKitContext *context;
- PolKitAction *action;
- PolKitCaller *caller;
- uid_t caller_uid;
- PolKitSession *session;
-
- ret = 3;
-
- /* clear the entire environment to avoid attacks using with libraries honoring environment variables */
- if (clearenv () != 0)
- goto out;
- /* set a minimal environment */
- setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
-
- openlog ("polkit-grant-helper", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
-
- /* check for correct invocation */
- if (argc != 3) {
- syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
- fprintf (stderr, "polkit-grant-helper: wrong number of arguments. This incident has been logged.\n");
- goto out;
- }
-
- /* check we're running with a non-tty stdin */
- if (isatty (STDIN_FILENO) != 0) {
- syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ());
- fprintf (stderr, "polkit-grant-helper: inappropriate use of helper, stdin is a tty. This incident has been logged.\n");
- goto out;
- }
-
- /* check user */
- invoking_user_id = getuid ();
- if (invoking_user_id == 0) {
- fprintf (stderr, "polkit-grant-helper: it only makes sense to run polkit-grant-helper as non-root\n");
- goto out;
- }
-
- /* check that we are setgid polkituser */
- egid = getegid ();
- group = getgrgid (egid);
- if (group == NULL) {
- fprintf (stderr, "polkit-grant-helper: cannot lookup group info for gid %d\n", egid);
- goto out;
- }
- if (strcmp (group->gr_name, POLKIT_GROUP) != 0) {
- fprintf (stderr, "polkit-grant-helper: needs to be setgid " POLKIT_GROUP "\n");
- goto out;
- }
-
- pw = getpwuid (invoking_user_id);
- if (pw == NULL) {
- fprintf (stderr, "polkit-grant-helper: cannot lookup passwd info for uid %d\n", invoking_user_id);
- goto out;
- }
- invoking_user_name = strdup (pw->pw_name);
- if (invoking_user_name == NULL) {
- fprintf (stderr, "polkit-grant-helper: OOM allocating memory for invoking user name\n");
- goto out;
- }
-
- caller_pid = strtol (argv[1], &endp, 10);
- if (endp == NULL || endp == argv[1] || *endp != '\0') {
- fprintf (stderr, "polkit-grant-helper: cannot parse pid\n");
- goto out;
- }
- action_name = argv[2];
-
-#ifdef PGH_DEBUG
- fprintf (stderr, "polkit-grant-helper: invoking user = %d ('%s')\n", invoking_user_id, invoking_user_name);
- fprintf (stderr, "polkit-grant-helper: caller_pid = %d\n", caller_pid);
- fprintf (stderr, "polkit-grant-helper: action_name = '%s'\n", action_name);
-#endif /* PGH_DEBUG */
-
- ret = 2;
-
- context = polkit_context_new ();
- if (!polkit_context_init (context, NULL)) {
- fprintf (stderr, "polkit-grant-helper: cannot initialize polkit\n");
- goto out;
- }
-
- action = polkit_action_new ();
- polkit_action_set_action_id (action, action_name);
-
- dbus_error_init (&error);
- bus = dbus_bus_get (DBUS_BUS_SYSTEM, &error);
- if (bus == NULL) {
- fprintf (stderr, "polkit-grant-helper: cannot connect to system bus: %s: %s\n",
- error.name, error.message);
- dbus_error_free (&error);
- goto out;
- }
-
- caller = polkit_caller_new_from_pid (bus, caller_pid, &error);
- if (caller == NULL) {
- fprintf (stderr, "polkit-grant-helper: cannot get caller from pid: %s: %s\n",
- error.name, error.message);
- goto out;
- }
- if (!polkit_caller_get_uid (caller, &caller_uid)) {
- fprintf (stderr, "polkit-grant-helper: no uid for caller\n");
- goto out;
- }
- if (!polkit_caller_get_ck_session (caller, &session)) {
- fprintf (stderr, "polkit-grant-helper: caller is not in a session\n");
- goto out;
- }
- if (!polkit_session_get_ck_objref (session, &session_objpath)) {
- fprintf (stderr, "polkit-grant-helper: caller is not in a session\n");
- goto out;
- }
-
- /* Use libpolkit to
- *
- * - figure out if the caller can really auth to do the action
- * - learn what ConsoleKit session the caller belongs to
- */
- if (!verify_with_polkit (context, caller, action, &result, &admin_users))
- goto out;
-
-#ifdef PGH_DEBUG
- if (admin_users != NULL) {
- int n;
- fprintf (stderr, "polkit-grant-helper: admin_users: ");
- for (n = 0; admin_users[n] != NULL; n++)
- fprintf (stderr, "'%s' ", admin_users[n]);
- fprintf (stderr, "\n");
- }
-#endif /* PGH_DEBUG */
-
-#ifdef PGH_DEBUG
- fprintf (stderr, "polkit-grant-helper: polkit result = '%s'\n",
- polkit_result_to_string_representation (result));
- fprintf (stderr, "polkit-grant-helper: session_objpath = '%s'\n", session_objpath);
-#endif /* PGH_DEBUG */
-
- /* tell the caller about the grant details; e.g. whether
- * it's auth_self_keep_always or auth_self etc.
- */
- fprintf (stdout, "POLKIT_GRANT_HELPER_TELL_TYPE %s\n",
- polkit_result_to_string_representation (result));
- fflush (stdout);
-
- /* if admin auth is required, tell caller about possible users */
- if (admin_users != NULL) {
- int n;
- fprintf (stdout, "POLKIT_GRANT_HELPER_TELL_ADMIN_USERS");
- for (n = 0; admin_users[n] != NULL; n++)
- fprintf (stdout, " %s", admin_users[n]);
- fprintf (stdout, "\n");
- fflush (stdout);
- }
-
-
- /* wait for libpolkit-grant to tell us what user to use */
- if (admin_users != NULL) {
- int n;
- char buf[256];
-
-#ifdef PGH_DEBUG
- fprintf (stderr, "waiting for admin user name...\n");
-#endif /* PGH_DEBUG */
-
- /* read from parent */
- if (fgets (buf, sizeof buf, stdin) == NULL)
- goto out;
- if (strlen (buf) > 0 && buf[strlen (buf) - 1] == '\n')
- buf[strlen (buf) - 1] = '\0';
-
- if (strncmp (buf,
- "POLKIT_GRANT_CALLER_SELECT_ADMIN_USER ",
- sizeof "POLKIT_GRANT_CALLER_SELECT_ADMIN_USER " - 1) != 0) {
- goto out;
- }
-
- user_to_auth = strdup (buf) + sizeof "POLKIT_GRANT_CALLER_SELECT_ADMIN_USER " - 1;
-#ifdef PGH_DEBUG
- fprintf (stderr, "libpolkit-grant wants to auth as '%s'\n", user_to_auth);
-#endif /* PGH_DEBUG */
-
- /* now sanity check that returned user is actually in admin_users */
- for (n = 0; admin_users[n] != NULL; n++) {
- if (strcmp (admin_users[n], user_to_auth) == 0)
- break;
- }
- if (admin_users[n] == NULL) {
- ret = 2;
- goto out;
- }
-
- } else {
- /* figure out what user to auth */
- if (result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT ||
- result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH ||
- result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION ||
- result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS) {
- user_to_auth = "root";
- } else {
- user_to_auth = invoking_user_name;
- }
- }
-
- if (strcmp (user_to_auth, "root") == 0) {
- uid_of_user_to_auth = 0;
- } else {
- struct passwd *passwd;
-
- passwd = getpwnam (user_to_auth);
- if (passwd == NULL) {
- fprintf (stderr, "polkit-grant-helper: can not look up uid for user '%s'\n", user_to_auth);
- goto out;
- }
- uid_of_user_to_auth = passwd->pw_uid;
- }
-
- ret = 1;
-
- /* Start authentication */
- if (!do_auth (user_to_auth)) {
- goto out;
- }
-
- /* Ask caller if he want to slim down grant type... e.g. he
- * might want to go from auth_self_keep_always to
- * auth_self_keep_session..
- *
- * See docs for the PolKitGrantOverrideGrantType callback type
- * for use cases; it's in polkit-grant/polkit-grant.h
- */
- fprintf (stdout, "POLKIT_GRANT_HELPER_ASK_OVERRIDE_GRANT_TYPE %s\n",
- polkit_result_to_string_representation (result));
- fflush (stdout);
-
- if (!get_and_validate_override_details (&result)) {
- /* if this fails it means bogus input from user */
- ret = 2;
- goto out;
- }
-
-#ifdef PGH_DEBUG
- fprintf (stderr, "polkit-grant-helper: adding grant: action_id=%s session_id=%s pid=%d result='%s'\n",
- action_name, session_objpath, caller_pid, polkit_result_to_string_representation (result));
-#endif /* PGH_DEBUG */
-
- /* make sure write permissions for group is honored */
- umask (002);
-
- switch (result) {
- case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT:
- case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT:
- dbres = polkit_authorization_db_add_entry_process_one_shot (polkit_context_get_authorization_db (context),
- action,
- caller,
- uid_of_user_to_auth);
- if (dbres) {
- syslog (LOG_INFO, "granted one shot authorization for %s to pid %d [uid=%d] [auth=%s]",
- action_name, caller_pid, invoking_user_id, user_to_auth);
- }
- break;
-
- case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH:
- case POLKIT_RESULT_ONLY_VIA_SELF_AUTH:
- dbres = polkit_authorization_db_add_entry_process (polkit_context_get_authorization_db (context),
- action,
- caller,
- uid_of_user_to_auth);
- if (dbres) {
- syslog (LOG_INFO, "granted authorization for %s to pid %d [uid=%d] [auth=%s]",
- action_name, caller_pid, invoking_user_id, user_to_auth);
- }
- break;
-
- case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION:
- case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION:
- dbres = polkit_authorization_db_add_entry_session (polkit_context_get_authorization_db (context),
- action,
- caller,
- uid_of_user_to_auth);
-
- if (dbres) {
- syslog (LOG_INFO, "granted authorization for %s to session %s [uid=%d] [auth=%s]",
- action_name, session_objpath, invoking_user_id, user_to_auth);
- }
- break;
-
- case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS:
- case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS:
- dbres = polkit_authorization_db_add_entry_always (polkit_context_get_authorization_db (context),
- action,
- caller,
- uid_of_user_to_auth);
- if (dbres) {
- syslog (LOG_INFO, "granted authorization for %s to uid %d [auth=%s]",
- action_name, caller_uid, user_to_auth);
- }
- break;
-
- default:
- /* should never happen */
- goto out;
- }
-
- if (!dbres) {
- fprintf (stderr, "polkit-grant-helper: failed to write to grantdb\n");
- goto out;
- }
-
- ret = 0;
-out:
-#ifdef PGH_DEBUG
- fprintf (stderr, "polkit-grant-helper: exiting with code %d\n", ret);
-#endif /* PGH_DEBUG */
- return ret;
-}
diff --git a/polkit-grant/polkit-grant.c b/polkit-grant/polkit-grant.c
deleted file mode 100644
index 0e7a43d..0000000
--- a/polkit-grant/polkit-grant.c
+++ /dev/null
@@ -1,538 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-grant.c : library for obtaining privileges
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#define _GNU_SOURCE
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <unistd.h>
-#include <sys/wait.h>
-
-#include <glib.h>
-#include "polkit-grant.h"
-
-/**
- * SECTION:polkit-grant
- * @title: Authorizations and Authentication
- * @short_description: Obtain authorizations through
- * authentication.
- *
- * These functions are used to obtain authorizations for a user that
- * is able to successfully authenticate. It is only useful for people
- * writing user interfaces that interfaces with the end user.
- *
- * All of these functions are in the
- * <literal>libpolkit-grant</literal> library.
- **/
-
-/**
- * PolKitGrant:
- *
- * Objects of this class are used to obtain authorizations for a user
- * that is able to successfully authenticate. It is only useful for
- * people writing user interfaces that interfaces with the end user.
- *
- * All of these functions are in the
- * <literal>libpolkit-grant</literal> library.
- **/
-struct _PolKitGrant
-{
- int refcount;
-
- PolKitGrantAddIOWatch func_add_io_watch;
- PolKitGrantAddChildWatch func_add_child_watch;
- PolKitGrantRemoveWatch func_remove_watch;
- PolKitGrantType func_type;
- PolKitGrantSelectAdminUser func_select_admin_user;
- PolKitGrantConversationPromptEchoOff func_prompt_echo_off;
- PolKitGrantConversationPromptEchoOn func_prompt_echo_on;
- PolKitGrantConversationErrorMessage func_error_message;
- PolKitGrantConversationTextInfo func_text_info;
- PolKitGrantOverrideGrantType func_override_grant_type;
- PolKitGrantDone func_done;
- void *user_data;
-
- int child_stdin;
- int child_stdout;
- GPid child_pid;
- FILE *child_stdout_f;
-
- int child_watch_id;
- int io_watch_id;
-
- gboolean success;
- gboolean helper_is_running;
-};
-
-/**
- * polkit_grant_new:
- *
- * Creates a #PolKitGrant object.
- *
- * This function is in <literal>libpolkit-grant</literal>.
- *
- * Returns: the new object or #NULL if the authorization backend
- * doesn't support obtaining authorizations through authentication.
- **/
-PolKitGrant *
-polkit_grant_new (void)
-{
- PolKitGrant *polkit_grant;
-
- if (! (polkit_authorization_db_get_capabilities () & POLKIT_AUTHORIZATION_DB_CAPABILITY_CAN_OBTAIN))
- return NULL;
-
- polkit_grant = g_new0 (PolKitGrant, 1);
- polkit_grant->refcount = 1;
- return polkit_grant;
-}
-
-/**
- * polkit_grant_ref:
- * @polkit_grant: the object
- *
- * Increase reference count.
- *
- * This function is in <literal>libpolkit-grant</literal>.
- *
- * Returns: the object.
- **/
-PolKitGrant *
-polkit_grant_ref (PolKitGrant *polkit_grant)
-{
- g_return_val_if_fail (polkit_grant != NULL, NULL);
-
- polkit_grant->refcount++;
- return polkit_grant;
-}
-
-/**
- * polkit_grant_unref:
- * @polkit_grant: the object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- *
- * This function is in <literal>libpolkit-grant</literal>.
- **/
-void
-polkit_grant_unref (PolKitGrant *polkit_grant)
-{
- g_return_if_fail (polkit_grant != NULL);
-
- polkit_grant->refcount--;
- if (polkit_grant->refcount > 0)
- return;
-
- if (polkit_grant->io_watch_id > 0) {
- polkit_grant->func_remove_watch (polkit_grant, polkit_grant->io_watch_id);
- }
- if (polkit_grant->child_watch_id > 0) {
- polkit_grant->func_remove_watch (polkit_grant, polkit_grant->child_watch_id);
- }
- if (polkit_grant->child_pid > 0) {
- int status;
- kill (polkit_grant->child_pid, SIGTERM);
- waitpid (polkit_grant->child_pid, &status, 0);
- }
- if (polkit_grant->child_stdout_f != NULL) {
- fclose (polkit_grant->child_stdout_f);
- }
- if (polkit_grant->child_stdout >= 0) {
- close (polkit_grant->child_stdout);
- }
- if (polkit_grant->child_stdin >= 0) {
- close (polkit_grant->child_stdin);
- }
-
- g_free (polkit_grant);
-}
-
-/**
- * polkit_grant_set_functions:
- * @polkit_grant: the object
- * @func_add_io_watch: Callback function
- * @func_add_child_watch: Callback function
- * @func_remove_watch: Callback function
- * @func_type: Callback function
- * @func_select_admin_user: Callback function
- * @func_prompt_echo_off: Callback function
- * @func_prompt_echo_on: Callback function
- * @func_error_message: Callback function
- * @func_text_info: Callback function
- * @func_override_grant_type: Callback function
- * @func_done: Callback function
- * @user_data: User data that will be passed to the callback functions.
- *
- * Set callback functions used for authentication.
- *
- * This function is in <literal>libpolkit-grant</literal>.
- **/
-void
-polkit_grant_set_functions (PolKitGrant *polkit_grant,
- PolKitGrantAddIOWatch func_add_io_watch,
- PolKitGrantAddChildWatch func_add_child_watch,
- PolKitGrantRemoveWatch func_remove_watch,
- PolKitGrantType func_type,
- PolKitGrantSelectAdminUser func_select_admin_user,
- PolKitGrantConversationPromptEchoOff func_prompt_echo_off,
- PolKitGrantConversationPromptEchoOn func_prompt_echo_on,
- PolKitGrantConversationErrorMessage func_error_message,
- PolKitGrantConversationTextInfo func_text_info,
- PolKitGrantOverrideGrantType func_override_grant_type,
- PolKitGrantDone func_done,
- void *user_data)
-{
- g_return_if_fail (polkit_grant != NULL);
- g_return_if_fail (func_add_io_watch != NULL);
- g_return_if_fail (func_add_child_watch != NULL);
- g_return_if_fail (func_remove_watch != NULL);
- g_return_if_fail (func_type != NULL);
- g_return_if_fail (func_select_admin_user != NULL);
- g_return_if_fail (func_prompt_echo_off != NULL);
- g_return_if_fail (func_prompt_echo_on != NULL);
- g_return_if_fail (func_error_message != NULL);
- g_return_if_fail (func_text_info != NULL);
- g_return_if_fail (func_override_grant_type != NULL);
- polkit_grant->func_add_io_watch = func_add_io_watch;
- polkit_grant->func_add_child_watch = func_add_child_watch;
- polkit_grant->func_remove_watch = func_remove_watch;
- polkit_grant->func_type = func_type;
- polkit_grant->func_select_admin_user = func_select_admin_user;
- polkit_grant->func_prompt_echo_off = func_prompt_echo_off;
- polkit_grant->func_prompt_echo_on = func_prompt_echo_on;
- polkit_grant->func_error_message = func_error_message;
- polkit_grant->func_text_info = func_text_info;
- polkit_grant->func_override_grant_type = func_override_grant_type;
- polkit_grant->func_done = func_done;
- polkit_grant->user_data = user_data;
-}
-
-
-/**
- * polkit_grant_child_func:
- * @polkit_grant: the object
- * @pid: pid of the child
- * @exit_code: exit code of the child
- *
- * Method that the application must call when a child process
- * registered with the supplied function of type
- * #PolKitGrantAddChildWatch terminates.
- *
- * This function is in <literal>libpolkit-grant</literal>.
- **/
-void
-polkit_grant_child_func (PolKitGrant *polkit_grant, pid_t pid, int exit_code)
-{
- int status;
- polkit_bool_t input_was_bogus;
-
- g_return_if_fail (polkit_grant != NULL);
- g_return_if_fail (polkit_grant->helper_is_running);
-
- /* g_debug ("pid %d terminated", pid); */
- waitpid (pid, &status, 0);
-
- if (exit_code >= 2)
- input_was_bogus = TRUE;
- else
- input_was_bogus = FALSE;
-
- polkit_grant->success = (exit_code == 0);
- polkit_grant->helper_is_running = FALSE;
- polkit_grant->func_done (polkit_grant, polkit_grant->success, input_was_bogus, polkit_grant->user_data);
-}
-
-
-/**
- * polkit_grant_io_func:
- * @polkit_grant: the object
- * @fd: the file descriptor passed to the supplied function of type #PolKitGrantAddIOWatch.
- *
- * Method that the application must call when there is data to read
- * from a file descriptor registered with the supplied function of
- * type #PolKitGrantAddIOWatch.
- *
- * This function is in <literal>libpolkit-grant</literal>.
- **/
-void
-polkit_grant_io_func (PolKitGrant *polkit_grant, int fd)
-{
- char *line = NULL;
- size_t line_len = 0;
- char *id;
- size_t id_len;
- char *response;
- char *response_prefix;
-
- g_return_if_fail (polkit_grant != NULL);
- g_return_if_fail (polkit_grant->helper_is_running);
-
- while (getline (&line, &line_len, polkit_grant->child_stdout_f) != -1) {
- if (strlen (line) > 0 &&
- line[strlen (line) - 1] == '\n')
- line[strlen (line) - 1] = '\0';
-
- response = NULL;
- response_prefix = NULL;
-
- id = "PAM_PROMPT_ECHO_OFF ";
- if (g_str_has_prefix (line, id)) {
- id_len = strlen (id);
- response_prefix = "";
- response = polkit_grant->func_prompt_echo_off (polkit_grant,
- line + id_len,
- polkit_grant->user_data);
- goto processed;
- }
-
- id = "PAM_PROMPT_ECHO_ON ";
- if (g_str_has_prefix (line, id)) {
- id_len = strlen (id);
- response_prefix = "";
- response = polkit_grant->func_prompt_echo_on (polkit_grant,
- line + id_len,
- polkit_grant->user_data);
- goto processed;
- }
-
- id = "PAM_ERROR_MSG ";
- if (g_str_has_prefix (line, id)) {
- id_len = strlen (id);
- polkit_grant->func_error_message (polkit_grant,
- line + id_len,
- polkit_grant->user_data);
- goto processed;
- }
-
- id = "PAM_TEXT_INFO ";
- if (g_str_has_prefix (line, id)) {
- id_len = strlen (id);
- polkit_grant->func_text_info (polkit_grant,
- line + id_len,
- polkit_grant->user_data);
- goto processed;
- }
-
- id = "POLKIT_GRANT_HELPER_TELL_TYPE ";
- if (g_str_has_prefix (line, id)) {
- PolKitResult result;
- char *result_textual;
-
- id_len = strlen (id);
- result_textual = line + id_len;
- if (!polkit_result_from_string_representation (result_textual, &result)) {
- /* TODO: danger will robinson */
- }
-
- polkit_grant->func_type (polkit_grant,
- result,
- polkit_grant->user_data);
- goto processed;
- }
-
- id = "POLKIT_GRANT_HELPER_TELL_ADMIN_USERS ";
- if (g_str_has_prefix (line, id)) {
- char **admin_users;
-
- id_len = strlen (id);
- admin_users = g_strsplit (line + id_len, " ", 0);
-
- response_prefix = "POLKIT_GRANT_CALLER_SELECT_ADMIN_USER ";
- response = polkit_grant->func_select_admin_user (polkit_grant,
- admin_users,
- polkit_grant->user_data);
- g_strfreev (admin_users);
-
- goto processed;
- }
-
- id = "POLKIT_GRANT_HELPER_ASK_OVERRIDE_GRANT_TYPE ";
- if (g_str_has_prefix (line, id)) {
- PolKitResult override;
- PolKitResult result;
- id_len = strlen (id);
- if (!polkit_result_from_string_representation (line + id_len, &result)) {
- /* TODO: danger will robinson */
- }
- override = polkit_grant->func_override_grant_type (polkit_grant,
- result,
- polkit_grant->user_data);
- response_prefix = "POLKIT_GRANT_CALLER_PASS_OVERRIDE_GRANT_TYPE ";
- response = g_strdup (polkit_result_to_string_representation (override));
- goto processed;
- }
-
- processed:
- if (response != NULL && response_prefix != NULL) {
- char *buf;
- gboolean add_newline;
-
- /* add a newline if there isn't one already... */
- add_newline = FALSE;
- if (response[strlen (response) - 1] != '\n') {
- add_newline = TRUE;
- }
- buf = g_strdup_printf ("%s%s%c",
- response_prefix,
- response,
- add_newline ? '\n' : '\0');
- write (polkit_grant->child_stdin, buf, strlen (buf));
- g_free (buf);
- free (response);
- }
- }
-
- if (line != NULL)
- free (line);
-}
-
-/**
- * polkit_grant_cancel_auth:
- * @polkit_grant: the object
- *
- * Cancel an authentication in progress
- *
- * This function is in <literal>libpolkit-grant</literal>.
- **/
-void
-polkit_grant_cancel_auth (PolKitGrant *polkit_grant)
-{
- GPid pid;
- g_return_if_fail (polkit_grant != NULL);
- g_return_if_fail (polkit_grant->helper_is_running);
-
- pid = polkit_grant->child_pid;
- polkit_grant->child_pid = 0;
- if (pid > 0) {
- int status;
- kill (pid, SIGTERM);
- waitpid (pid, &status, 0);
- polkit_grant->helper_is_running = FALSE;
- }
- polkit_grant->func_done (polkit_grant, FALSE, FALSE, polkit_grant->user_data);
-}
-
-/**
- * polkit_grant_initiate_auth:
- * @polkit_grant: the object
- * @action: Action requested by caller
- * @caller: Caller in question
- *
- * Initiate authentication to obtain the privilege for the given
- * @caller to perform the specified @action. The caller of this method
- * must have setup callback functions using the method
- * polkit_grant_set_functions() prior to calling this method.
- *
- * Implementation-wise, this class uses a secure (e.g. as in that it
- * checks all information and fundamenally don't trust the caller;
- * e.g. the #PolKitGrant class) setgid helper that does all the heavy
- * lifting.
- *
- * The caller of this method must iterate the mainloop context in
- * order for authentication to make progress.
- *
- * This function is in <literal>libpolkit-grant</literal>.
- *
- * Returns: #TRUE only if authentication have been initiated.
- **/
-polkit_bool_t
-polkit_grant_initiate_auth (PolKitGrant *polkit_grant,
- PolKitAction *action,
- PolKitCaller *caller)
-{
- pid_t pid;
- char *action_id;
- GError *g_error;
- char *helper_argv[4];
-
- g_return_val_if_fail (polkit_grant != NULL, FALSE);
- /* check that callback functions have been properly set up */
- g_return_val_if_fail (polkit_grant->func_done != NULL, FALSE);
-
- if (!polkit_caller_get_pid (caller, &pid))
- goto error;
-
- if (!polkit_action_get_action_id (action, &action_id))
- goto error;
-
- /* TODO: verify incoming args */
-
- /* helper_argv[0] = "/home/davidz/Hacking/PolicyKit/polkit-grant/.libs/polkit-grant-helper"; */
- helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-grant-helper";
- helper_argv[1] = g_strdup_printf ("%d", pid);
- helper_argv[2] = action_id;
- helper_argv[3] = NULL;
-
- polkit_grant->child_stdin = -1;
- polkit_grant->child_stdout = -1;
-
- g_error = NULL;
- if (!g_spawn_async_with_pipes (NULL,
- (char **) helper_argv,
- NULL,
- G_SPAWN_DO_NOT_REAP_CHILD |
- 0,//G_SPAWN_STDERR_TO_DEV_NULL,
- NULL,
- NULL,
- &polkit_grant->child_pid,
- &polkit_grant->child_stdin,
- &polkit_grant->child_stdout,
- NULL,
- &g_error)) {
- fprintf (stderr, "Cannot spawn helper: %s.\n", g_error->message);
- g_error_free (g_error);
- g_free (helper_argv[1]);
- goto error;
- }
- g_free (helper_argv[1]);
-
- polkit_grant->child_watch_id = polkit_grant->func_add_child_watch (polkit_grant, polkit_grant->child_pid);
- if (polkit_grant->child_watch_id == 0)
- goto error;
-
- polkit_grant->io_watch_id = polkit_grant->func_add_io_watch (polkit_grant, polkit_grant->child_stdout);
- if (polkit_grant->io_watch_id == 0)
- goto error;
-
- /* so we can use getline... */
- polkit_grant->child_stdout_f = fdopen (polkit_grant->child_stdout, "r");
- if (polkit_grant->child_stdout_f == NULL)
- goto error;
-
- polkit_grant->success = FALSE;
-
- polkit_grant->helper_is_running = TRUE;
-
- return TRUE;
-error:
- return FALSE;
-}
diff --git a/polkit-grant/polkit-grant.h b/polkit-grant/polkit-grant.h
deleted file mode 100644
index 2fdf6a4..0000000
--- a/polkit-grant/polkit-grant.h
+++ /dev/null
@@ -1,369 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-grant.h : library for obtaining privileges
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#ifndef POLKIT_GRANT_H
-#define POLKIT_GRANT_H
-
-#include <polkit/polkit.h>
-
-POLKIT_BEGIN_DECLS
-
-struct _PolKitGrant;
-typedef struct _PolKitGrant PolKitGrant;
-
-/**
- * PolKitGrantType:
- * @polkit_grant: the grant object
- * @grant_type: the current type of what privilege to obtain
- * @user_data: user data pointed as passed into polkit_grant_set_functions()
- *
- * Type for callback function that describes to what extent the
- * privilege can be obtained; e.g. whether the user can keep it
- * (e.g. forever, for the session or not keep it at all).
- *
- * See also #PolKitGrantOverrideGrantType for discussion on the type
- * of user interfaces one should put up depending on the value of
- * @grant_type.
- **/
-typedef void (*PolKitGrantType) (PolKitGrant *polkit_grant,
- PolKitResult grant_type,
- void *user_data);
-
-/**
- * PolKitGrantSelectAdminUser:
- * @polkit_grant: the grant object
- * @admin_users: a NULL-terminated array of users that can be used for
- * authentication for admin grants.
- * @user_data: user data pointed as passed into polkit_grant_set_functions()
- *
- * Type for callback function that describes the possible users that
- * can be chosen for authentication when administrator privileges are
- * required.
- *
- * Returns: the chosen user; must be allocated with malloc(3) and will
- * be freed by the #PolKitGrant class.
- **/
-typedef char* (*PolKitGrantSelectAdminUser) (PolKitGrant *polkit_grant,
- char **admin_users,
- void *user_data);
-
-
-/**
- * PolKitGrantConversationPromptEchoOff:
- * @polkit_grant: the grant object
- * @prompt: prompt passed by the authentication layer; do not free this string
- * @user_data: user data pointed as passed into polkit_grant_set_functions()
- *
- * Type for callback function that is invoked when the authentication
- * layer needs to ask the user a secret and the UI should NOT echo what
- * the user types on the screen.
- *
- * Returns: the answer obtained from the user; must be allocated with
- * malloc(3) and will be freed by the #PolKitGrant class.
- **/
-typedef char* (*PolKitGrantConversationPromptEchoOff) (PolKitGrant *polkit_grant,
- const char *prompt,
- void *user_data);
-
-/**
- * PolKitGrantConversationPromptEchoOn:
- * @polkit_grant: the grant object
- * @prompt: prompt passed by the authentication layer; do not free this string
- * @user_data: user data pointed as passed into polkit_grant_set_functions()
- *
- * Type for callback function that is invoked when the authentication
- * layer needs to ask the user a secret and the UI should echo what
- * the user types on the screen.
- *
- * Returns: the answer obtained from the user; must be allocated with
- * malloc(3) and will be freed by the #PolKitGrant class.
- **/
-typedef char* (*PolKitGrantConversationPromptEchoOn) (PolKitGrant *polkit_grant,
- const char *prompt,
- void *user_data);
-
-/**
- * PolKitGrantConversationErrorMessage:
- * @polkit_grant: the grant object
- * @error_message: error message passed by the authentication layer; do not free this string
- * @user_data: user data pointed as passed into polkit_grant_set_functions()
- *
- * Type for callback function that is invoked when the authentication
- * layer produces an error message that should be displayed in the UI.
- **/
-typedef void (*PolKitGrantConversationErrorMessage) (PolKitGrant *polkit_grant,
- const char *error_message,
- void *user_data);
-
-/**
- * PolKitGrantConversationTextInfo:
- * @polkit_grant: the grant object
- * @text_info: information passed by the authentication layer; do not free this string
- * @user_data: user data pointed as passed into polkit_grant_set_functions()
- *
- * Type for callback function that is invoked when the authentication
- * layer produces an informational message that should be displayed in
- * the UI.
- **/
-typedef void (*PolKitGrantConversationTextInfo) (PolKitGrant *polkit_grant,
- const char *text_info,
- void *user_data);
-
-/**
- * PolKitGrantOverrideGrantType:
- * @polkit_grant: the grant object
- * @grant_type: the current type of what privilege to obtain; this is
- * the same value as passed to the callback of type #PolKitGrantType.
- * @user_data: user data pointed as passed into polkit_grant_set_functions()
- *
- * Type for callback function that enables the UI to request a lesser
- * privilege than is obtainable. This callback is invoked when the
- * user have successfully authenticated but before the privilege is
- * granted.
- *
- * Basically, this callback enables a program to provide an user
- * interface like this:
- *
- * <programlisting>
- * +------------------------------------------------------------+
- * | You need to authenticate to access the volume 'Frobnicator |
- * | Adventures Vol 2' |
- * | |
- * | Password: [_________________] |
- * | |
- * [ [x] Remember this decision |
- * | [ ] for this session |
- * | [*] for this and future sessions |
- * | |
- * | [Cancel] [Authenticate] |
- * +------------------------------------------------------------+
- * </programlisting>
- *
- * This dialog assumes that @grant_type passed was
- * #POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS. By ticking the
- * check boxes in the dialog, the user can override this to either
- * #POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION or
- * #POLKIT_RESULT_ONLY_VIA_SELF_AUTH. Thus, the user can
- * voluntarily choose to obtain a lesser privilege.
- *
- * Another example, would be that the @grant_type passed was
- * #POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION. Then the dialog
- * should look like this:
- *
- * <programlisting>
- * +------------------------------------------------------------+
- * | You need to authenticate to access the volume 'Frobnicator |
- * | Adventures Vol 2' |
- * | |
- * | Password: [_________________] |
- * | |
- * [ [x] Remember this decision for the rest of the session |
- * | |
- * | [Cancel] [Authenticate] |
- * +------------------------------------------------------------+
- * </programlisting>
- *
- * Finally, if the @grant_type value passed is
- * e.g. #POLKIT_RESULT_ONLY_VIA_SELF_AUTH, there are no options to
- * click.:
- *
- * <programlisting>
- * +------------------------------------------------------------+
- * | You need to authenticate to access the volume 'Frobnicator |
- * | Adventures Vol 2' |
- * | |
- * | Password: [_________________] |
- * | |
- * | [Cancel] [Authenticate] |
- * +------------------------------------------------------------+
- * </programlisting>
- *
- * Of course, these examples also applies to
- * #POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH and friends.
- *
- * Returns: the desired type of what privilege to obtain; note that it
- * won't work asking for more privileges than what @grant_type
- * specifies; the passed value is properly checked in the secure
- * setgid granting helper mentioned in
- * polkit_grant_initiate_auth().
- **/
-typedef PolKitResult (*PolKitGrantOverrideGrantType) (PolKitGrant *polkit_grant,
- PolKitResult grant_type,
- void *user_data);
-
-/**
- * PolKitGrantDone:
- * @polkit_grant: the grant object
- * @gained_privilege: whether the privilege was obtained
- * @invalid_data: whether the input data was bogus (not including bad passwords)
- * @user_data: user data pointed as passed into polkit_grant_set_functions()
- *
- * This function is called when the granting process ends; either if
- * successful or if it was canceled using
- * e.g. polkit_grant_cancel_auth().
- **/
-typedef void (*PolKitGrantDone) (PolKitGrant *polkit_grant,
- polkit_bool_t gained_privilege,
- polkit_bool_t invalid_data,
- void *user_data);
-
-/**
- * PolKitGrantAddChildWatch:
- * @polkit_grant: the grant object
- * @pid: the child pid to watch
- *
- * Type for function supplied by the application to integrate a watch
- * on a child process into the applications main loop. The
- * application must call polkit_grant_child_func() when the
- * child dies
- *
- * For glib mainloop, the function will typically look like this:
- *
- * <programlisting>
- * static void
- * child_watch_func (GPid pid,
- * gint status,
- * gpointer user_data)
- * {
- * PolKitGrant *polkit_grant = user_data;
- * polkit_grant_child_func (polkit_grant, pid, WEXITSTATUS (status));
- * }
- *
- * static int
- * add_child_watch (PolKitGrant *polkit_grant, pid_t pid)
- * {
- * return g_child_watch_add (pid, child_watch_func, polkit_grant);
- * }
- * </programlisting>
- *
- * Returns: 0 if the watch couldn't be set up; otherwise an unique
- * identifier for the watch.
- **/
-typedef int (*PolKitGrantAddChildWatch) (PolKitGrant *polkit_grant,
- pid_t pid);
-
-/**
- * PolKitGrantAddIOWatch:
- * @polkit_grant: the grant object
- * @fd: the file descriptor to watch
- *
- * Type for function supplied by the application to integrate a watch
- * on a file descriptor into the applications main loop. The
- * application must call polkit_grant_io_func() when there is data
- * to read from the file descriptor.
- *
- * For glib mainloop, the function will typically look like this:
- *
- * <programlisting>
- * static gboolean
- * io_watch_have_data (GIOChannel *channel, GIOCondition condition, gpointer user_data)
- * {
- * int fd;
- * PolKitGrant *polkit_grant = user_data;
- * fd = g_io_channel_unix_get_fd (channel);
- * polkit_grant_io_func (polkit_grant, fd);
- * return TRUE;
- * }
- *
- * static int
- * add_io_watch (PolKitGrant *polkit_grant, int fd)
- * {
- * guint id = 0;
- * GIOChannel *channel;
- * channel = g_io_channel_unix_new (fd);
- * if (channel == NULL)
- * goto out;
- * id = g_io_add_watch (channel, G_IO_IN, io_watch_have_data, polkit_grant);
- * if (id == 0) {
- * g_io_channel_unref (channel);
- * goto out;
- * }
- * g_io_channel_unref (channel);
- * out:
- * return id;
- * }
- * </programlisting>
- *
- * Returns: 0 if the watch couldn't be set up; otherwise an unique
- * identifier for the watch.
- **/
-typedef int (*PolKitGrantAddIOWatch) (PolKitGrant *polkit_grant,
- int fd);
-
-/**
- * PolKitGrantRemoveWatch:
- * @polkit_grant: the grant object
- * @watch_id: the id obtained from using the supplied function
- * of type #PolKitGrantAddIOWatch or #PolKitGrantAddChildWatch.
- *
- * Type for function supplied by the application to remove a watch set
- * up via the supplied function of type #PolKitGrantAddIOWatch or type
- * #PolKitGrantAddChildWatch.
- *
- * For glib mainloop, the function will typically look like this:
- *
- * <programlisting>
- * static void
- * remove_watch (PolKitGrant *polkit_auth, int watch_id)
- * {
- * g_source_remove (watch_id);
- * }
- * </programlisting>
- *
- **/
-typedef void (*PolKitGrantRemoveWatch) (PolKitGrant *polkit_grant,
- int watch_id);
-
-PolKitGrant *polkit_grant_new (void);
-PolKitGrant *polkit_grant_ref (PolKitGrant *polkit_grant);
-void polkit_grant_unref (PolKitGrant *polkit_grant);
-void polkit_grant_set_functions (PolKitGrant *polkit_grant,
- PolKitGrantAddIOWatch func_add_io_watch,
- PolKitGrantAddChildWatch func_add_child_watch,
- PolKitGrantRemoveWatch func_remove_watch,
- PolKitGrantType func_type,
- PolKitGrantSelectAdminUser func_select_admin_user,
- PolKitGrantConversationPromptEchoOff func_prompt_echo_off,
- PolKitGrantConversationPromptEchoOn func_prompt_echo_on,
- PolKitGrantConversationErrorMessage func_error_message,
- PolKitGrantConversationTextInfo func_text_info,
- PolKitGrantOverrideGrantType func_override_grant_type,
- PolKitGrantDone func_done,
- void *user_data);
-
-polkit_bool_t polkit_grant_initiate_auth (PolKitGrant *polkit_grant,
- PolKitAction *action,
- PolKitCaller *caller);
-
-void polkit_grant_cancel_auth (PolKitGrant *polkit_grant);
-
-void polkit_grant_io_func (PolKitGrant *polkit_grant, int fd);
-void polkit_grant_child_func (PolKitGrant *polkit_grant, pid_t pid, int exit_code);
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_GRANT_H */
-
-
diff --git a/polkit-grant/polkit-revoke-helper.c b/polkit-grant/polkit-revoke-helper.c
deleted file mode 100644
index f588afc..0000000
--- a/polkit-grant/polkit-revoke-helper.c
+++ /dev/null
@@ -1,379 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-revoke-helper.c : setgid polkituser revoke helper for PolicyKit
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#define _GNU_SOURCE
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/time.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <security/pam_appl.h>
-#include <grp.h>
-#include <pwd.h>
-#include <syslog.h>
-#include <errno.h>
-#include <string.h>
-#include <utime.h>
-#include <fcntl.h>
-
-#include <polkit-dbus/polkit-dbus.h>
-
-static polkit_bool_t
-check_for_authorization (const char *action_id, pid_t caller_pid)
-{
- polkit_bool_t ret;
- DBusError error;
- DBusConnection *bus;
- PolKitCaller *caller;
- PolKitAction *action;
- PolKitContext *context;
- PolKitError *pk_error;
- PolKitResult pk_result;
-
- ret = FALSE;
-
- dbus_error_init (&error);
- bus = dbus_bus_get (DBUS_BUS_SYSTEM, &error);
- if (bus == NULL) {
- fprintf (stderr, "polkit-revoke-helper: cannot connect to system bus: %s: %s\n",
- error.name, error.message);
- dbus_error_free (&error);
- goto out;
- }
-
- caller = polkit_caller_new_from_pid (bus, caller_pid, &error);
- if (caller == NULL) {
- fprintf (stderr, "polkit-revoke-helper: cannot get caller from pid: %s: %s\n",
- error.name, error.message);
- goto out;
- }
-
- action = polkit_action_new ();
- if (action == NULL) {
- fprintf (stderr, "polkit-revoke-helper: cannot allocate PolKitAction\n");
- goto out;
- }
- if (!polkit_action_set_action_id (action, action_id)) {
- fprintf (stderr, "polkit-revoke-helper: cannot set action_id\n");
- goto out;
- }
-
- context = polkit_context_new ();
- if (context == NULL) {
- fprintf (stderr, "polkit-revoke-helper: cannot allocate PolKitContext\n");
- goto out;
- }
-
- pk_error = NULL;
- if (!polkit_context_init (context, &pk_error)) {
- fprintf (stderr, "polkit-revoke-helper: cannot initialize polkit context: %s: %s\n",
- polkit_error_get_error_name (pk_error),
- polkit_error_get_error_message (pk_error));
- polkit_error_free (pk_error);
- goto out;
- }
-
- pk_result = polkit_context_is_caller_authorized (context, action, caller, FALSE, &pk_error);
- if (polkit_error_is_set (pk_error)) {
- fprintf (stderr, "polkit-revoke-helper: cannot determine if caller is authorized: %s: %s\n",
- polkit_error_get_error_name (pk_error),
- polkit_error_get_error_message (pk_error));
- polkit_error_free (pk_error);
- goto out;
- }
-
- if (pk_result != POLKIT_RESULT_YES) {
- goto out;
- }
-
- ret = TRUE;
-out:
-
- return ret;
-}
-
-
-static int
-_write_to_fd (int fd, const char *str, ssize_t str_len)
-{
- int ret;
- ssize_t written;
-
- ret = 0;
-
- written = 0;
- while (written < str_len) {
- ssize_t ret;
- ret = write (fd, str + written, str_len - written);
- if (ret < 0) {
- if (errno == EAGAIN || errno == EINTR) {
- continue;
- } else {
- goto out;
- }
- }
- written += ret;
- }
-
- ret = 1;
-
-out:
- return ret;
-}
-
-int
-main (int argc, char *argv[])
-{
- int ret;
- gid_t egid;
- struct group *group;
- uid_t invoking_uid;
- char *entry_to_remove;
- int n;
- int len;
- char *p;
- char *scope;
- uid_t uid_to_revoke;
- char *endp;
- FILE *f;
- int fd;
- char path[256];
- char path_tmp[256];
- char line[512];
- char *root;
- char *target_type;
- char *target_value;
- struct passwd *pw;
- polkit_bool_t is_one_shot;
-
- ret = 1;
-
- /* clear the entire environment to avoid attacks using with libraries honoring environment variables */
- if (clearenv () != 0)
- goto out;
- /* set a minimal environment */
- setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
-
- openlog ("polkit-revoke-helper", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
-
- /* check for correct invocation */
- if (argc != 4) {
- syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
- fprintf (stderr, "polkit-revoke-helper: wrong number of arguments. This incident has been logged.\n");
- goto out;
- }
-
- /* check we're running with a non-tty stdin */
- if (isatty (STDIN_FILENO) != 0) {
- syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ());
- fprintf (stderr, "polkit-revoke-helper: inappropriate use of helper, stdin is a tty. This incident has been logged.\n");
- goto out;
- }
-
- invoking_uid = getuid ();
-
- /* check that we are setgid polkituser */
- egid = getegid ();
- group = getgrgid (egid);
- if (group == NULL) {
- fprintf (stderr, "polkit-revoke-helper: cannot lookup group info for gid %d\n", egid);
- goto out;
- }
- if (strcmp (group->gr_name, POLKIT_GROUP) != 0) {
- fprintf (stderr, "polkit-revoke-helper: needs to be setgid " POLKIT_GROUP "\n");
- goto out;
- }
-
- entry_to_remove = argv[1];
- target_type = argv[2];
- target_value = argv[3];
-
- /*----------------------------------------------------------------------------------------------------*/
-
- /* paranoia: we have to validate the entry_to_remove argument
- * and determine if the process who invoked us is sufficiently
- * privileged.
- *
- * As we're setuid root we don't want to pull in libpolkit and
- * as we only need to parse the first two entries... we do it
- * right here
- */
- p = entry_to_remove;
- len = strlen (entry_to_remove);
- for (n = 0; n < len; n++) {
- if (p[n] == ':')
- goto found;
- }
- fprintf (stderr, "polkit-revoke-helper: entry_to_remove malformed\n");
- goto out;
-found:
- scope = strndup (entry_to_remove, n);
- if (scope == NULL) {
- fprintf (stderr, "polkit-revoke-helper: OOM\n");
- goto out;
- }
-
- if (strcmp (target_type, "uid") == 0) {
- uid_to_revoke = strtol (target_value, &endp, 10);
- if (*endp != '\0') {
- fprintf (stderr, "polkit-revoke-helper: cannot parse uid\n");
- goto out;
- }
- } else {
- fprintf (stderr, "polkit-revoke-helper: unknown target type\n");
- goto out;
- }
-
- /* OK, we're done parsing ... */
-
- is_one_shot = FALSE;
- if (strcmp (scope, "process") == 0) {
- root = PACKAGE_LOCALSTATE_DIR "/run/PolicyKit";
- } else if (strcmp (scope, "process-one-shot") == 0) {
- root = PACKAGE_LOCALSTATE_DIR "/run/PolicyKit";
- is_one_shot = TRUE;
- } else if (strcmp (scope, "session") == 0) {
- root = PACKAGE_LOCALSTATE_DIR "/run/PolicyKit";
- } else if (strcmp (scope, "always") == 0) {
- root = PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit";
- } else if (strcmp (scope, "grant") == 0) {
- root = PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit";
- } else {
- fprintf (stderr, "polkit-revoke-helper: unknown scope '%s'\n", scope);
- goto out;
- }
-
- if (invoking_uid != 0) {
- /* Check that the caller is privileged to do this... */
- if (invoking_uid != uid_to_revoke) {
-
- /* see if calling user has the
- *
- * org.freedesktop.policykit.revoke
- *
- * authorization
- */
- if (!check_for_authorization ("org.freedesktop.policykit.revoke", getppid ())) {
-
- /* if it's about revoking a one-shot authorization, it's sufficient to have
- * org.freedesktop.policykit.read - see polkit_context_is_caller_authorized()
- * for why...
- */
- if (is_one_shot) {
- if (!check_for_authorization ("org.freedesktop.policykit.read", getppid ())) {
- goto out;
- }
- } else {
- goto out;
- }
- }
- }
- }
-
- pw = getpwuid (uid_to_revoke);
- if (pw == NULL) {
- fprintf (stderr, "polkit-revoke-helper: cannot lookup user name for uid %d\n", uid_to_revoke);
- goto out;
- }
-
- if (snprintf (path, sizeof (path), "%s/user-%s.auths", root, pw->pw_name) >= (int) sizeof (path)) {
- fprintf (stderr, "polkit-revoke-helper: string was truncated (1)\n");
- goto out;
- }
- if (snprintf (path_tmp, sizeof (path_tmp), "%s/user-%s.auths.XXXXXX", root, pw->pw_name) >= (int) sizeof (path)) {
- fprintf (stderr, "polkit-revoke-helper: string was truncated (2)\n");
- goto out;
- }
-
- f = fopen (path, "r");
- if (f == NULL) {
- fprintf (stderr, "Cannot open file '%s': %m\n", path);
- goto out;
- }
-
- fd = mkstemp (path_tmp);
- if (fd < 0) {
- fprintf (stderr, "Cannot create file '%s': %m\n", path_tmp);
- goto out;
- }
- if (fchmod (fd, 0464) != 0) {
- fprintf (stderr, "Cannot change mode for '%s' to 0460: %m\n", path_tmp);
- close (fd);
- unlink (path_tmp);
- goto out;
- }
-
-
- /* read one line at a time */
- while (fgets (line, sizeof (line), f) != NULL) {
- size_t line_len;
-
- line_len = strlen (line);
- if (line_len > 1 && line[line_len - 1] == '\n') {
- if (strncmp (line, entry_to_remove, line_len - 1) == 0) {
- /* woho, found it */
- continue;
- }
- }
-
- /* otherwise, just write the line to the temporary file */
- if (!_write_to_fd (fd, line, line_len)) {
- fprintf (stderr, "Error write to file '%s': %m\n", path_tmp);
- close (fd);
- unlink (path_tmp);
- goto out;
- }
- }
-
- fclose (f);
- close (fd);
-
- if (rename (path_tmp, path) != 0) {
- fprintf (stderr, "Error renaming %s to %s: %m\n", path_tmp, path);
- unlink (path_tmp);
- goto out;
- }
-
- /* we're good now (if triggering a reload fails, so be it, we
- * still did what the caller asked...)
- */
- ret = 0;
-
- /* trigger a reload */
- if (utimes (PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload", NULL) != 0) {
- fprintf (stderr, "Error updating access+modification time on file '%s': %m\n",
- PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload");
- }
-
-out:
-
- return ret;
-}
-
diff --git a/polkit/.gitignore b/polkit/.gitignore
deleted file mode 100644
index 764d994..0000000
--- a/polkit/.gitignore
+++ /dev/null
@@ -1,9 +0,0 @@
-.deps
-.libs
-*.la
-*.lo
-*.o
-Makefile
-Makefile.in
-polkit-interface-manager-glue.h
-polkit-interface-session-glue.h
diff --git a/polkit/Makefile.am b/polkit/Makefile.am
deleted file mode 100644
index c15017f..0000000
--- a/polkit/Makefile.am
+++ /dev/null
@@ -1,149 +0,0 @@
-## Process this file with automake to produce Makefile.in
-
-INCLUDES = \
- -I$(top_builddir) -I$(top_srcdir) \
- -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
- -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
- -DPACKAGE_DATA_DIR=\""$(datadir)"\" \
- -DPACKAGE_BIN_DIR=\""$(bindir)"\" \
- -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \
- -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \
- -DPACKAGE_LIB_DIR=\""$(libdir)"\" \
- -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \
- -DPOLKIT_COMPILATION \
- -DTEST_DATA_DIR=\"$(top_srcdir)/test/\" \
- @GLIB_CFLAGS@
-
-lib_LTLIBRARIES=libpolkit.la
-
-libpolkitincludedir=$(includedir)/PolicyKit/polkit
-
-libpolkitinclude_HEADERS = \
- polkit.h \
- polkit-sysdeps.h \
- polkit-memory.h \
- polkit-hash.h \
- polkit-list.h \
- polkit-types.h \
- polkit-error.h \
- polkit-result.h \
- polkit-context.h \
- polkit-action.h \
- polkit-seat.h \
- polkit-session.h \
- polkit-caller.h \
- polkit-policy-file-entry.h \
- polkit-policy-file.h \
- polkit-policy-cache.h \
- polkit-policy-default.h \
- polkit-config.h \
- polkit-authorization.h \
- polkit-authorization-constraint.h \
- polkit-authorization-db.h
-
-libpolkit_la_SOURCES = \
- polkit.h \
- polkit-private.h \
- polkit-types.h \
- polkit-memory.h polkit-memory.c \
- polkit-hash.h polkit-hash.c \
- polkit-list.h polkit-list.c \
- polkit-sysdeps.h polkit-sysdeps.c \
- polkit-error.h polkit-error.c \
- polkit-result.h polkit-result.c \
- polkit-context.h polkit-context.c \
- polkit-action.h polkit-action.c \
- polkit-seat.h polkit-seat.c \
- polkit-session.h polkit-session.c \
- polkit-caller.h polkit-caller.c \
- polkit-policy-file-entry.h polkit-policy-file-entry.c \
- polkit-policy-file.h polkit-policy-file.c \
- polkit-policy-cache.h polkit-policy-cache.c \
- polkit-policy-default.h polkit-policy-default.c \
- polkit-debug.h polkit-debug.c \
- polkit-utils.h polkit-utils.c \
- polkit-config.h polkit-config.c \
- polkit-authorization.h polkit-authorization.c \
- polkit-authorization-constraint.h polkit-authorization-constraint.c \
- polkit-authorization-db.h
-
-if POLKIT_AUTHDB_DUMMY
-libpolkit_la_SOURCES += \
- polkit-authorization-db-dummy.c
-endif
-
-if POLKIT_AUTHDB_DEFAULT
-libpolkit_la_SOURCES += \
- polkit-authorization-db.c
-endif
-
-libpolkit_la_LIBADD = @GLIB_LIBS@ @EXPAT_LIBS@
-
-libpolkit_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
-
-## note that TESTS has special meaning (stuff to use in make check)
-## so if adding tests not to be run in make check, don't add them to
-## TESTS
-if POLKIT_BUILD_TESTS
-TESTS_ENVIRONMENT=
-TESTS=polkit-test
-
-if POLKIT_GCOV_ENABLED
-clean-gcov:
- rm -f *.gcov .libs/*.gcda
-
-.PHONY: coverage-report.txt
-coverage-report.txt :
- $(top_srcdir)/test/create-coverage-report.sh polkit $(filter %.c,$(libpolkit_la_SOURCES)) > coverage-report.txt
-
-check-coverage : clean-gcov all check coverage-report.txt
- cat coverage-report.txt
-else
-coverage-report.txt:
- @echo "Need to reconfigure with --enable-gcov"
-
-check-coverage:
- @echo "Need to reconfigure with --enable-gcov"
-endif
-
-else
-TESTS=
-endif
-
-## we use noinst_PROGRAMS not check_PROGRAMS so that we build
-## even when not doing "make check"
-noinst_PROGRAMS=$(TESTS)
-
-polkit_test_SOURCES= \
- polkit-test.h polkit-test.c
-
-polkit_test_LDADD=$(top_builddir)/polkit/libpolkit.la
-polkit_test_LDFLAGS=
-#@R_DYNAMIC_LDFLAG@
-
-
-clean-local :
- rm -f *~ $(BUILT_SOURCES) *.bb *.bbg *.da *.gcov .libs/*.da .libs/*.bbg
-
-if POLKIT_AUTHDB_DEFAULT
-# The directories /var/lib/PolicyKit and /var/run/PolicyKit is where
-# authorizations are stored. They must not be world readable (the
-# polkit-auth-read-helper is used to read it) and the $POLKIT_GROUP
-# group needs to be able to write files there.
-#
-# The /var/lib/misc/PolicyKit.reload file is used for triggering that
-# authorizations have changed; it needs to be world readable and
-# writeable for the $POLKIT_GROUP group (FHS 2.3 suggests that
-# location)
-#
-install-data-local:
- -touch $(DESTDIR)$(localstatedir)/lib/misc/PolicyKit.reload
- -chgrp $(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/lib/misc/PolicyKit.reload
- -chmod 775 $(DESTDIR)$(localstatedir)/lib/misc/PolicyKit.reload
- -mkdir -p $(DESTDIR)$(localstatedir)/lib/PolicyKit
- -mkdir -p $(DESTDIR)$(localstatedir)/run/PolicyKit
- -chgrp $(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/lib/PolicyKit
- -chgrp $(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/run/PolicyKit
- -chmod 770 $(DESTDIR)$(localstatedir)/lib/PolicyKit
- -chmod 770 $(DESTDIR)$(localstatedir)/run/PolicyKit
-endif
diff --git a/polkit/polkit-action.c b/polkit/polkit-action.c
deleted file mode 100644
index ac7fea6..0000000
--- a/polkit/polkit-action.c
+++ /dev/null
@@ -1,304 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-action.c : action
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <glib.h>
-#include "polkit-debug.h"
-#include "polkit-action.h"
-#include "polkit-utils.h"
-#include "polkit-utils.h"
-#include "polkit-memory.h"
-#include "polkit-test.h"
-
-/**
- * SECTION:polkit-action
- * @title: Actions
- * @short_description: Models what a caller is attempting to do.
- *
- * This class is used to represent a PolicyKit action.
- **/
-
-/**
- * PolKitAction:
- *
- * Objects of this class are used to record information about an action.
- **/
-struct _PolKitAction
-{
- int refcount;
- char *id;
-};
-
-/**
- * polkit_action_new:
- *
- * Create a new #PolKitAction object.
- *
- * Returns: the new object
- **/
-PolKitAction *
-polkit_action_new (void)
-{
- PolKitAction *action;
- action = p_new0 (PolKitAction, 1);
- if (action == NULL)
- goto out;
- action->refcount = 1;
-out:
- return action;
-}
-
-/**
- * polkit_action_ref:
- * @action: the action object
- *
- * Increase reference count.
- *
- * Returns: the object
- **/
-PolKitAction *
-polkit_action_ref (PolKitAction *action)
-{
- g_return_val_if_fail (action != NULL, action);
- action->refcount++;
- return action;
-}
-
-/**
- * polkit_action_unref:
- * @action: the action object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-polkit_action_unref (PolKitAction *action)
-{
- g_return_if_fail (action != NULL);
- action->refcount--;
- if (action->refcount > 0)
- return;
- p_free (action->id);
- p_free (action);
-}
-
-/**
- * polkit_action_set_action_id:
- * @action: the action object
- * @action_id: action identifier
- *
- * Set the action identifier
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-polkit_action_set_action_id (PolKitAction *action, const char *action_id)
-{
- g_return_val_if_fail (action != NULL, FALSE);
- g_return_val_if_fail (polkit_action_validate_id (action_id), FALSE);
- if (action->id != NULL)
- p_free (action->id);
- action->id = p_strdup (action_id);
- if (action->id == NULL)
- return FALSE;
-
- return TRUE;
-}
-
-/**
- * polkit_action_get_action_id:
- * @action: the action object
- * @out_action_id: Returns the action identifier. The caller shall not free this string.
- *
- * Get the action identifier.
- *
- * Returns: TRUE iff the value was returned.
- **/
-polkit_bool_t
-polkit_action_get_action_id (PolKitAction *action, char **out_action_id)
-{
- g_return_val_if_fail (action != NULL, FALSE);
- g_return_val_if_fail (out_action_id != NULL, FALSE);
- if (action->id == NULL)
- return FALSE;
- *out_action_id = action->id;
- return TRUE;
-}
-
-/**
- * polkit_action_debug:
- * @action: the object
- *
- * Print debug details
- **/
-void
-polkit_action_debug (PolKitAction *action)
-{
- g_return_if_fail (action != NULL);
- _pk_debug ("PolKitAction: refcount=%d id=%s", action->refcount, action->id);
-}
-
-/**
- * polkit_action_validate_id:
- * @action_id: the action identifier to validate
- *
- * Validate whether an action identifier is well formed. To be well
- * formed, an action identifier needs to start with a lower case ASCII
- * character and can only contain the characters "[a-z][0-9].-". It
- * must be less than or equal 256 bytes in length including the
- * terminating NUL character.
- *
- * Returns: #TRUE iff the action identifier is well formed
- **/
-polkit_bool_t
-polkit_action_validate_id (const char *action_id)
-{
- int n;
-
- g_return_val_if_fail (action_id != NULL, FALSE);
-
- /* validate that the form of the action identifier is correct */
- if (!g_ascii_islower (action_id[0]))
- goto malformed;
-
- for (n = 1; action_id[n] != '\0'; n++) {
- if (n >= 255)
- goto malformed;
-
- if (! (g_ascii_islower (action_id[n]) ||
- g_ascii_isdigit (action_id[n]) ||
- action_id[n] == '.' ||
- action_id[n] == '-'))
- goto malformed;
- }
-
- return TRUE;
-
-malformed:
- return FALSE;
-}
-
-/**
- * polkit_action_validate:
- * @action: the object
- *
- * Validate the object
- *
- * Returns: #TRUE iff the object is valid.
- **/
-polkit_bool_t
-polkit_action_validate (PolKitAction *action)
-{
- g_return_val_if_fail (action != NULL, FALSE);
- g_return_val_if_fail (action->id != NULL, FALSE);
-
- return polkit_action_validate_id (action->id);
-}
-
-
-
-#ifdef POLKIT_BUILD_TESTS
-
-static polkit_bool_t
-_run_test (void)
-{
- int n;
- char *valid_action_ids[] = {"org.example.action",
- "org.example.action-foo",
- "org.example.action-foo.42",
- "org.example.42-.foo",
- "t0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcd",
- NULL};
- char *invalid_action_ids[] = {"1org.example.action",
- ".org.example.action",
- "-org.example.action",
- "org.example.action_foo",
- "org.example.something.that.is.too.long.0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
- NULL};
-
- for (n = 0; valid_action_ids[n] != NULL; n++) {
- g_assert (polkit_action_validate_id (valid_action_ids[n]));
- }
-
- for (n = 0; invalid_action_ids[n] != NULL; n++) {
- g_assert (! polkit_action_validate_id (invalid_action_ids[n]));
- }
-
- PolKitAction *a;
- char *s;
- a = polkit_action_new ();
- if (a == NULL) {
- /* OOM */
- } else {
-
- g_assert (! polkit_action_get_action_id (a, &s));
-
- if (!polkit_action_set_action_id (a, "org.example.action")) {
- /* OOM */
- } else {
- g_assert (polkit_action_validate (a));
- polkit_action_ref (a);
- g_assert (polkit_action_validate (a));
- polkit_action_unref (a);
- g_assert (polkit_action_validate (a));
-
- if (!polkit_action_set_action_id (a, "org.example.action2")) {
- /* OOM */
- } else {
- g_assert (polkit_action_validate (a));
- g_assert (polkit_action_get_action_id (a, &s));
- g_assert (strcmp (s, "org.example.action2") == 0);
- polkit_action_debug (a);
- }
- }
-
- polkit_action_unref (a);
- }
-
-
- return TRUE;
-}
-
-PolKitTest _test_action = {
- "polkit_action",
- NULL,
- NULL,
- _run_test
-};
-
-#endif /* POLKIT_BUILD_TESTS */
diff --git a/polkit/polkit-action.h b/polkit/polkit-action.h
deleted file mode 100644
index d062124..0000000
--- a/polkit/polkit-action.h
+++ /dev/null
@@ -1,55 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-action.h : actions
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_ACTION_H
-#define POLKIT_ACTION_H
-
-#include <polkit/polkit-types.h>
-
-POLKIT_BEGIN_DECLS
-
-struct _PolKitAction;
-typedef struct _PolKitAction PolKitAction;
-
-PolKitAction *polkit_action_new (void);
-PolKitAction *polkit_action_ref (PolKitAction *action);
-void polkit_action_unref (PolKitAction *action);
-polkit_bool_t polkit_action_set_action_id (PolKitAction *action, const char *action_id);
-polkit_bool_t polkit_action_get_action_id (PolKitAction *action, char **out_action_id);
-
-void polkit_action_debug (PolKitAction *action);
-polkit_bool_t polkit_action_validate (PolKitAction *action);
-
-polkit_bool_t polkit_action_validate_id (const char *action_id);
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_ACTION_H */
-
-
diff --git a/polkit/polkit-authorization-constraint.c b/polkit/polkit-authorization-constraint.c
deleted file mode 100644
index 633ac48..0000000
--- a/polkit/polkit-authorization-constraint.c
+++ /dev/null
@@ -1,491 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-authorization-constraint.c : Conditions that must be
- * satisfied in order for an authorization to apply
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <glib.h>
-#include "polkit-debug.h"
-#include "polkit-authorization-constraint.h"
-#include "polkit-utils.h"
-#include "polkit-private.h"
-
-/**
- * SECTION:polkit-authorization-constraint
- * @title: Authorization Constraints
- * @short_description: Conditions that must be satisfied in
- * order for an authorization to apply
- *
- * This class is used to represent conditions that must be satisfied
- * in order for an authorization to apply
- *
- * Since: 0.7
- **/
-
-/**
- * PolKitAuthorizationConstraint:
- *
- * Instances of this class are used to represent conditions that must
- * be satisfied in order for an authorization to apply.
- *
- * Since: 0.7
- **/
-struct _PolKitAuthorizationConstraint
-{
- int refcount;
- PolKitAuthorizationConstraintFlags flags;
-};
-
-static PolKitAuthorizationConstraint _null_constraint = {-1, 0};
-
-static PolKitAuthorizationConstraint _local_constraint = {-1,
- POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_LOCAL};
-
-static PolKitAuthorizationConstraint _active_constraint = {-1,
- POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_ACTIVE};
-
-static PolKitAuthorizationConstraint _local_active_constraint = {-1,
- POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_LOCAL |
- POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_ACTIVE};
-
-PolKitAuthorizationConstraint *
-_polkit_authorization_constraint_new (const char *entry_in_auth_file)
-{
- PolKitAuthorizationConstraint *authc;
- authc = g_new0 (PolKitAuthorizationConstraint, 1);
- authc->refcount = 0;
- return authc;
-}
-
-/**
- * polkit_authorization_constraint_ref:
- * @authc: the object
- *
- * Increase reference count.
- *
- * Returns: the object
- *
- * Since: 0.7
- **/
-PolKitAuthorizationConstraint *
-polkit_authorization_constraint_ref (PolKitAuthorizationConstraint *authc)
-{
- g_return_val_if_fail (authc != NULL, authc);
- if (authc->refcount == -1)
- return authc;
- authc->refcount++;
- return authc;
-}
-
-/**
- * polkit_authorization_constraint_unref:
- * @authc: the authorization_constraint object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- *
- * Since: 0.7
- **/
-void
-polkit_authorization_constraint_unref (PolKitAuthorizationConstraint *authc)
-{
- g_return_if_fail (authc != NULL);
- if (authc->refcount == -1)
- return;
- authc->refcount--;
- if (authc->refcount > 0)
- return;
-
- g_free (authc);
-}
-
-/**
- * polkit_authorization_constraint_debug:
- * @authc: the object
- *
- * Print debug details
- *
- * Since: 0.7
- **/
-void
-polkit_authorization_constraint_debug (PolKitAuthorizationConstraint *authc)
-{
- g_return_if_fail (authc != NULL);
- _pk_debug ("PolKitAuthorizationConstraint: refcount=%d", authc->refcount);
-}
-
-/**
- * polkit_authorization_constraint_validate:
- * @authc: the object
- *
- * Validate the object
- *
- * Returns: #TRUE iff the object is valid.
- *
- * Since: 0.7
- **/
-polkit_bool_t
-polkit_authorization_constraint_validate (PolKitAuthorizationConstraint *authc)
-{
- g_return_val_if_fail (authc != NULL, FALSE);
-
- return TRUE;
-}
-
-/**
- * polkit_authorization_constraint_check_session:
- * @authc: the object
- * @session: the session
- *
- * Determine if the given session satisfies the conditions imposed by
- * the given constraint
- *
- * Returns: #TRUE if, and only if, the given session satisfies the
- * conditions imposed by the given constraint.
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_authorization_constraint_check_session (PolKitAuthorizationConstraint *authc,
- PolKitSession *session)
-{
- polkit_bool_t ret;
- polkit_bool_t is_active;
- polkit_bool_t is_local;
-
- g_return_val_if_fail (authc != NULL, FALSE);
- g_return_val_if_fail (session != NULL, FALSE);
-
- ret = FALSE;
-
- if (!polkit_session_get_ck_is_local (session, &is_local))
- is_local = FALSE;
-
- if (!polkit_session_get_ck_is_active (session, &is_active))
- is_active = FALSE;
-
- if (authc->flags & POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_LOCAL) {
- if (!is_local)
- goto out;
- }
-
- if (authc->flags & POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_ACTIVE) {
- if (!is_active)
- goto out;
- }
-
- ret = TRUE;
-out:
- return ret;
-}
-
-/**
- * polkit_authorization_constraint_check_caller:
- * @authc: the object
- * @caller: the caller
- *
- * Determine if the given caller satisfies the conditions imposed by
- * the given constraint
- *
- * Returns: #TRUE if, and only if, the given caller satisfies the
- * conditions imposed by the given constraint.
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_authorization_constraint_check_caller (PolKitAuthorizationConstraint *authc,
- PolKitCaller *caller)
-{
- polkit_bool_t ret;
- PolKitSession *session;
-
- g_return_val_if_fail (authc != NULL, FALSE);
- g_return_val_if_fail (caller != NULL, FALSE);
-
- ret = FALSE;
-
- /* caller may not be in a session */
- if (polkit_caller_get_ck_session (caller, &session) && session != NULL) {
- ret = polkit_authorization_constraint_check_session (authc, session);
- } else {
- if (authc->flags == 0) {
- ret = TRUE;
- }
- }
-
- return ret;
-}
-
-/**
- * polkit_authorization_constraint_get_flags:
- * @authc: the object
- *
- * Describe the constraint; this is only useful when inspecting an
- * authorization to present information to the user (e.g. as
- * polkit-auth(1) does).
- *
- * Note that the flags returned may not fully describe the constraint
- * and shouldn't be used to perform checking against #PolKitCaller or
- * #PolKitSession objects. Use the
- * polkit_authorization_constraint_check_caller() and
- * polkit_authorization_constraint_check_session() methods for that
- * instead.
- *
- * Returns: flags from #PolKitAuthorizationConstraintFlags
- *
- * Since: 0.7
- */
-PolKitAuthorizationConstraintFlags
-polkit_authorization_constraint_get_flags (PolKitAuthorizationConstraint *authc)
-{
- g_return_val_if_fail (authc != NULL, FALSE);
- return authc->flags;
-}
-
-/**
- * polkit_authorization_constraint_get_null:
- *
- * Get a #PolKitAuthorizationConstraint object that represents no constraints.
- *
- * Returns: the constraint; the caller shall not unref this object
- *
- * Since: 0.7
- */
-PolKitAuthorizationConstraint *
-polkit_authorization_constraint_get_null (void)
-{
- return &_null_constraint;
-}
-
-/**
- * polkit_authorization_constraint_get_require_local:
- *
- * Get a #PolKitAuthorizationConstraint object that represents the
- * constraint that the session or caller must be local.
- *
- * Returns: the constraint; the caller shall not unref this object
- *
- * Since: 0.7
- */
-PolKitAuthorizationConstraint *
-polkit_authorization_constraint_get_require_local (void)
-{
- return &_local_constraint;
-}
-
-/**
- * polkit_authorization_constraint_get_require_active:
- *
- * Get a #PolKitAuthorizationConstraint object that represents the
- * constraint that the session or caller must be active.
- *
- * Returns: the constraint; the caller shall not unref this object
- *
- * Since: 0.7
- */
-PolKitAuthorizationConstraint *
-polkit_authorization_constraint_get_require_active (void)
-{
- return &_active_constraint;
-}
-
-/**
- * polkit_authorization_constraint_get_require_local_active:
- *
- * Get a #PolKitAuthorizationConstraint object that represents the
- * constraint that the session or caller must be local and in an
- * active session.
- *
- * Returns: the constraint; the caller shall not unref this object
- *
- * Since: 0.7
- */
-PolKitAuthorizationConstraint *
-polkit_authorization_constraint_get_require_local_active (void)
-{
- return &_local_active_constraint;
-}
-
-/**
- * polkit_authorization_constraint_to_string:
- * @authc: the object
- * @out_buf: buffer to store the string representation in
- * @buf_size: size of buffer
- *
- * Get a textual representation of the constraint; this is only useful
- * for serializing; it's a machine, not human, readable string.
- *
- * Returns: Number of characters written (not including trailing
- * '\0'). If the output was truncated due to the buffer being too
- * small, buf_size will be returned. Thus, a return value of buf_size
- * or more indicates that the output was truncated (see snprintf(3))
- * or an error occured.
- *
- * Since: 0.7
- */
-size_t
-polkit_authorization_constraint_to_string (PolKitAuthorizationConstraint *authc, char *out_buf, size_t buf_size)
-{
- g_return_val_if_fail (authc != NULL, buf_size);
-
- switch (authc->flags) {
- case 0:
- return snprintf (out_buf, buf_size, "none");
-
- case POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_LOCAL:
- return snprintf (out_buf, buf_size, "local");
-
- case POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_ACTIVE:
- return snprintf (out_buf, buf_size, "active");
-
- case POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_LOCAL|POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_ACTIVE:
- return snprintf (out_buf, buf_size, "local+active");
-
- default:
- return buf_size;
- }
-}
-
-/**
- * polkit_authorization_constraint_from_string:
- * @str: textual representation of constraint
- *
- * Construct a constraint from a textual representation as returned by
- * polkit_authorization_constraint_to_string().
- *
- * Returns: the constraint or #NULL if the string coulnd't be parsed.
- */
-PolKitAuthorizationConstraint *
-polkit_authorization_constraint_from_string (const char *str)
-{
- PolKitAuthorizationConstraint *ret;
-
- g_return_val_if_fail (str != NULL, NULL);
-
- ret = NULL;
-
- if (strcmp (str, "none") == 0) {
- ret = polkit_authorization_constraint_get_null ();
- goto out;
- } else if (strcmp (str, "local") == 0) {
- ret = polkit_authorization_constraint_get_require_local ();
- goto out;
- } else if (strcmp (str, "active") == 0) {
- ret = polkit_authorization_constraint_get_require_active ();
- goto out;
- } else if (strcmp (str, "local+active") == 0) {
- ret = polkit_authorization_constraint_get_require_local_active ();
- goto out;
- }
-
-out:
- return ret;
-}
-
-/**
- * polkit_authorization_constraint_get_from_caller:
- * @caller: caller
- *
- * Given a caller, return the most restrictive constraint
- * possible. For example, if the caller is local and active, a
- * constraint requiring this will be returned.
- *
- * This function is typically used when the caller obtains an
- * authorization through authentication; the goal is to put a
- * constraints on the authorization such that it's only valid when the
- * caller is in the context as where she obtained it.
- *
- * Returns: a #PolKitConstraint object; this function will never return #NULL.
- */
-PolKitAuthorizationConstraint *
-polkit_authorization_constraint_get_from_caller (PolKitCaller *caller)
-{
- polkit_bool_t is_local;
- polkit_bool_t is_active;
- PolKitSession *session;
- PolKitAuthorizationConstraint *ret;
-
- /* caller is not in a session so use the null constraint */
- if (!polkit_caller_get_ck_session (caller, &session)) {
- ret = polkit_authorization_constraint_get_null ();
- goto out;
- }
-
- /* if we, for some reason, don't know if the user is local or active, prefer maximal constraint */
- if (!polkit_session_get_ck_is_local (session, &is_local))
- is_local = TRUE;
- if (!polkit_session_get_ck_is_active (session, &is_active))
- is_active = TRUE;
-
- if (is_local) {
- if (is_active) {
- ret = polkit_authorization_constraint_get_require_local_active ();
- } else {
- ret = polkit_authorization_constraint_get_require_local ();
- }
- } else {
- if (is_active) {
- ret = polkit_authorization_constraint_get_require_active ();
- } else {
- ret = polkit_authorization_constraint_get_null ();
- }
- }
-
-out:
- return ret;
-}
-
-
-/**
- * polkit_authorization_constraint_equal:
- * @a: first constraint
- * @b: first constraint
- *
- * Determines if two constraints are equal
- *
- * Returns: #TRUE only if the given constraints are equal
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_authorization_constraint_equal (PolKitAuthorizationConstraint *a, PolKitAuthorizationConstraint *b)
-{
- g_return_val_if_fail (a != NULL, FALSE);
- g_return_val_if_fail (b != NULL, FALSE);
-
- return a->flags == b->flags;
-}
diff --git a/polkit/polkit-authorization-constraint.h b/polkit/polkit-authorization-constraint.h
deleted file mode 100644
index 30c5219..0000000
--- a/polkit/polkit-authorization-constraint.h
+++ /dev/null
@@ -1,94 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-authorization-constraint.h : Conditions that must be
- * satisfied in order for an authorization to apply
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_AUTHORIZATION_CONSTRAINT_H
-#define POLKIT_AUTHORIZATION_CONSTRAINT_H
-
-#include <polkit/polkit-types.h>
-#include <polkit/polkit-action.h>
-#include <polkit/polkit-result.h>
-#include <polkit/polkit-session.h>
-#include <polkit/polkit-caller.h>
-
-POLKIT_BEGIN_DECLS
-
-/**
- * PolKitAuthorizationConstraintFlags:
- * @POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_LOCAL: the session or
- * caller must be local
- * @POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_ACTIVE: the session or
- * caller must be in an active session
- * @POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_LOCAL_ACTIVE: short
- * hand for the flags POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_LOCAL
- * and POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_ACTIVE.
- *
- * This enumeration describes different conditions, not mutually
- * exclusive, to help describe an authorization constraint.
- */
-typedef enum {
- POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_LOCAL = 1 << 0,
- POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_ACTIVE = 1 << 1,
- POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_LOCAL_ACTIVE = (1 << 0) | (1 << 1)
-} PolKitAuthorizationConstraintFlags;
-
-struct _PolKitAuthorizationConstraint;
-typedef struct _PolKitAuthorizationConstraint PolKitAuthorizationConstraint;
-
-PolKitAuthorizationConstraint *polkit_authorization_constraint_get_null (void);
-PolKitAuthorizationConstraint *polkit_authorization_constraint_get_require_local (void);
-PolKitAuthorizationConstraint *polkit_authorization_constraint_get_require_active (void);
-PolKitAuthorizationConstraint *polkit_authorization_constraint_get_require_local_active (void);
-
-PolKitAuthorizationConstraint *polkit_authorization_constraint_ref (PolKitAuthorizationConstraint *authc);
-void polkit_authorization_constraint_unref (PolKitAuthorizationConstraint *authc);
-void polkit_authorization_constraint_debug (PolKitAuthorizationConstraint *authc);
-polkit_bool_t polkit_authorization_constraint_validate (PolKitAuthorizationConstraint *authc);
-
-PolKitAuthorizationConstraintFlags polkit_authorization_constraint_get_flags (PolKitAuthorizationConstraint *authc);
-
-polkit_bool_t polkit_authorization_constraint_check_session (PolKitAuthorizationConstraint *authc,
- PolKitSession *session);
-
-polkit_bool_t polkit_authorization_constraint_check_caller (PolKitAuthorizationConstraint *authc,
- PolKitCaller *caller);
-
-size_t polkit_authorization_constraint_to_string (PolKitAuthorizationConstraint *authc, char *out_buf, size_t buf_size);
-PolKitAuthorizationConstraint *polkit_authorization_constraint_from_string (const char *str);
-
-PolKitAuthorizationConstraint *polkit_authorization_constraint_get_from_caller (PolKitCaller *caller);
-
-polkit_bool_t polkit_authorization_constraint_equal (PolKitAuthorizationConstraint *a,
- PolKitAuthorizationConstraint *b);
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_AUTHORIZATION_CONSTRAINT_H */
-
-
diff --git a/polkit/polkit-authorization-db-dummy.c b/polkit/polkit-authorization-db-dummy.c
deleted file mode 100644
index 64eecb0..0000000
--- a/polkit/polkit-authorization-db-dummy.c
+++ /dev/null
@@ -1,191 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-authorization-db.c : Dummy authorization database
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/wait.h>
-#include <errno.h>
-#include <string.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <pwd.h>
-
-#include <glib.h>
-
-#include "polkit-debug.h"
-#include "polkit-authorization-db.h"
-#include "polkit-utils.h"
-#include "polkit-private.h"
-
-/* PolKitAuthorizationDB structure is defined in polkit/polkit-private.h */
-
-PolKitAuthorizationDBCapability
-polkit_authorization_db_get_capabilities (void)
-{
- return 0;
-}
-
-PolKitAuthorizationDB *
-_polkit_authorization_db_new (void)
-{
- PolKitAuthorizationDB *authdb;
-
- authdb = g_new0 (PolKitAuthorizationDB, 1);
- authdb->refcount = 1;
-
- return authdb;
-}
-
-void
-_polkit_authorization_db_pfe_foreach (PolKitPolicyCache *policy_cache,
- PolKitPolicyCacheForeachFunc callback,
- void *user_data)
-{
-}
-
-PolKitPolicyFileEntry*
-_polkit_authorization_db_pfe_get_by_id (PolKitPolicyCache *policy_cache,
- const char *action_id)
-{
- return NULL;
-}
-
-PolKitAuthorizationDB *
-polkit_authorization_db_ref (PolKitAuthorizationDB *authdb)
-{
- g_return_val_if_fail (authdb != NULL, authdb);
- authdb->refcount++;
- return authdb;
-}
-
-void
-polkit_authorization_db_unref (PolKitAuthorizationDB *authdb)
-{
- g_return_if_fail (authdb != NULL);
- authdb->refcount--;
- if (authdb->refcount > 0)
- return;
- g_free (authdb);
-}
-
-void
-polkit_authorization_db_debug (PolKitAuthorizationDB *authdb)
-{
- g_return_if_fail (authdb != NULL);
- _pk_debug ("PolKitAuthorizationDB: refcount=%d", authdb->refcount);
-}
-
-polkit_bool_t
-polkit_authorization_db_validate (PolKitAuthorizationDB *authdb)
-{
- g_return_val_if_fail (authdb != NULL, FALSE);
-
- return TRUE;
-}
-
-void
-_polkit_authorization_db_invalidate_cache (PolKitAuthorizationDB *authdb)
-{
-}
-
-polkit_bool_t
-polkit_authorization_db_is_session_authorized (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitSession *session,
- polkit_bool_t *out_is_authorized)
-{
- *out_is_authorized = FALSE;
- return TRUE;
-}
-
-polkit_bool_t
-polkit_authorization_db_is_caller_authorized (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitCaller *caller,
- polkit_bool_t revoke_if_one_shot,
- polkit_bool_t *out_is_authorized)
-{
- *out_is_authorized = FALSE;
- return TRUE;
-}
-
-
-polkit_bool_t
-polkit_authorization_db_foreach (PolKitAuthorizationDB *authdb,
- PolKitAuthorizationDBForeach cb,
- void *user_data,
- PolKitError **error)
-{
- return FALSE;
-}
-
-polkit_bool_t
-polkit_authorization_db_foreach_for_uid (PolKitAuthorizationDB *authdb,
- uid_t uid,
- PolKitAuthorizationDBForeach cb,
- void *user_data,
- PolKitError **error)
-{
- return FALSE;
-}
-
-polkit_bool_t
-polkit_authorization_db_foreach_for_action (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitAuthorizationDBForeach cb,
- void *user_data,
- PolKitError **error)
-{
- return FALSE;
-}
-
-polkit_bool_t
-polkit_authorization_db_foreach_for_action_for_uid (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- uid_t uid,
- PolKitAuthorizationDBForeach cb,
- void *user_data,
- PolKitError **error)
-{
- return FALSE;
-}
-
-polkit_bool_t
-polkit_authorization_db_revoke_entry (PolKitAuthorizationDB *authdb,
- PolKitAuthorization *auth,
- PolKitError **error)
-{
- polkit_error_set_error (error, POLKIT_ERROR_NOT_SUPPORTED, "Not supported");
- return FALSE;
-}
-
-
diff --git a/polkit/polkit-authorization-db.c b/polkit/polkit-authorization-db.c
deleted file mode 100644
index edccfc6..0000000
--- a/polkit/polkit-authorization-db.c
+++ /dev/null
@@ -1,848 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-authorization-db.c : Represents the authorization database
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/wait.h>
-#include <errno.h>
-#include <string.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <pwd.h>
-
-#include <glib.h>
-
-#include "polkit-debug.h"
-#include "polkit-authorization-db.h"
-#include "polkit-utils.h"
-#include "polkit-private.h"
-
-/**
- * SECTION:polkit-authorization-db
- * @title: Authorization Database
- * @short_description: Reading from and writing to the database storing authorizations
- *
- * This class presents an abstraction of the authorization database as
- * well as methods for reading and writing to it.
- *
- * The reading parts are in <literal>libpolkit</literal> and the
- * writing parts are in <literal>libpolkit-grant</literal>.
- *
- * Since: 0.7
- **/
-
-/**
- * PolKitAuthorizationDB:
- *
- * Objects of this class are used to represent the authorization
- * database.
- *
- * Since: 0.7
- **/
-struct _PolKitAuthorizationDB;
-
-/* PolKitAuthorizationDB structure is defined in polkit/polkit-private.h */
-
-static void
-_free_authlist (GSList *authlist)
-{
- if (authlist != NULL) {
- g_slist_foreach (authlist, (GFunc) polkit_authorization_unref, NULL);
- g_slist_free (authlist);
- }
-}
-
-
-/**
- * polkit_authorization_db_get_capabilities:
- *
- * Determine what capabilities the authorization backend has.
- *
- * Returns: Flags from the #PolKitAuthorizationDBCapability enumeration
- *
- * Since: 0.7
- */
-PolKitAuthorizationDBCapability
-polkit_authorization_db_get_capabilities (void)
-{
- return POLKIT_AUTHORIZATION_DB_CAPABILITY_CAN_OBTAIN;
-}
-
-/**
- * _polkit_authorization_db_new:
- *
- * Create a new #PolKitAuthorizationDB object.
- *
- * Returns: the new object
- *
- * Since: 0.7
- **/
-PolKitAuthorizationDB *
-_polkit_authorization_db_new (void)
-{
- PolKitAuthorizationDB *authdb;
-
- authdb = g_new0 (PolKitAuthorizationDB, 1);
- authdb->refcount = 1;
-
- /* set up the hashtable */
- _polkit_authorization_db_invalidate_cache (authdb);
- return authdb;
-}
-
-void
-_polkit_authorization_db_pfe_foreach (PolKitPolicyCache *policy_cache,
- PolKitPolicyCacheForeachFunc callback,
- void *user_data)
-{
-}
-
-PolKitPolicyFileEntry*
-_polkit_authorization_db_pfe_get_by_id (PolKitPolicyCache *policy_cache,
- const char *action_id)
-{
- return NULL;
-}
-
-
-/**
- * polkit_authorization_db_ref:
- * @authdb: the object
- *
- * Increase reference count.
- *
- * Returns: the object
- *
- * Since: 0.7
- **/
-PolKitAuthorizationDB *
-polkit_authorization_db_ref (PolKitAuthorizationDB *authdb)
-{
- g_return_val_if_fail (authdb != NULL, authdb);
- authdb->refcount++;
- return authdb;
-}
-
-/**
- * polkit_authorization_db_unref:
- * @authdb: the object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- *
- * Since: 0.7
- **/
-void
-polkit_authorization_db_unref (PolKitAuthorizationDB *authdb)
-{
- g_return_if_fail (authdb != NULL);
- authdb->refcount--;
- if (authdb->refcount > 0)
- return;
- g_hash_table_destroy (authdb->uid_to_authlist);
- g_free (authdb);
-}
-
-/**
- * polkit_authorization_db_debug:
- * @authdb: the object
- *
- * Print debug details
- *
- * Since: 0.7
- **/
-void
-polkit_authorization_db_debug (PolKitAuthorizationDB *authdb)
-{
- g_return_if_fail (authdb != NULL);
- _pk_debug ("PolKitAuthorizationDB: refcount=%d", authdb->refcount);
-}
-
-/**
- * polkit_authorization_db_validate:
- * @authdb: the object
- *
- * Validate the object
- *
- * Returns: #TRUE iff the object is valid.
- *
- * Since: 0.7
- **/
-polkit_bool_t
-polkit_authorization_db_validate (PolKitAuthorizationDB *authdb)
-{
- g_return_val_if_fail (authdb != NULL, FALSE);
-
- return TRUE;
-}
-
-/**
- * _polkit_authorization_db_invalidate_cache:
- * @authdb: authorization database
- *
- * Tell the authorization database to invalidate any caches it might
- * employ. This is called by #PolKitContext whenever configuration or
- * anything else changes.
- *
- * Since: 0.7
- */
-void
-_polkit_authorization_db_invalidate_cache (PolKitAuthorizationDB *authdb)
-{
- /* out with the old, in the with new */
- if (authdb->uid_to_authlist != NULL) {
- g_hash_table_destroy (authdb->uid_to_authlist);
- }
- authdb->uid_to_authlist = g_hash_table_new_full (g_direct_hash,
- g_direct_equal,
- NULL,
- (GDestroyNotify) _free_authlist);
-}
-
-/**
- * _authdb_get_auths_for_uid:
- * @authdb: authorization database
- * @uid: uid to get authorizations for. If -1 is passed authorizations
- * for all users will be returned.
- * @error: return location for error
- *
- * Internal function to get authorizations for a uid.
- *
- * Returns: A singly-linked list of #PolKitAuthorization
- * objects. Caller shall not free this list. Returns #NULL if either
- * calling process is not sufficiently privileged (error will be set)
- * or if there are no authorizations for the given uid.
- *
- * Since: 0.7
- */
-static GSList *
-_authdb_get_auths_for_uid (PolKitAuthorizationDB *authdb,
- uid_t uid,
- PolKitError **error)
-{
- GSList *ret;
- char *helper_argv[] = {PACKAGE_LIBEXEC_DIR "/polkit-read-auth-helper", NULL, NULL};
- gint exit_status;
- GError *g_error;
- char *standard_output;
- size_t len;
- off_t n;
-
- ret = NULL;
- standard_output = NULL;
-
- /* first, see if this is in the cache */
- ret = g_hash_table_lookup (authdb->uid_to_authlist, (gpointer) uid);
- if (ret != NULL)
- goto out;
-
- helper_argv[1] = g_strdup_printf ("%d", uid);
-
- /* we need to do this through a setgid polkituser helper
- * because the auth file is readable only for uid 0 and gid
- * polkituser.
- */
- g_error = NULL;
- if (!g_spawn_sync (NULL, /* const gchar *working_directory */
- helper_argv, /* gchar **argv */
- NULL, /* gchar **envp */
- 0, /* GSpawnFlags flags */
- NULL, /* GSpawnChildSetupFunc child_setup */
- NULL, /* gpointer user_data */
- &standard_output, /* gchar **standard_output */
- NULL, /* gchar **standard_error */
- &exit_status, /* gint *exit_status */
- &g_error)) { /* GError **error */
- polkit_error_set_error (error,
- POLKIT_ERROR_GENERAL_ERROR,
- "Error spawning read auth helper: %s",
- g_error->message);
- g_error_free (g_error);
- goto out;
- }
-
- if (!WIFEXITED (exit_status)) {
- g_warning ("Read auth helper crashed!");
- polkit_error_set_error (error,
- POLKIT_ERROR_GENERAL_ERROR,
- "Read auth helper crashed!");
- goto out;
- } else if (WEXITSTATUS(exit_status) != 0) {
- polkit_error_set_error (error,
- POLKIT_ERROR_NOT_AUTHORIZED_TO_READ_AUTHORIZATIONS_FOR_OTHER_USERS,
- uid > 0 ?
- "uid %d is not authorized to read authorizations for uid %d (requires org.freedesktop.policykit.read)" :
- "uid %d is not authorized to read all authorizations (requires org.freedesktop.policykit.read)",
- getuid (), uid);
- goto out;
- }
-
- len = strlen (standard_output);
-
- /* parse one line at a time (modifies standard_output in place) */
- n = 0;
- while (n < len) {
- off_t m;
- char *line;
- PolKitAuthorization *auth;
-
- m = n;
- while (m < len && standard_output[m] != '\0') {
- if (standard_output[m] == '\n')
- break;
- m++;
- }
- /* check EOF */
- if (standard_output[m] == '\0')
- break;
- standard_output[m] = '\0';
-
- line = standard_output + n;
-
- if (strlen (line) >= 2 && strncmp (line, "#uid=", 5) == 0) {
- uid = (uid_t) atoi (line + 5);
- }
-
- if (strlen (line) >= 2 && line[0] != '#') {
- auth = _polkit_authorization_new_for_uid (line, uid);
-
- if (auth != NULL) {
- ret = g_slist_prepend (ret, auth);
- }
- }
-
- n = m + 1;
- }
-
- g_hash_table_insert (authdb->uid_to_authlist, (gpointer) uid, ret);
-
-out:
- g_free (helper_argv[1]);
- g_free (standard_output);
- return ret;
-}
-
-
-static polkit_bool_t
-_internal_foreach (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- uid_t uid,
- PolKitAuthorizationDBForeach cb,
- void *user_data,
- PolKitError **error)
-{
- GSList *l;
- GSList *auths;
- polkit_bool_t ret;
- char *action_id;
-
- g_return_val_if_fail (authdb != NULL, FALSE);
- g_return_val_if_fail (cb != NULL, FALSE);
-
- ret = FALSE;
-
- if (action == NULL) {
- action_id = NULL;
- } else {
- if (!polkit_action_get_action_id (action, &action_id))
- goto out;
- }
-
- auths = _authdb_get_auths_for_uid (authdb, uid, error);
- if (auths == NULL)
- goto out;
-
- for (l = auths; l != NULL; l = l->next) {
- PolKitAuthorization *auth = l->data;
-
- if (action_id != NULL) {
- if (strcmp (polkit_authorization_get_action_id (auth), action_id) != 0) {
- continue;
- }
- }
-
- if (cb (authdb, auth, user_data)) {
- ret = TRUE;
- goto out;
- }
- }
-
-out:
- return ret;
-}
-
-
-/**
- * polkit_authorization_db_foreach:
- * @authdb: authorization database
- * @cb: callback
- * @user_data: user data to pass to callback
- * @error: return location for error
- *
- * Iterate over all entries in the authorization database.
- *
- * Note that unless the calling process has the authorization
- * org.freedesktop.policykit.read this function may return an error.
- *
- * Returns: #TRUE if the callback returned #TRUE to stop iterating. If
- * #FALSE, either error may be set or the callback returns #FALSE on
- * every invocation.
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_authorization_db_foreach (PolKitAuthorizationDB *authdb,
- PolKitAuthorizationDBForeach cb,
- void *user_data,
- PolKitError **error)
-{
- return _internal_foreach (authdb, NULL, -1, cb, user_data, error);
-}
-
-/**
- * polkit_authorization_db_foreach_for_uid:
- * @authdb: authorization database
- * @uid: user to get authorizations for
- * @cb: callback
- * @user_data: user data to pass to callback
- * @error: return location for error
- *
- * Iterate over all entries in the authorization database for a given
- * user.
- *
- * Note that if the calling process asks for authorizations for a
- * different uid than itself and it lacks the authorization
- * org.freedesktop.policykit.read this function may return an error.
- *
- * Returns: #TRUE if the callback returned #TRUE to stop iterating. If
- * #FALSE, either error may be set or the callback returns #FALSE on
- * every invocation.
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_authorization_db_foreach_for_uid (PolKitAuthorizationDB *authdb,
- uid_t uid,
- PolKitAuthorizationDBForeach cb,
- void *user_data,
- PolKitError **error)
-{
- return _internal_foreach (authdb, NULL, uid, cb, user_data, error);
-}
-
-/**
- * polkit_authorization_db_foreach_for_action:
- * @authdb: authorization database
- * @action: action to get authorizations for
- * @cb: callback
- * @user_data: user data to pass to callback
- * @error: return location for error
- *
- * Iterate over all entries in the authorization database for a given
- * action.
- *
- * Note that unless the calling process has the authorization
- * org.freedesktop.policykit.read this function may return an error.
- *
- * Returns: #TRUE if the callback returned #TRUE to stop iterating. If
- * #FALSE, either error may be set or the callback returns #FALSE on
- * every invocation.
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_authorization_db_foreach_for_action (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitAuthorizationDBForeach cb,
- void *user_data,
- PolKitError **error)
-{
- g_return_val_if_fail (action != NULL, FALSE);
- return _internal_foreach (authdb, action, -1, cb, user_data, error);
-}
-
-/**
- * polkit_authorization_db_foreach_for_action_for_uid:
- * @authdb: authorization database
- * @action: action to get authorizations for
- * @uid: user to get authorizations for
- * @cb: callback
- * @user_data: user data to pass to callback
- * @error: return location for error
- *
- * Iterate over all entries in the authorization database for a given
- * action and user.
- *
- * Note that if the calling process asks for authorizations for a
- * different uid than itself and it lacks the authorization
- * org.freedesktop.policykit.read this function may return an error.
- *
- * Returns: #TRUE if the callback returned #TRUE to stop iterating. If
- * #FALSE, either error may be set or the callback returns #FALSE on
- * every invocation.
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_authorization_db_foreach_for_action_for_uid (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- uid_t uid,
- PolKitAuthorizationDBForeach cb,
- void *user_data,
- PolKitError **error)
-{
- g_return_val_if_fail (action != NULL, FALSE);
- return _internal_foreach (authdb, action, uid, cb, user_data, error);
-}
-
-
-typedef struct {
- char *action_id;
- uid_t session_uid;
- char *session_objpath;
- PolKitSession *session;
-} CheckDataSession;
-
-static polkit_bool_t
-_check_auth_for_session (PolKitAuthorizationDB *authdb, PolKitAuthorization *auth, void *user_data)
-{
- gboolean ret;
- CheckDataSession *cd = (CheckDataSession *) user_data;
- PolKitAuthorizationConstraint *constraint;
-
- ret = FALSE;
-
- if (strcmp (polkit_authorization_get_action_id (auth), cd->action_id) != 0)
- goto no_match;
-
- constraint = polkit_authorization_get_constraint (auth);
- if (!polkit_authorization_constraint_check_session (constraint, cd->session))
- goto no_match;
-
- switch (polkit_authorization_get_scope (auth))
- {
- case POLKIT_AUTHORIZATION_SCOPE_PROCESS_ONE_SHOT:
- case POLKIT_AUTHORIZATION_SCOPE_PROCESS:
- goto no_match;
-
- case POLKIT_AUTHORIZATION_SCOPE_SESSION:
- if (strcmp (polkit_authorization_scope_session_get_ck_objref (auth), cd->session_objpath) != 0)
- goto no_match;
- break;
-
- case POLKIT_AUTHORIZATION_SCOPE_ALWAYS:
- break;
- }
-
- ret = TRUE;
-
-no_match:
- return ret;
-}
-
-/**
- * polkit_authorization_db_is_session_authorized:
- * @authdb: the authorization database
- * @action: the action to check for
- * @session: the session to check for
- * @out_is_authorized: return location
- *
- * Looks in the authorization database and determine if processes from
- * the given session are authorized to do the given specific action.
- *
- * Returns: #TRUE if the look up was performed; #FALSE if the caller
- * of this function lacks privileges to ask this question (e.g. asking
- * about a user that is not himself).
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_authorization_db_is_session_authorized (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitSession *session,
- polkit_bool_t *out_is_authorized)
-{
- polkit_bool_t ret;
- CheckDataSession cd;
-
- ret = FALSE;
-
- g_return_val_if_fail (authdb != NULL, FALSE);
- g_return_val_if_fail (action != NULL, FALSE);
- g_return_val_if_fail (session != NULL, FALSE);
- g_return_val_if_fail (out_is_authorized != NULL, FALSE);
-
- if (!polkit_action_get_action_id (action, &cd.action_id))
- return FALSE;
-
- if (!polkit_session_get_uid (session, &cd.session_uid))
- return FALSE;
-
- cd.session = session;
-
- if (!polkit_session_get_ck_objref (session, &cd.session_objpath) || cd.session_objpath == NULL)
- return FALSE;
-
- ret = TRUE;
-
- *out_is_authorized = FALSE;
- if (polkit_authorization_db_foreach_for_uid (authdb,
- cd.session_uid,
- _check_auth_for_session,
- &cd,
- NULL)) {
- *out_is_authorized = TRUE;
- }
-
- return ret;
-}
-
-typedef struct {
- char *action_id;
- uid_t caller_uid;
- pid_t caller_pid;
- polkit_uint64_t caller_pid_start_time;
- char *session_objpath;
- PolKitCaller *caller;
- polkit_bool_t revoke_if_one_shot;
-} CheckData;
-
-static polkit_bool_t
-_check_auth_for_caller (PolKitAuthorizationDB *authdb, PolKitAuthorization *auth, void *user_data)
-{
-
- gboolean ret;
- pid_t caller_pid;
- polkit_uint64_t caller_pid_start_time;
- CheckData *cd = (CheckData *) user_data;
- PolKitAuthorizationConstraint *constraint;
- PolKitError *error;
-
- ret = FALSE;
-
- if (strcmp (polkit_authorization_get_action_id (auth), cd->action_id) != 0)
- goto no_match;
-
- constraint = polkit_authorization_get_constraint (auth);
- if (!polkit_authorization_constraint_check_caller (constraint, cd->caller))
- goto no_match;
-
- switch (polkit_authorization_get_scope (auth))
- {
- case POLKIT_AUTHORIZATION_SCOPE_PROCESS_ONE_SHOT:
- case POLKIT_AUTHORIZATION_SCOPE_PROCESS:
- if (!polkit_authorization_scope_process_get_pid (auth, &caller_pid, &caller_pid_start_time))
- goto no_match;
- if (!(caller_pid == cd->caller_pid && caller_pid_start_time == cd->caller_pid_start_time))
- goto no_match;
-
- if (polkit_authorization_get_scope (auth) == POLKIT_AUTHORIZATION_SCOPE_PROCESS_ONE_SHOT) {
-
- /* it's a match already; revoke if asked to do so */
- if (cd->revoke_if_one_shot) {
- error = NULL;
- if (!polkit_authorization_db_revoke_entry (authdb, auth, &error)) {
- g_warning ("Cannot revoke one-shot auth: %s: %s",
- polkit_error_get_error_name (error),
- polkit_error_get_error_message (error));
- polkit_error_free (error);
- }
- }
- }
- break;
-
- case POLKIT_AUTHORIZATION_SCOPE_SESSION:
- if (cd->session_objpath == NULL)
- goto no_match;
- if (strcmp (polkit_authorization_scope_session_get_ck_objref (auth), cd->session_objpath) != 0)
- goto no_match;
- break;
-
- case POLKIT_AUTHORIZATION_SCOPE_ALWAYS:
- break;
- }
-
- ret = TRUE;
-
-
-no_match:
- return ret;
-}
-
-/**
- * polkit_authorization_db_is_caller_authorized:
- * @authdb: the authorization database
- * @action: the action to check for
- * @caller: the caller to check for
- * @revoke_if_one_shot: Whether to revoke one-shot authorizations. See
- * discussion in polkit_context_is_caller_authorized() for details.
- * @out_is_authorized: return location
- *
- * Looks in the authorization database if the given caller is
- * authorized to do the given action.
- *
- * Returns: #TRUE if the look up was performed; #FALSE if the caller
- * of this function lacks privileges to ask this question (e.g. asking
- * about a user that is not himself).
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_authorization_db_is_caller_authorized (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitCaller *caller,
- polkit_bool_t revoke_if_one_shot,
- polkit_bool_t *out_is_authorized)
-{
- PolKitSession *session;
- polkit_bool_t ret;
- CheckData cd;
-
- ret = FALSE;
-
- g_return_val_if_fail (authdb != NULL, FALSE);
- g_return_val_if_fail (action != NULL, FALSE);
- g_return_val_if_fail (caller != NULL, FALSE);
- g_return_val_if_fail (out_is_authorized != NULL, FALSE);
-
- if (!polkit_action_get_action_id (action, &cd.action_id))
- return FALSE;
-
- if (!polkit_caller_get_pid (caller, &cd.caller_pid))
- return FALSE;
-
- if (!polkit_caller_get_uid (caller, &cd.caller_uid))
- return FALSE;
-
- cd.caller = caller;
- cd.revoke_if_one_shot = revoke_if_one_shot;
-
- cd.caller_pid_start_time = polkit_sysdeps_get_start_time_for_pid (cd.caller_pid);
- if (cd.caller_pid_start_time == 0)
- return FALSE;
-
- /* Caller does not _have_ to be member of a session */
- cd.session_objpath = NULL;
- if (polkit_caller_get_ck_session (caller, &session) && session != NULL) {
- if (!polkit_session_get_ck_objref (session, &cd.session_objpath))
- cd.session_objpath = NULL;
- }
-
- ret = TRUE;
-
- *out_is_authorized = FALSE;
- if (polkit_authorization_db_foreach_for_uid (authdb,
- cd.caller_uid,
- _check_auth_for_caller,
- &cd,
- NULL)) {
- *out_is_authorized = TRUE;
- }
-
- return ret;
-}
-
-/**
- * polkit_authorization_db_revoke_entry:
- * @authdb: the authorization database
- * @auth: the authorization to revoke
- * @error: return location for error
- *
- * Removes an authorization from the authorization database. This uses
- * a privileged helper /usr/libexec/polkit-revoke-helper.
- *
- * Returns: #TRUE if the authorization was revoked, #FALSE otherwise and error is set
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_authorization_db_revoke_entry (PolKitAuthorizationDB *authdb,
- PolKitAuthorization *auth,
- PolKitError **error)
-{
- GError *g_error;
- char *helper_argv[] = {PACKAGE_LIBEXEC_DIR "/polkit-revoke-helper", "", NULL, NULL, NULL};
- const char *auth_file_entry;
- gboolean ret;
- gint exit_status;
-
- ret = FALSE;
-
- g_return_val_if_fail (authdb != NULL, FALSE);
- g_return_val_if_fail (auth != NULL, FALSE);
-
- auth_file_entry = _polkit_authorization_get_authfile_entry (auth);
- //g_debug ("should delete line '%s'", auth_file_entry);
-
- helper_argv[1] = (char *) auth_file_entry;
- helper_argv[2] = "uid";
- helper_argv[3] = g_strdup_printf ("%d", polkit_authorization_get_uid (auth));
-
- g_error = NULL;
- if (!g_spawn_sync (NULL, /* const gchar *working_directory */
- helper_argv, /* gchar **argv */
- NULL, /* gchar **envp */
- 0, /* GSpawnFlags flags */
- NULL, /* GSpawnChildSetupFunc child_setup */
- NULL, /* gpointer user_data */
- NULL, /* gchar **standard_output */
- NULL, /* gchar **standard_error */
- &exit_status, /* gint *exit_status */
- &g_error)) { /* GError **error */
- polkit_error_set_error (error,
- POLKIT_ERROR_GENERAL_ERROR,
- "Error spawning revoke helper: %s",
- g_error->message);
- g_error_free (g_error);
- goto out;
- }
-
- if (!WIFEXITED (exit_status)) {
- g_warning ("Revoke helper crashed!");
- polkit_error_set_error (error,
- POLKIT_ERROR_GENERAL_ERROR,
- "Revoke helper crashed!");
- goto out;
- } else if (WEXITSTATUS(exit_status) != 0) {
- polkit_error_set_error (error,
- POLKIT_ERROR_NOT_AUTHORIZED_TO_REVOKE_AUTHORIZATIONS_FROM_OTHER_USERS,
- "uid %d is not authorized to revoke authorizations from uid %d (requires org.freedesktop.policykit.revoke)",
- getuid (), polkit_authorization_get_uid (auth));
- } else {
- ret = TRUE;
- }
-
-out:
- g_free (helper_argv[3]);
- return ret;
-}
diff --git a/polkit/polkit-authorization-db.h b/polkit/polkit-authorization-db.h
deleted file mode 100644
index 8089bd4..0000000
--- a/polkit/polkit-authorization-db.h
+++ /dev/null
@@ -1,156 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-authorization-db.h : Represents the authorization database
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_AUTHORIZATION_DB_H
-#define POLKIT_AUTHORIZATION_DB_H
-
-#include <polkit/polkit-types.h>
-#include <polkit/polkit-authorization.h>
-#include <polkit/polkit-action.h>
-#include <polkit/polkit-result.h>
-#include <polkit/polkit-caller.h>
-#include <polkit/polkit-session.h>
-#include <polkit/polkit-error.h>
-
-POLKIT_BEGIN_DECLS
-
-struct _PolKitAuthorizationDB;
-typedef struct _PolKitAuthorizationDB PolKitAuthorizationDB;
-
-/**
- * PolKitAuthorizationDBCapability:
- * @POLKIT_AUTHORIZATION_DB_CAPABILITY_CAN_OBTAIN: Users can obtain
- * authorizations through authentication
- *
- * Capabilities of the authorization database backend.
- *
- * Since: 0.7
- */
-typedef enum
-{
- POLKIT_AUTHORIZATION_DB_CAPABILITY_CAN_OBTAIN = 1 << 0
-} PolKitAuthorizationDBCapability;
-
-PolKitAuthorizationDBCapability polkit_authorization_db_get_capabilities (void);
-
-PolKitAuthorizationDB *polkit_authorization_db_ref (PolKitAuthorizationDB *authdb);
-void polkit_authorization_db_unref (PolKitAuthorizationDB *authdb);
-
-void polkit_authorization_db_debug (PolKitAuthorizationDB *authdb);
-polkit_bool_t polkit_authorization_db_validate (PolKitAuthorizationDB *authdb);
-
-polkit_bool_t polkit_authorization_db_is_session_authorized (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitSession *session,
- polkit_bool_t *out_is_authorized);
-
-polkit_bool_t polkit_authorization_db_is_caller_authorized (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitCaller *caller,
- polkit_bool_t revoke_if_one_shot,
- polkit_bool_t *out_is_authorized);
-
-/**
- * PolKitAuthorizationDBForeach:
- * @authdb: authorization database
- * @auth: authorization; user shall not unref this object. Unless
- * reffed by the user it will be destroyed when the callback function
- * returns.
- * @user_data: user data passed
- *
- * Type of callback function for iterating over authorizations.
- *
- * Returns: pass #TRUE to stop iterating
- *
- * Since: 0.7
- */
-typedef polkit_bool_t (*PolKitAuthorizationDBForeach) (PolKitAuthorizationDB *authdb,
- PolKitAuthorization *auth,
- void *user_data);
-
-polkit_bool_t polkit_authorization_db_foreach (PolKitAuthorizationDB *authdb,
- PolKitAuthorizationDBForeach cb,
- void *user_data,
- PolKitError **error);
-
-polkit_bool_t polkit_authorization_db_foreach_for_uid (PolKitAuthorizationDB *authdb,
- uid_t uid,
- PolKitAuthorizationDBForeach cb,
- void *user_data,
- PolKitError **error);
-
-polkit_bool_t polkit_authorization_db_foreach_for_action (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitAuthorizationDBForeach cb,
- void *user_data,
- PolKitError **error);
-
-polkit_bool_t polkit_authorization_db_foreach_for_action_for_uid (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- uid_t uid,
- PolKitAuthorizationDBForeach cb,
- void *user_data,
- PolKitError **error);
-
-polkit_bool_t polkit_authorization_db_add_entry_process_one_shot (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitCaller *caller,
- uid_t user_authenticated_as);
-
-polkit_bool_t polkit_authorization_db_add_entry_process (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitCaller *caller,
- uid_t user_authenticated_as);
-
-polkit_bool_t polkit_authorization_db_add_entry_session (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitCaller *caller,
- uid_t user_authenticated_as);
-
-polkit_bool_t polkit_authorization_db_add_entry_always (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- PolKitCaller *caller,
- uid_t user_authenticated_as);
-
-polkit_bool_t polkit_authorization_db_grant_to_uid (PolKitAuthorizationDB *authdb,
- PolKitAction *action,
- uid_t uid,
- PolKitAuthorizationConstraint *constraint,
- PolKitError **error);
-
-polkit_bool_t polkit_authorization_db_revoke_entry (PolKitAuthorizationDB *authdb,
- PolKitAuthorization *auth,
- PolKitError **error);
-
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_AUTHORIZATION_DB_H */
-
-
diff --git a/polkit/polkit-authorization.c b/polkit/polkit-authorization.c
deleted file mode 100644
index 660183a..0000000
--- a/polkit/polkit-authorization.c
+++ /dev/null
@@ -1,567 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-authorization.c : Represents an entry in the authorization
- * database
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <glib.h>
-#include "polkit-debug.h"
-#include "polkit-authorization.h"
-#include "polkit-utils.h"
-#include "polkit-private.h"
-
-/**
- * SECTION:polkit-authorization
- * @title: Authorization Entry
- * @short_description: An entry in the autothorization database
- *
- * This class is used to represent entries in the authorization
- * database.
- *
- * Since: 0.7
- **/
-
-/**
- * PolKitAuthorization:
- *
- * Objects of this class are used to represent entries in the
- * authorization database.
- *
- * Since: 0.7
- **/
-struct _PolKitAuthorization
-{
- int refcount;
-
- char *entry_in_auth_file;
-
- PolKitAuthorizationScope scope;
- PolKitAuthorizationConstraint *constraint;
-
- char *action_id;
- uid_t uid;
- time_t when;
- uid_t authenticated_as_uid;
-
- pid_t pid;
- polkit_uint64_t pid_start_time;
-
- polkit_bool_t explicitly_granted;
- uid_t explicitly_granted_by;
-
- char *session_id;
-};
-
-const char *
-_polkit_authorization_get_authfile_entry (PolKitAuthorization *auth)
-{
- g_return_val_if_fail (auth != NULL, NULL);
- return auth->entry_in_auth_file;
-}
-
-#ifdef POLKIT_AUTHDB_DEFAULT
-
-PolKitAuthorization *
-_polkit_authorization_new_for_uid (const char *entry_in_auth_file, uid_t uid)
-{
- char **t;
- guint num_t;
- char *ep;
- PolKitAuthorization *auth;
- int n;
-
- g_return_val_if_fail (entry_in_auth_file != NULL, NULL);
-
- auth = g_new0 (PolKitAuthorization, 1);
- auth->refcount = 1;
- auth->entry_in_auth_file = g_strdup (entry_in_auth_file);
- auth->uid = uid;
-
- t = g_strsplit (entry_in_auth_file, ":", 0);
- num_t = g_strv_length (t);
-
-/*
- * pid:
- * grant_line = g_strdup_printf ("process:%d:%Lu:%s:%Lu:%d:%s\n",
- * caller_pid,
- * pid_start_time,
- * action_id,
- * (polkit_uint64_t) now.tv_sec,
- * user_authenticated_as,
- * cbuf);
- */
- n = 1;
-
- if (strcmp (t[0], "process") == 0 ||
- strcmp (t[0], "process-one-shot") == 0) {
- if (num_t != 7)
- goto error;
-
- if (strcmp (t[0], "process") == 0)
- auth->scope = POLKIT_AUTHORIZATION_SCOPE_PROCESS;
- else
- auth->scope = POLKIT_AUTHORIZATION_SCOPE_PROCESS_ONE_SHOT;
-
- auth->pid = strtoul (t[n++], &ep, 10);
- if (*ep != '\0')
- goto error;
-
- auth->pid_start_time = strtoull (t[n++], &ep, 10);
- if (*ep != '\0')
- goto error;
-
- if (!polkit_action_validate_id (t[n]))
- goto error;
- auth->action_id = g_strdup (t[n++]);
-
- auth->when = strtoull (t[n++], &ep, 10);
- if (*ep != '\0')
- goto error;
-
- auth->authenticated_as_uid = strtoul (t[n++], &ep, 10);
- if (*ep != '\0')
- goto error;
-
- auth->constraint = polkit_authorization_constraint_from_string (t[n++]);
- if (auth->constraint == NULL)
- goto error;
- }
-/*
- * grant_line = g_strdup_printf ("session:%s:%s:%Lu:%s:%d:%s\n",
- * session_objpath,
- * action_id,
- * (polkit_uint64_t) now.tv_sec,
- * user_authenticated_as,
- * cbuf);
- */
- else if (strcmp (t[0], "session") == 0) {
- if (num_t != 6)
- goto error;
-
- auth->scope = POLKIT_AUTHORIZATION_SCOPE_SESSION;
-
- auth->session_id = g_strdup (t[n++]);
-
- if (!polkit_action_validate_id (t[n]))
- goto error;
- auth->action_id = g_strdup (t[n++]);
-
- auth->when = strtoull (t[n++], &ep, 10);
- if (*ep != '\0')
- goto error;
-
- auth->authenticated_as_uid = strtoul (t[n++], &ep, 10);
- if (*ep != '\0')
- goto error;
-
- auth->constraint = polkit_authorization_constraint_from_string (t[n++]);
- if (auth->constraint == NULL)
- goto error;
- }
-
-/*
- * always:
- * grant_line = g_strdup_printf ("always:%s:%Lu:%s:%d:%s\n",
- * action_id,
- * (polkit_uint64_t) now.tv_sec,
- * user_authenticated_as,
- * cbuf);
- *
- */
- else if (strcmp (t[0], "always") == 0) {
- if (num_t != 5)
- goto error;
-
- auth->scope = POLKIT_AUTHORIZATION_SCOPE_ALWAYS;
-
- if (!polkit_action_validate_id (t[n]))
- goto error;
- auth->action_id = g_strdup (t[n++]);
-
- auth->when = strtoull (t[n++], &ep, 10);
- if (*ep != '\0')
- goto error;
-
- auth->authenticated_as_uid = strtoul (t[n++], &ep, 10);
- if (*ep != '\0')
- goto error;
-
- auth->constraint = polkit_authorization_constraint_from_string (t[n++]);
- if (auth->constraint == NULL)
- goto error;
- }
-/*
- * grant:
- * "grant:%d:%s:%Lu:%d:%s\n",
- * action_id,
- * (polkit_uint64_t) now.tv_sec,
- * invoking_uid,
- * authc_str) >= (int) sizeof (grant_line)) {
- *
- */
- else if (strcmp (t[0], "grant") == 0) {
-
- if (num_t != 5)
- goto error;
-
- auth->scope = POLKIT_AUTHORIZATION_SCOPE_ALWAYS;
- auth->explicitly_granted = TRUE;
-
- if (!polkit_action_validate_id (t[n]))
- goto error;
- auth->action_id = g_strdup (t[n++]);
-
- auth->when = strtoull (t[n++], &ep, 10);
- if (*ep != '\0')
- goto error;
-
- auth->explicitly_granted_by = strtoul (t[n++], &ep, 10);
- if (*ep != '\0')
- goto error;
-
- auth->constraint = polkit_authorization_constraint_from_string (t[n++]);
- if (auth->constraint == NULL)
- goto error;
-
- } else {
- goto error;
- }
-
- g_strfreev (t);
- return auth;
-
-error:
- g_warning ("Error parsing token %d from line '%s'", n, entry_in_auth_file);
- polkit_authorization_unref (auth);
- g_strfreev (t);
- return NULL;
-}
-
-#endif /* POLKIT_AUTHDB_DEFAULT */
-
-/**
- * polkit_authorization_ref:
- * @auth: the authorization object
- *
- * Increase reference count.
- *
- * Returns: the object
- *
- * Since: 0.7
- **/
-PolKitAuthorization *
-polkit_authorization_ref (PolKitAuthorization *auth)
-{
- g_return_val_if_fail (auth != NULL, auth);
- auth->refcount++;
- return auth;
-}
-
-/**
- * polkit_authorization_unref:
- * @auth: the authorization object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- *
- * Since: 0.7
- **/
-void
-polkit_authorization_unref (PolKitAuthorization *auth)
-{
- g_return_if_fail (auth != NULL);
- auth->refcount--;
- if (auth->refcount > 0)
- return;
-
- g_free (auth->entry_in_auth_file);
- g_free (auth->action_id);
- g_free (auth->session_id);
- if (auth->constraint != NULL)
- polkit_authorization_constraint_unref (auth->constraint);
- g_free (auth);
-}
-
-/**
- * polkit_authorization_debug:
- * @auth: the object
- *
- * Print debug details
- *
- * Since: 0.7
- **/
-void
-polkit_authorization_debug (PolKitAuthorization *auth)
-{
- g_return_if_fail (auth != NULL);
- _pk_debug ("PolKitAuthorization: refcount=%d", auth->refcount);
- _pk_debug (" scope = %d", auth->scope);
- _pk_debug (" pid = %d", auth->pid);
- _pk_debug (" pid_start_time = %Lu", auth->pid_start_time);
- _pk_debug (" action_id = %s", auth->action_id);
- _pk_debug (" when = %Lu", (polkit_uint64_t) auth->when);
- _pk_debug (" auth_as_uid = %d", auth->authenticated_as_uid);
-}
-
-/**
- * polkit_authorization_validate:
- * @auth: the object
- *
- * Validate the object
- *
- * Returns: #TRUE iff the object is valid.
- *
- * Since: 0.7
- **/
-polkit_bool_t
-polkit_authorization_validate (PolKitAuthorization *auth)
-{
- g_return_val_if_fail (auth != NULL, FALSE);
-
- return TRUE;
-}
-
-/**
- * polkit_authorization_get_action_id:
- * @auth: the object
- *
- * Get the action this authorization is for
- *
- * Returns: the action id. Caller should not free this string.
- *
- * Since: 0.7
- */
-const char *
-polkit_authorization_get_action_id (PolKitAuthorization *auth)
-{
- g_return_val_if_fail (auth != NULL, NULL);
-
- return auth->action_id;
-}
-
-/**
- * polkit_authorization_get_scope:
- * @auth: the object
- *
- * Get the scope of the authorization; e.g. whether it's confined to a
- * single process, a single session or can be retained
- * indefinitely. Also keep in mind that an authorization is subject to
- * constraints, see polkit_authorization_get_constraint() for details.
- *
- * Returns: the scope
- *
- * Since: 0.7
- */
-PolKitAuthorizationScope
-polkit_authorization_get_scope (PolKitAuthorization *auth)
-{
- g_return_val_if_fail (auth != NULL, 0);
-
- return auth->scope;
-}
-
-/**
- * polkit_authorization_scope_process_get_pid:
- * @auth: the object
- * @out_pid: return location
- * @out_pid_start_time: return location
- *
- * If scope is #POLKIT_AUTHORIZATION_SCOPE_PROCESS_ONE_SHOT or
- * #POLKIT_AUTHORIZATION_SCOPE_PROCESS, get information about what
- * process the authorization is confined to.
- *
- * As process identifiers can be recycled, the start time of the
- * process (the unit is not well-defined; on Linux it's the number of
- * milliseconds since the system was started) is also returned.
- *
- * Returns: #TRUE if information was returned
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_authorization_scope_process_get_pid (PolKitAuthorization *auth,
- pid_t *out_pid,
- polkit_uint64_t *out_pid_start_time)
-{
- g_return_val_if_fail (auth != NULL, FALSE);
- g_return_val_if_fail (out_pid != NULL, FALSE);
- g_return_val_if_fail (out_pid_start_time != NULL, FALSE);
- g_return_val_if_fail (auth->scope == POLKIT_AUTHORIZATION_SCOPE_PROCESS ||
- auth->scope == POLKIT_AUTHORIZATION_SCOPE_PROCESS_ONE_SHOT, FALSE);
-
- *out_pid = auth->pid;
- *out_pid_start_time = auth->pid_start_time;
-
- return TRUE;
-}
-
-/**
- * polkit_authorization_scope_session_get_ck_objref:
- * @auth: the object
- *
- * Gets the ConsoleKit object path for the session the authorization
- * is confined to.
- *
- * Returns: #NULL if scope wasn't session
- *
- * Since: 0.7
- */
-const char *
-polkit_authorization_scope_session_get_ck_objref (PolKitAuthorization *auth)
-{
- g_return_val_if_fail (auth != NULL, FALSE);
- g_return_val_if_fail (auth->scope == POLKIT_AUTHORIZATION_SCOPE_SESSION, FALSE);
-
- return auth->session_id;
-}
-
-/**
- * polkit_authorization_get_uid:
- * @auth: the object
- *
- * Gets the UNIX user id for the user the authorization is confined
- * to.
- *
- * Returns: The UNIX user id for whom the authorization is confied to
- *
- * Since: 0.7
- */
-uid_t
-polkit_authorization_get_uid (PolKitAuthorization *auth)
-{
- g_return_val_if_fail (auth != NULL, 0);
- return auth->uid;
-}
-
-/**
- * polkit_authorization_get_time_of_grant:
- * @auth: the object
- *
- * Returns the point in time the authorization was granted. The value
- * is UNIX time, e.g. number of seconds since the Epoch Jan 1, 1970
- * 0:00 UTC.
- *
- * Returns: When authorization was granted
- *
- * Since: 0.7
- */
-time_t
-polkit_authorization_get_time_of_grant (PolKitAuthorization *auth)
-{
- g_return_val_if_fail (auth != NULL, 0);
- return auth->when;
-}
-
-/**
- * polkit_authorization_was_granted_via_defaults:
- * @auth: the object
- * @out_user_authenticated_as: return location
- *
- * Determine if the authorization was obtained by the user by
- * authenticating as himself or an administrator via the the
- * "defaults" section in the <literal>.policy</literal> file for the
- * action (e.g. "allow_any", "allow_inactive", "allow_active").
- *
- * Compare with polkit_authorization_was_granted_explicitly() - only
- * one of these functions can return #TRUE.
- *
- * Returns: #TRUE if the authorization was obtained by the user
- * himself authenticating.
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_authorization_was_granted_via_defaults (PolKitAuthorization *auth,
- uid_t *out_user_authenticated_as)
-{
- g_return_val_if_fail (auth != NULL, FALSE);
- g_return_val_if_fail (out_user_authenticated_as != NULL, FALSE);
-
- if (auth->explicitly_granted)
- return FALSE;
-
- *out_user_authenticated_as = auth->authenticated_as_uid;
- return TRUE;
-}
-
-/**
- * polkit_authorization_was_granted_explicitly:
- * @auth: the object
- * @out_by_whom: return location
- *
- * Determine if the authorization was explicitly granted by a
- * sufficiently privileged user.
- *
- * Compare with polkit_authorization_was_granted_via_defaults() - only
- * one of these functions can return #TRUE.
- *
- * Returns: #TRUE if the authorization was explicitly granted by a
- * sufficiently privileger user.
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_authorization_was_granted_explicitly (PolKitAuthorization *auth,
- uid_t *out_by_whom)
-{
- g_return_val_if_fail (auth != NULL, FALSE);
- g_return_val_if_fail (out_by_whom != NULL, FALSE);
-
- if (!auth->explicitly_granted)
- return FALSE;
-
- *out_by_whom = auth->explicitly_granted_by;
-
- return TRUE;
-}
-
-/**
- * polkit_authorization_get_constraint:
- * @auth: the object
- *
- * Get the constraint associated with an authorization.
- *
- * Returns: The constraint. Caller shall not unref this object.
- *
- * Since: 0.7
- */
-PolKitAuthorizationConstraint *
-polkit_authorization_get_constraint (PolKitAuthorization *auth)
-{
- g_return_val_if_fail (auth != NULL, FALSE);
- return auth->constraint;
-}
diff --git a/polkit/polkit-authorization.h b/polkit/polkit-authorization.h
deleted file mode 100644
index 0e107be..0000000
--- a/polkit/polkit-authorization.h
+++ /dev/null
@@ -1,100 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-authorization.h : Represents an entry in the authorization
- * database
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_AUTHORIZATION_H
-#define POLKIT_AUTHORIZATION_H
-
-#include <polkit/polkit-types.h>
-#include <polkit/polkit-action.h>
-#include <polkit/polkit-result.h>
-#include <polkit/polkit-authorization-constraint.h>
-
-POLKIT_BEGIN_DECLS
-
-struct _PolKitAuthorization;
-typedef struct _PolKitAuthorization PolKitAuthorization;
-
-PolKitAuthorization *polkit_authorization_ref (PolKitAuthorization *auth);
-void polkit_authorization_unref (PolKitAuthorization *auth);
-
-void polkit_authorization_debug (PolKitAuthorization *auth);
-polkit_bool_t polkit_authorization_validate (PolKitAuthorization *auth);
-
-
-/**
- * PolKitAuthorizationScope:
- * @POLKIT_AUTHORIZATION_SCOPE_PROCESS_ONE_SHOT: The authorization is
- * limited for a single shot for a single process on the system
- * @POLKIT_AUTHORIZATION_SCOPE_PROCESS: The authorization is limited
- * for a single process on the system
- * @POLKIT_AUTHORIZATION_SCOPE_SESSION: The authorization is limited
- * for processes originating from a given session
- * @POLKIT_AUTHORIZATION_SCOPE_ALWAYS: The authorization is retained
- * indefinitely.
- *
- * The scope of an authorization; e.g. whether it's limited to a
- * process, a session or unlimited.
- */
-typedef enum {
- POLKIT_AUTHORIZATION_SCOPE_PROCESS_ONE_SHOT,
- POLKIT_AUTHORIZATION_SCOPE_PROCESS,
- POLKIT_AUTHORIZATION_SCOPE_SESSION,
- POLKIT_AUTHORIZATION_SCOPE_ALWAYS,
-} PolKitAuthorizationScope;
-
-const char *polkit_authorization_get_action_id (PolKitAuthorization *auth);
-
-uid_t polkit_authorization_get_uid (PolKitAuthorization *auth);
-
-time_t polkit_authorization_get_time_of_grant (PolKitAuthorization *auth);
-
-PolKitAuthorizationConstraint *polkit_authorization_get_constraint (PolKitAuthorization *auth);
-
-PolKitAuthorizationScope polkit_authorization_get_scope (PolKitAuthorization *auth);
-
-
-polkit_bool_t polkit_authorization_scope_process_get_pid (PolKitAuthorization *auth,
- pid_t *out_pid,
- polkit_uint64_t *out_pid_start_time);
-
-const char *polkit_authorization_scope_session_get_ck_objref (PolKitAuthorization *auth);
-
-
-polkit_bool_t polkit_authorization_was_granted_via_defaults (PolKitAuthorization *auth,
- uid_t *out_user_authenticated_as);
-
-polkit_bool_t polkit_authorization_was_granted_explicitly (PolKitAuthorization *auth,
- uid_t *out_by_whom);
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_AUTHORIZATION_H */
-
-
diff --git a/polkit/polkit-caller.c b/polkit/polkit-caller.c
deleted file mode 100644
index d3432b2..0000000
--- a/polkit/polkit-caller.c
+++ /dev/null
@@ -1,455 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-caller.c : callers
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-/**
- * SECTION:polkit-caller
- * @title: Caller
- * @short_description: Represents a process requesting a mechanism to do something.
- *
- * This class is used to represent a caller in another process that is
- * calling into a mechanism to make the mechanism do something.
- **/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <glib.h>
-#include "polkit-debug.h"
-#include "polkit-caller.h"
-#include "polkit-utils.h"
-#include "polkit-test.h"
-#include "polkit-memory.h"
-
-/**
- * PolKitCaller:
- *
- * Objects of this class are used to record information about a caller
- * in another process.
- **/
-struct _PolKitCaller
-{
- int refcount;
- char *dbus_name;
- uid_t uid;
- pid_t pid;
- char *selinux_context;
- PolKitSession *session;
-};
-
-/**
- * polkit_caller_new:
- *
- * Creates a new #PolKitCaller object.
- *
- * Returns: the new object
- **/
-PolKitCaller *
-polkit_caller_new (void)
-{
- PolKitCaller *caller;
- caller = p_new0 (PolKitCaller, 1);
- if (caller == NULL)
- goto out;
- caller->refcount = 1;
-out:
- return caller;
-}
-
-/**
- * polkit_caller_ref:
- * @caller: The caller object
- *
- * Increase reference count.
- *
- * Returns: the object
- **/
-PolKitCaller *
-polkit_caller_ref (PolKitCaller *caller)
-{
- g_return_val_if_fail (caller != NULL, caller);
- caller->refcount++;
- return caller;
-}
-
-
-/**
- * polkit_caller_unref:
- * @caller: The caller object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-polkit_caller_unref (PolKitCaller *caller)
-{
- g_return_if_fail (caller != NULL);
- caller->refcount--;
- if (caller->refcount > 0)
- return;
- p_free (caller->dbus_name);
- p_free (caller->selinux_context);
- if (caller->session != NULL)
- polkit_session_unref (caller->session);
- p_free (caller);
-}
-
-/**
- * polkit_caller_set_dbus_name:
- * @caller: The caller object
- * @dbus_name: unique system bus connection name
- *
- * Set the callers unique system bus connection name.
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-polkit_caller_set_dbus_name (PolKitCaller *caller, const char *dbus_name)
-{
- g_return_val_if_fail (caller != NULL, FALSE);
- g_return_val_if_fail (dbus_name == NULL || _pk_validate_unique_bus_name (dbus_name), FALSE);
- if (caller->dbus_name != NULL)
- p_free (caller->dbus_name);
- if (dbus_name == NULL) {
- caller->dbus_name = NULL;
- return TRUE;
- } else {
- caller->dbus_name = p_strdup (dbus_name);
- if (caller->dbus_name == NULL)
- return FALSE;
- else
- return TRUE;
- }
-}
-
-/**
- * polkit_caller_set_uid:
- * @caller: The caller object
- * @uid: UNIX user id
- *
- * Set the callers UNIX user id.
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-polkit_caller_set_uid (PolKitCaller *caller, uid_t uid)
-{
- g_return_val_if_fail (caller != NULL, FALSE);
- caller->uid = uid;
- return TRUE;
-}
-
-/**
- * polkit_caller_set_pid:
- * @caller: The caller object
- * @pid: UNIX process id
- *
- * Set the callers UNIX process id.
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-polkit_caller_set_pid (PolKitCaller *caller, pid_t pid)
-{
- g_return_val_if_fail (caller != NULL, FALSE);
- caller->pid = pid;
- return TRUE;
-}
-
-/**
- * polkit_caller_set_selinux_context:
- * @caller: The caller object
- * @selinux_context: SELinux security context
- *
- * Set the callers SELinux security context.
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-polkit_caller_set_selinux_context (PolKitCaller *caller, const char *selinux_context)
-{
- g_return_val_if_fail (caller != NULL, FALSE);
- /* TODO: probably should have a separate validation function for SELinux contexts */
- g_return_val_if_fail (selinux_context == NULL || _pk_validate_identifier (selinux_context), FALSE);
-
- if (caller->selinux_context != NULL)
- p_free (caller->selinux_context);
- if (selinux_context == NULL) {
- caller->selinux_context = NULL;
- return TRUE;
- } else {
- caller->selinux_context = p_strdup (selinux_context);
- if (caller->selinux_context == NULL)
- return FALSE;
- else
- return TRUE;
- }
-}
-
-/**
- * polkit_caller_set_ck_session:
- * @caller: The caller object
- * @session: a session object
- *
- * Set the callers session. The reference count on the given object
- * will be increased by one. If an existing session object was set
- * already, the reference count on that one will be decreased by one.
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-polkit_caller_set_ck_session (PolKitCaller *caller, PolKitSession *session)
-{
- g_return_val_if_fail (caller != NULL, FALSE);
- g_return_val_if_fail (session == NULL || polkit_session_validate (session), FALSE);
- if (caller->session != NULL)
- polkit_session_unref (caller->session);
- caller->session = session != NULL ? polkit_session_ref (session) : NULL;
- return TRUE;
-}
-
-/**
- * polkit_caller_get_dbus_name:
- * @caller: The caller object
- * @out_dbus_name: Returns the unique system bus connection name. The caller shall not free this string.
- *
- * Get the callers unique system bus connection name.
- *
- * Returns: TRUE iff the value is returned
- **/
-polkit_bool_t
-polkit_caller_get_dbus_name (PolKitCaller *caller, char **out_dbus_name)
-{
- g_return_val_if_fail (caller != NULL, FALSE);
- g_return_val_if_fail (out_dbus_name != NULL, FALSE);
- *out_dbus_name = caller->dbus_name;
- return TRUE;
-}
-
-/**
- * polkit_caller_get_uid:
- * @caller: The caller object
- * @out_uid: Returns the UNIX user id
- *
- * Get the callers UNIX user id.
- *
- * Returns: TRUE iff the value is returned
- **/
-polkit_bool_t
-polkit_caller_get_uid (PolKitCaller *caller, uid_t *out_uid)
-{
- g_return_val_if_fail (caller != NULL, FALSE);
- g_return_val_if_fail (out_uid != NULL, FALSE);
- *out_uid = caller->uid;
- return TRUE;
-}
-
-/**
- * polkit_caller_get_pid:
- * @caller: The caller object
- * @out_pid: Returns the UNIX process id
- *
- * Get the callers UNIX process id.
- *
- * Returns: TRUE iff the value is returned
- **/
-polkit_bool_t
-polkit_caller_get_pid (PolKitCaller *caller, pid_t *out_pid)
-{
- g_return_val_if_fail (caller != NULL, FALSE);
- g_return_val_if_fail (out_pid != NULL, FALSE);
- *out_pid = caller->pid;
- return TRUE;
-}
-
-/**
- * polkit_caller_get_selinux_context:
- * @caller: The caller object
- * @out_selinux_context: Returns the SELinux security context. The caller shall not free this string.
- *
- * Get the callers SELinux security context. Note that this may be
- * #NULL if SELinux is not available on the system.
- *
- * Returns: TRUE iff the value is returned
- **/
-polkit_bool_t
-polkit_caller_get_selinux_context (PolKitCaller *caller, char **out_selinux_context)
-{
- g_return_val_if_fail (caller != NULL, FALSE);
- g_return_val_if_fail (out_selinux_context != NULL, FALSE);
- *out_selinux_context = caller->selinux_context;
- return TRUE;
-}
-
-/**
- * polkit_caller_get_ck_session:
- * @caller: The caller object
- * @out_session: Returns the session object. Caller shall not unref it.
- *
- * Get the callers session. Note that this may be #NULL if the caller
- * is not in any session.
- *
- * Returns: TRUE iff the value is returned
- **/
-polkit_bool_t
-polkit_caller_get_ck_session (PolKitCaller *caller, PolKitSession **out_session)
-{
- g_return_val_if_fail (caller != NULL, FALSE);
- g_return_val_if_fail (out_session != NULL, FALSE);
- *out_session = caller->session;
- return TRUE;
-}
-
-/**
- * polkit_caller_debug:
- * @caller: the object
- *
- * Print debug details
- **/
-void
-polkit_caller_debug (PolKitCaller *caller)
-{
- g_return_if_fail (caller != NULL);
- _pk_debug ("PolKitCaller: refcount=%d dbus_name=%s uid=%d pid=%d selinux_context=%s",
- caller->refcount, caller->dbus_name, caller->uid, caller->pid, caller->selinux_context);
- if (caller->session != NULL)
- polkit_session_debug (caller->session);
-}
-
-
-/**
- * polkit_caller_validate:
- * @caller: the object
- *
- * Validate the object
- *
- * Returns: #TRUE iff the object is valid.
- **/
-polkit_bool_t
-polkit_caller_validate (PolKitCaller *caller)
-{
- g_return_val_if_fail (caller != NULL, FALSE);
- g_return_val_if_fail (caller->pid > 0, FALSE);
- return TRUE;
-}
-
-#ifdef POLKIT_BUILD_TESTS
-
-static polkit_bool_t
-_run_test (void)
-{
- char *s;
- PolKitCaller *c;
- pid_t pid;
- uid_t uid;
- PolKitSeat *seat;
- PolKitSession *session;
- PolKitSession *session2;
-
- if ((c = polkit_caller_new ()) != NULL) {
-
- g_assert (! polkit_caller_set_dbus_name (c, "org.invalid.name"));
- g_assert (polkit_caller_set_dbus_name (c, NULL));
- if (polkit_caller_set_dbus_name (c, ":1.43")) {
- g_assert (polkit_caller_get_dbus_name (c, &s) && strcmp (s, ":1.43") == 0);
-
- if (polkit_caller_set_dbus_name (c, ":1.44")) {
- g_assert (polkit_caller_get_dbus_name (c, &s) && strcmp (s, ":1.44") == 0);
- }
- }
-
- g_assert (polkit_caller_set_selinux_context (c, NULL));
- if (polkit_caller_set_selinux_context (c, "system_u:object_r:bin_t")) {
- g_assert (polkit_caller_get_selinux_context (c, &s) && strcmp (s, "system_u:object_r:bin_t") == 0);
-
- if (polkit_caller_set_selinux_context (c, "system_u:object_r:httpd_exec_t")) {
- g_assert (polkit_caller_get_selinux_context (c, &s) && strcmp (s, "system_u:object_r:httpd_exec_t") == 0);
- }
- }
-
- g_assert (polkit_caller_set_uid (c, 0));
- g_assert (polkit_caller_get_uid (c, &uid) && uid == 0);
- g_assert (polkit_caller_set_pid (c, 1));
- g_assert (polkit_caller_get_pid (c, &pid) && pid == 1);
-
- /* validate where caller is not in a session */
- g_assert (polkit_caller_validate (c));
- polkit_caller_ref (c);
- g_assert (polkit_caller_validate (c));
- polkit_caller_unref (c);
- g_assert (polkit_caller_validate (c));
-
- if ((session = polkit_session_new ()) != NULL) {
- if (polkit_session_set_ck_objref (session, "/somesession")) {
- if ((seat = polkit_seat_new ()) != NULL) {
- if (polkit_seat_set_ck_objref (seat, "/someseat")) {
- g_assert (polkit_session_set_seat (session, seat));
- g_assert (polkit_session_set_ck_is_local (session, TRUE));
-
- g_assert (polkit_caller_set_ck_session (c, NULL));
- g_assert (polkit_caller_get_ck_session (c, &session2) && session2 == NULL);
-
- g_assert (polkit_caller_set_ck_session (c, session));
- g_assert (polkit_caller_set_ck_session (c, session));
- g_assert (polkit_caller_get_ck_session (c, &session2) && session2 == session);
- /* validate where caller is in a session */
- g_assert (polkit_caller_validate (c));
-
- polkit_caller_debug (c);
-
-
- }
- polkit_seat_unref (seat);
- }
- }
- polkit_session_unref (session);
- }
-
-
-
- polkit_caller_unref (c);
- }
-
- return TRUE;
-}
-
-PolKitTest _test_caller = {
- "polkit_caller",
- NULL,
- NULL,
- _run_test
-};
-
-#endif /* POLKIT_BUILD_TESTS */
diff --git a/polkit/polkit-caller.h b/polkit/polkit-caller.h
deleted file mode 100644
index ad52102..0000000
--- a/polkit/polkit-caller.h
+++ /dev/null
@@ -1,61 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-caller.h : callers
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_CALLER_H
-#define POLKIT_CALLER_H
-
-#include <polkit/polkit-types.h>
-#include <polkit/polkit-session.h>
-#include <sys/types.h>
-
-POLKIT_BEGIN_DECLS
-
-struct _PolKitCaller;
-typedef struct _PolKitCaller PolKitCaller;
-
-PolKitCaller *polkit_caller_new (void);
-PolKitCaller *polkit_caller_ref (PolKitCaller *caller);
-void polkit_caller_unref (PolKitCaller *caller);
-polkit_bool_t polkit_caller_set_dbus_name (PolKitCaller *caller, const char *dbus_name);
-polkit_bool_t polkit_caller_set_uid (PolKitCaller *caller, uid_t uid);
-polkit_bool_t polkit_caller_set_pid (PolKitCaller *caller, pid_t pid);
-polkit_bool_t polkit_caller_set_selinux_context (PolKitCaller *caller, const char *selinux_context);
-polkit_bool_t polkit_caller_set_ck_session (PolKitCaller *caller, PolKitSession *session);
-polkit_bool_t polkit_caller_get_dbus_name (PolKitCaller *caller, char **out_dbus_name);
-polkit_bool_t polkit_caller_get_uid (PolKitCaller *caller, uid_t *out_uid);
-polkit_bool_t polkit_caller_get_pid (PolKitCaller *caller, pid_t *out_pid);
-polkit_bool_t polkit_caller_get_selinux_context (PolKitCaller *caller, char **out_selinux_context);
-polkit_bool_t polkit_caller_get_ck_session (PolKitCaller *caller, PolKitSession **out_session);
-
-void polkit_caller_debug (PolKitCaller *caller);
-polkit_bool_t polkit_caller_validate (PolKitCaller *caller);
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_H */
diff --git a/polkit/polkit-config.c b/polkit/polkit-config.c
deleted file mode 100644
index ff3c15e..0000000
--- a/polkit/polkit-config.c
+++ /dev/null
@@ -1,772 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-config.h : Configuration file
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-#include <sys/inotify.h>
-#include <regex.h>
-#include <syslog.h>
-#include <regex.h>
-
-#include <expat.h>
-
-#include <glib.h>
-#include "polkit-config.h"
-#include "polkit-debug.h"
-#include "polkit-error.h"
-
-/**
- * SECTION:polkit-config
- * @title: Configuration
- * @short_description: Represents the system-wide <literal>/etc/PolicyKit/PolicyKit.conf</literal> file.
- *
- * This class is used to represent the /etc/PolicyKit/PolicyKit.conf
- * configuration file. Applications using PolicyKit should never use
- * this class; it's only here for integration with other PolicyKit
- * components.
- **/
-
-enum {
- STATE_NONE,
- STATE_UNKNOWN_TAG,
- STATE_IN_CONFIG,
- STATE_IN_MATCH,
- STATE_IN_RETURN,
- STATE_IN_DEFINE_ADMIN_AUTH,
-};
-
-struct ConfigNode;
-typedef struct ConfigNode ConfigNode;
-
-/**
- * PolKitConfig:
- *
- * This class represents the system-wide configuration file for
- * PolicyKit. Applications using PolicyKit should never use this
- * class; it's only here for integration with other PolicyKit
- * components.
- **/
-struct _PolKitConfig
-{
- int refcount;
- ConfigNode *top_config_node;
-};
-
-#define PARSER_MAX_DEPTH 32
-
-typedef struct {
- XML_Parser parser;
- int state;
- PolKitConfig *pk_config;
- const char *path;
-
- int state_stack[PARSER_MAX_DEPTH];
- ConfigNode *node_stack[PARSER_MAX_DEPTH];
-
- int stack_depth;
-} ParserData;
-
-enum {
- NODE_TYPE_NOP,
- NODE_TYPE_TOP,
- NODE_TYPE_MATCH,
- NODE_TYPE_RETURN,
- NODE_TYPE_DEFINE_ADMIN_AUTH,
-};
-
-enum {
- MATCH_TYPE_ACTION,
- MATCH_TYPE_USER,
-};
-
-static const char * const match_names[] =
-{
- "action",
- "user",
-};
-
-static const char * const define_admin_auth_names[] =
-{
- "user",
- "group",
-};
-
-struct ConfigNode
-{
- int node_type;
-
- union {
-
- struct {
- int match_type;
- char *data;
- regex_t preq;
- } node_match;
-
- struct {
- PolKitResult result;
- } node_return;
-
- struct {
- PolKitConfigAdminAuthType admin_type;
- char *data;
- } node_define_admin_auth;
-
- } data;
-
- GSList *children;
-};
-
-
-static ConfigNode *
-config_node_new (void)
-{
- ConfigNode *node;
- node = g_new0 (ConfigNode, 1);
- return node;
-}
-
-static void
-config_node_dump_real (ConfigNode *node, unsigned int indent)
-{
- GSList *i;
- unsigned int n;
- char buf[128];
-
- for (n = 0; n < indent && n < sizeof (buf) - 1; n++)
- buf[n] = ' ';
- buf[n] = '\0';
-
- switch (node->node_type) {
- case NODE_TYPE_NOP:
- _pk_debug ("%sNOP", buf);
- break;
- case NODE_TYPE_TOP:
- _pk_debug ("%sTOP", buf);
- break;
- case NODE_TYPE_MATCH:
- _pk_debug ("%sMATCH %s (%d) with '%s'",
- buf,
- match_names[node->data.node_match.match_type],
- node->data.node_match.match_type,
- node->data.node_match.data);
- break;
- case NODE_TYPE_RETURN:
- _pk_debug ("%sRETURN %s (%d)",
- buf,
- polkit_result_to_string_representation (node->data.node_return.result),
- node->data.node_return.result);
- break;
- case NODE_TYPE_DEFINE_ADMIN_AUTH:
- _pk_debug ("%sDEFINE_ADMIN_AUTH %s (%d) with '%s'",
- buf,
- define_admin_auth_names[node->data.node_define_admin_auth.admin_type],
- node->data.node_define_admin_auth.admin_type,
- node->data.node_define_admin_auth.data);
- break;
- break;
- }
-
- for (i = node->children; i != NULL; i = g_slist_next (i)) {
- ConfigNode *child = i->data;
- config_node_dump_real (child, indent + 2);
- }
-}
-
-static void
-config_node_dump (ConfigNode *node)
-{
-
- config_node_dump_real (node, 0);
-}
-
-static void
-config_node_unref (ConfigNode *node)
-{
- GSList *i;
-
- switch (node->node_type) {
- case NODE_TYPE_NOP:
- break;
- case NODE_TYPE_TOP:
- break;
- case NODE_TYPE_MATCH:
- g_free (node->data.node_match.data);
- regfree (&(node->data.node_match.preq));
- break;
- case NODE_TYPE_RETURN:
- break;
- case NODE_TYPE_DEFINE_ADMIN_AUTH:
- g_free (node->data.node_define_admin_auth.data);
- break;
- }
-
- for (i = node->children; i != NULL; i = g_slist_next (i)) {
- ConfigNode *child = i->data;
- config_node_unref (child);
- }
- g_slist_free (node->children);
- g_free (node);
-}
-
-static void
-_start (void *data, const char *el, const char **attr)
-{
- int state;
- int num_attr;
- ParserData *pd = data;
- ConfigNode *node;
-
- _pk_debug ("_start for node '%s' (at depth=%d)", el, pd->stack_depth);
-
- for (num_attr = 0; attr[num_attr] != NULL; num_attr++)
- ;
-
- state = STATE_NONE;
- node = config_node_new ();
- node->node_type = NODE_TYPE_NOP;
-
- switch (pd->state) {
- case STATE_NONE:
- if (strcmp (el, "config") == 0) {
- state = STATE_IN_CONFIG;
- _pk_debug ("parsed config node");
-
- if (pd->pk_config->top_config_node != NULL) {
- _pk_debug ("Multiple config nodes?");
- goto error;
- }
-
- node->node_type = NODE_TYPE_TOP;
- pd->pk_config->top_config_node = node;
- }
- break;
- case STATE_IN_CONFIG: /* explicit fallthrough */
- case STATE_IN_MATCH:
- if ((strcmp (el, "match") == 0) && (num_attr == 2)) {
-
- node->node_type = NODE_TYPE_MATCH;
- if (strcmp (attr[0], "action") == 0) {
- node->data.node_match.match_type = MATCH_TYPE_ACTION;
- } else if (strcmp (attr[0], "user") == 0) {
- node->data.node_match.match_type = MATCH_TYPE_USER;
- } else {
- _pk_debug ("Unknown match rule '%s'", attr[0]);
- goto error;
- }
-
- node->data.node_match.data = g_strdup (attr[1]);
- if (regcomp (&(node->data.node_match.preq), node->data.node_match.data, REG_NOSUB|REG_EXTENDED) != 0) {
- _pk_debug ("Invalid expression '%s'", node->data.node_match.data);
- goto error;
- }
-
- state = STATE_IN_MATCH;
- _pk_debug ("parsed match node ('%s' (%d) -> '%s')",
- attr[0],
- node->data.node_match.match_type,
- node->data.node_match.data);
-
- } else if ((strcmp (el, "return") == 0) && (num_attr == 2)) {
-
- node->node_type = NODE_TYPE_RETURN;
-
- if (strcmp (attr[0], "result") == 0) {
- PolKitResult r;
- if (!polkit_result_from_string_representation (attr[1], &r)) {
- _pk_debug ("Unknown return result '%s'", attr[1]);
- goto error;
- }
- node->data.node_return.result = r;
- } else {
- _pk_debug ("Unknown return rule '%s'", attr[0]);
- goto error;
- }
-
- state = STATE_IN_RETURN;
- _pk_debug ("parsed return node ('%s' (%d))",
- attr[1],
- node->data.node_return.result);
- } else if ((strcmp (el, "define_admin_auth") == 0) && (num_attr == 2)) {
-
- node->node_type = NODE_TYPE_DEFINE_ADMIN_AUTH;
- if (strcmp (attr[0], "user") == 0) {
- node->data.node_define_admin_auth.admin_type = POLKIT_CONFIG_ADMIN_AUTH_TYPE_USER;
- } else if (strcmp (attr[0], "group") == 0) {
- node->data.node_define_admin_auth.admin_type = POLKIT_CONFIG_ADMIN_AUTH_TYPE_GROUP;
- } else {
- _pk_debug ("Unknown define_admin_auth rule '%s'", attr[0]);
- goto error;
- }
-
- node->data.node_define_admin_auth.data = g_strdup (attr[1]);
-
- state = STATE_IN_DEFINE_ADMIN_AUTH;
- _pk_debug ("parsed define_admin_auth node ('%s' (%d) -> '%s')",
- attr[0],
- node->data.node_define_admin_auth.admin_type,
- node->data.node_define_admin_auth.data);
-
-
- }
- break;
- }
-
- if (state == STATE_NONE || node == NULL) {
- g_warning ("skipping unknown tag <%s> at line %d of %s",
- el, (int) XML_GetCurrentLineNumber (pd->parser), pd->path);
- syslog (LOG_ALERT, "libpolkit: skipping unknown tag <%s> at line %d of %s",
- el, (int) XML_GetCurrentLineNumber (pd->parser), pd->path);
- state = STATE_UNKNOWN_TAG;
- }
-
- if (pd->stack_depth < 0 || pd->stack_depth >= PARSER_MAX_DEPTH) {
- _pk_debug ("reached max depth?");
- goto error;
- }
- pd->state = state;
- pd->state_stack[pd->stack_depth] = pd->state;
- pd->node_stack[pd->stack_depth] = node;
-
- if (pd->stack_depth > 0) {
- pd->node_stack[pd->stack_depth - 1]->children =
- g_slist_append (pd->node_stack[pd->stack_depth - 1]->children, node);
- }
-
- pd->stack_depth++;
- _pk_debug ("now in state=%d (after _start, depth=%d)", pd->state, pd->stack_depth);
- return;
-
-error:
- if (node != NULL) {
- config_node_unref (node);
- }
- XML_StopParser (pd->parser, FALSE);
-}
-
-static void
-_cdata (void *data, const char *s, int len)
-{
-}
-
-static void
-_end (void *data, const char *el)
-{
- ParserData *pd = data;
-
- _pk_debug ("_end for node '%s' (at depth=%d)", el, pd->stack_depth);
-
- --pd->stack_depth;
- if (pd->stack_depth < 0 || pd->stack_depth >= PARSER_MAX_DEPTH) {
- _pk_debug ("reached max depth?");
- goto error;
- }
- if (pd->stack_depth > 0)
- pd->state = pd->state_stack[pd->stack_depth - 1];
- else
- pd->state = STATE_NONE;
- _pk_debug ("now in state=%d (after _end, depth=%d)", pd->state, pd->stack_depth);
- return;
-error:
- XML_StopParser (pd->parser, FALSE);
-}
-
-/**
- * polkit_config_new:
- * @path: Path to configuration, typically /etc/PolicyKit/PolicyKit.conf is passed.
- * @error: return location for error
- *
- * Load and parse a PolicyKit configuration file.
- *
- * Returns: the configuration file object
- **/
-PolKitConfig *
-polkit_config_new (const char *path, PolKitError **error)
-{
- ParserData pd;
- int xml_res;
- PolKitConfig *pk_config;
- char *buf;
- gsize buflen;
- GError *g_error;
-
- /* load and parse the configuration file */
- pk_config = NULL;
-
- g_error = NULL;
- if (!g_file_get_contents (path, &buf, &buflen, &g_error)) {
- polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID,
- "Cannot load PolicyKit policy file at '%s': %s",
- path,
- g_error->message);
- g_error_free (g_error);
- goto error;
- }
-
- pd.parser = XML_ParserCreate (NULL);
- if (pd.parser == NULL) {
- polkit_error_set_error (error, POLKIT_ERROR_OUT_OF_MEMORY,
- "Cannot load PolicyKit policy file at '%s': %s",
- path,
- "No memory for parser");
- goto error;
- }
- XML_SetUserData (pd.parser, &pd);
- XML_SetElementHandler (pd.parser, _start, _end);
- XML_SetCharacterDataHandler (pd.parser, _cdata);
-
- pk_config = g_new0 (PolKitConfig, 1);
- pk_config->refcount = 1;
-
- pd.state = STATE_NONE;
- pd.pk_config = pk_config;
- pd.node_stack[0] = NULL;
- pd.stack_depth = 0;
- pd.path = path;
-
- xml_res = XML_Parse (pd.parser, buf, buflen, 1);
-
- if (xml_res == 0) {
- polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID,
- "%s:%d: parse error: %s",
- path,
- (int) XML_GetCurrentLineNumber (pd.parser),
- XML_ErrorString (XML_GetErrorCode (pd.parser)));
-
- XML_ParserFree (pd.parser);
- g_free (buf);
- goto error;
- }
- XML_ParserFree (pd.parser);
- g_free (buf);
-
- _pk_debug ("Loaded configuration file %s", path);
-
- if (pk_config->top_config_node != NULL)
- config_node_dump (pk_config->top_config_node);
-
- return pk_config;
-
-error:
- if (pk_config != NULL)
- polkit_config_unref (pk_config);
- return NULL;
-}
-
-/**
- * polkit_config_ref:
- * @pk_config: the object
- *
- * Increase reference count.
- *
- * Returns: the object
- **/
-PolKitConfig *
-polkit_config_ref (PolKitConfig *pk_config)
-{
- g_return_val_if_fail (pk_config != NULL, pk_config);
- pk_config->refcount++;
- return pk_config;
-}
-
-/**
- * polkit_config_unref:
- * @pk_config: the object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-polkit_config_unref (PolKitConfig *pk_config)
-{
- g_return_if_fail (pk_config != NULL);
- pk_config->refcount--;
- if (pk_config->refcount > 0)
- return;
-
- if (pk_config->top_config_node != NULL)
- config_node_unref (pk_config->top_config_node);
-
- g_free (pk_config);
-}
-
-static gboolean
-config_node_match (ConfigNode *node,
- PolKitAction *action,
- PolKitCaller *caller,
- PolKitSession *session)
-{
- char *str;
- char *str1;
- char *str2;
- uid_t uid;
- gboolean match;
-
- match = FALSE;
- str1 = NULL;
- str2 = NULL;
- switch (node->data.node_match.match_type) {
-
- case MATCH_TYPE_ACTION:
- if (!polkit_action_get_action_id (action, &str))
- goto out;
- str1 = g_strdup (str);
- break;
-
- case MATCH_TYPE_USER:
- if (caller != NULL) {
- if (!polkit_caller_get_uid (caller, &uid))
- goto out;
- } else if (session != NULL) {
- if (!polkit_session_get_uid (session, &uid))
- goto out;
- } else
- goto out;
-
- str1 = g_strdup_printf ("%d", uid);
- {
- struct passwd pd;
- struct passwd* pwdptr=&pd;
- struct passwd* tempPwdPtr;
- char pwdbuffer[256];
- int pwdlinelen = sizeof(pwdbuffer);
-
- if ((getpwuid_r (uid, pwdptr, pwdbuffer, pwdlinelen, &tempPwdPtr)) !=0 )
- goto out;
- str2 = g_strdup (pd.pw_name);
- }
- break;
- }
-
- if (str1 != NULL) {
- if (regexec (&(node->data.node_match.preq), str1, 0, NULL, 0) == 0)
- match = TRUE;
- }
- if (!match && str2 != NULL) {
- if (regexec (&(node->data.node_match.preq), str2, 0, NULL, 0) == 0)
- match = TRUE;
- }
-
-out:
- g_free (str1);
- g_free (str2);
- return match;
-}
-
-
-/* exactly one of the parameters caller and session must be NULL */
-static PolKitResult
-config_node_test (ConfigNode *node,
- PolKitAction *action,
- PolKitCaller *caller,
- PolKitSession *session)
-{
- gboolean recurse;
- PolKitResult result;
-
- recurse = FALSE;
- result = POLKIT_RESULT_UNKNOWN;
-
- switch (node->node_type) {
- case NODE_TYPE_NOP:
- recurse = FALSE;
- break;
- case NODE_TYPE_TOP:
- recurse = TRUE;
- break;
- case NODE_TYPE_MATCH:
- if (config_node_match (node, action, caller, session))
- recurse = TRUE;
- break;
- case NODE_TYPE_RETURN:
- result = node->data.node_return.result;
- break;
- default:
- break;
- }
-
- if (recurse) {
- GSList *i;
- for (i = node->children; i != NULL; i = g_slist_next (i)) {
- ConfigNode *child_node = i->data;
- result = config_node_test (child_node, action, caller, session);
- if (result != POLKIT_RESULT_UNKNOWN) {
- goto out;
- }
- }
- }
-
-out:
- return result;
-}
-
-/**
- * polkit_config_can_session_do_action:
- * @pk_config: the PolicyKit context
- * @action: the type of access to check for
- * @session: the session in question
- *
- * Determine if the /etc/PolicyKit/PolicyKit.conf configuration file
- * says that a given session can do a given action.
- *
- * Returns: A #PolKitResult - returns #POLKIT_RESULT_UNKNOWN if there
- * was no match in the configuration file.
- */
-PolKitResult
-polkit_config_can_session_do_action (PolKitConfig *pk_config,
- PolKitAction *action,
- PolKitSession *session)
-{
- PolKitResult result;
- if (pk_config->top_config_node != NULL)
- result = config_node_test (pk_config->top_config_node, action, NULL, session);
- else
- result = POLKIT_RESULT_UNKNOWN;
- return result;
-}
-
-/**
- * polkit_config_can_caller_do_action:
- * @pk_config: the PolicyKit context
- * @action: the type of access to check for
- * @caller: the caller in question
- *
- * Determine if the /etc/PolicyKit/PolicyKit.conf configuration file
- * says that a given caller can do a given action.
- *
- * Returns: A #PolKitResult - returns #POLKIT_RESULT_UNKNOWN if there
- * was no match in the configuration file.
- */
-PolKitResult
-polkit_config_can_caller_do_action (PolKitConfig *pk_config,
- PolKitAction *action,
- PolKitCaller *caller)
-{
- PolKitResult result;
- if (pk_config->top_config_node != NULL)
- result = config_node_test (pk_config->top_config_node, action, caller, NULL);
- else
- result = POLKIT_RESULT_UNKNOWN;
- return result;
-}
-
-
-static polkit_bool_t
-config_node_determine_admin_auth (ConfigNode *node,
- PolKitAction *action,
- PolKitCaller *caller,
- PolKitConfigAdminAuthType *out_admin_auth_type,
- const char **out_data)
-{
- gboolean recurse;
- gboolean result_set;
-
- recurse = FALSE;
- result_set = FALSE;
-
- switch (node->node_type) {
- case NODE_TYPE_NOP:
- recurse = FALSE;
- break;
- case NODE_TYPE_TOP:
- recurse = TRUE;
- break;
- case NODE_TYPE_MATCH:
- if (config_node_match (node, action, caller, NULL))
- recurse = TRUE;
- break;
- case NODE_TYPE_DEFINE_ADMIN_AUTH:
- if (out_admin_auth_type != NULL)
- *out_admin_auth_type = node->data.node_define_admin_auth.admin_type;
- if (out_data != NULL)
- *out_data = node->data.node_define_admin_auth.data;
- result_set = TRUE;
- break;
- default:
- break;
- }
-
- if (recurse) {
- GSList *i;
- for (i = node->children; i != NULL; i = g_slist_next (i)) {
- ConfigNode *child_node = i->data;
-
- result_set = config_node_determine_admin_auth (child_node,
- action,
- caller,
- out_admin_auth_type,
- out_data) || result_set;
- }
- }
-
- return result_set;
-}
-
-/**
- * polkit_config_determine_admin_auth_type:
- * @pk_config: the PolicyKit context
- * @action: the type of access to check for
- * @caller: the caller in question
- * @out_admin_auth_type: return location for the authentication type
- * @out_data: return location for the match value of the given
- * authentication type. Caller shall not manipulate or free this
- * string.
- *
- * Determine what "Authenticate as admin" means for a given caller and
- * a given action. This basically returns the result of the
- * "define_admin_auth" in the configuration file when drilling down
- * for a specific caller / action.
- *
- * Returns: TRUE if value was returned
- */
-polkit_bool_t
-polkit_config_determine_admin_auth_type (PolKitConfig *pk_config,
- PolKitAction *action,
- PolKitCaller *caller,
- PolKitConfigAdminAuthType *out_admin_auth_type,
- const char **out_data)
-{
- if (pk_config->top_config_node != NULL) {
- return config_node_determine_admin_auth (pk_config->top_config_node,
- action,
- caller,
- out_admin_auth_type,
- out_data);
- } else {
- return FALSE;
- }
-}
-
diff --git a/polkit/polkit-config.h b/polkit/polkit-config.h
deleted file mode 100644
index a5307a4..0000000
--- a/polkit/polkit-config.h
+++ /dev/null
@@ -1,87 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-config.h : Configuration file
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_CONFIG_H
-#define POLKIT_CONFIG_H
-
-#include <sys/types.h>
-#include <polkit/polkit-types.h>
-#include <polkit/polkit-error.h>
-#include <polkit/polkit-types.h>
-#include <polkit/polkit-result.h>
-#include <polkit/polkit-action.h>
-#include <polkit/polkit-session.h>
-#include <polkit/polkit-caller.h>
-
-POLKIT_BEGIN_DECLS
-
-struct _PolKitConfig;
-typedef struct _PolKitConfig PolKitConfig;
-
-PolKitConfig *polkit_config_new (const char *path, PolKitError **error);
-PolKitConfig *polkit_config_ref (PolKitConfig *pk_config);
-void polkit_config_unref (PolKitConfig *pk_config);
-
-PolKitResult
-polkit_config_can_session_do_action (PolKitConfig *pk_config,
- PolKitAction *action,
- PolKitSession *session);
-
-PolKitResult
-polkit_config_can_caller_do_action (PolKitConfig *pk_config,
- PolKitAction *action,
- PolKitCaller *caller);
-
-/**
- * PolKitConfigAdminAuthType:
- * @POLKIT_CONFIG_ADMIN_AUTH_TYPE_USER: Authentication as
- * administrator matches one or more users
- * @POLKIT_CONFIG_ADMIN_AUTH_TYPE_GROUP: Authentication as
- * administrator matches users from one or more groups
- *
- * This enumeration reflects results defined in the
- * "define_admin_auth" configuration element.
- */
-typedef enum
-{
- POLKIT_CONFIG_ADMIN_AUTH_TYPE_USER,
- POLKIT_CONFIG_ADMIN_AUTH_TYPE_GROUP
-} PolKitConfigAdminAuthType;
-
-polkit_bool_t polkit_config_determine_admin_auth_type (PolKitConfig *pk_config,
- PolKitAction *action,
- PolKitCaller *caller,
- PolKitConfigAdminAuthType *out_admin_auth_type,
- const char **out_data);
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_CONFIG_H */
-
-
diff --git a/polkit/polkit-context.c b/polkit/polkit-context.c
deleted file mode 100644
index 1f25d58..0000000
--- a/polkit/polkit-context.c
+++ /dev/null
@@ -1,803 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-context.c : context for PolicyKit
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-#include <sys/inotify.h>
-#include <syslog.h>
-
-#include <glib.h>
-#include "polkit-config.h"
-#include "polkit-debug.h"
-#include "polkit-context.h"
-#include "polkit-policy-cache.h"
-#include "polkit-private.h"
-
-/**
- * SECTION:polkit
- * @short_description: Centralized policy management.
- *
- * libpolkit is a C library for centralized policy management.
- **/
-
-/**
- * SECTION:polkit-context
- * @title: Context
- * @short_description: The main interface used to query PolicyKit.
- *
- * This class is used to represent the interface to PolicyKit - it is
- * used by Mechanisms that use PolicyKit for making
- * decisions. Typically, it's used as a singleton:
- *
- * <itemizedlist>
- * <listitem>First, the Mechanism need to declare one or more PolicyKit Actions by dropping a <literal>.policy</literal> file into <literal>/usr/share/PolicyKit/policy</literal>. This is described in the PolicyKit specification.</listitem>
- * <listitem>The mechanism starts up and uses polkit_context_new() to create a new context</listitem>
- * <listitem>If the mechanism is a long running daemon, it should use polkit_context_set_config_changed() to register a callback when configuration changes. This is useful if, for example, the mechanism needs to revise decisions based on earlier answers from libpolkit. For example, a daemon that manages permissions on <literal>/dev</literal> may want to add/remove ACL's when configuration changes; for example, the system administrator could have changed the PolicyKit configuration file <literal>/etc/PolicyKit/PolicyKit.conf</literal> such that some user is now privileged to access a specific device.</listitem>
- * <listitem>If polkit_context_set_config_changed() is used, the mechanism must also use polkit_context_set_io_watch_functions() to integrate libpolkit into the mainloop.</listitem>
- * <listitem>The mechanism needs to call polkit_context_init() such that libpolkit can load configuration files and properly initialize.</listitem>
- * <listitem>Whenever the mechanism needs to make a decision whether a caller is allowed to make a perform some action, the mechanism prepares a #PolKitAction and #PolKitCaller object (or #PolKitSession if applicable) and calls polkit_context_can_caller_do_action() (or polkit_context_can_session_do_action() if applicable). The mechanism may use the libpolkit-dbus library (specifically the polkit_caller_new_from_dbus_name() or polkit_caller_new_from_pid() functions) but may opt, for performance reasons, to construct #PolKitCaller (or #PolKitSession if applicable) from it's own cache of information.</listitem>
- * <listitem>The mechanism will get a #PolKitResult object back that describes whether it should carry out the action. This result stems from a number of sources, see the PolicyKit specification document for details.</listitem>
- * <listitem>If the result is #POLKIT_RESULT_YES, the mechanism should carry out the action. If the result is not #POLKIT_RESULT_YES nor #POLKIT_RESULT_UNKNOWN (this would never be returned but is mentioned here for completeness), the mechanism should throw an expcetion to the caller detailing the #PolKitResult as a textual string using polkit_result_to_string_representation(). For example, if the mechanism is using D-Bus it could throw an com.some-mechanism.DeniedByPolicy exception with the #PolKitResult textual representation in the detail field. Then the caller can interpret this exception and then act on it (for example it can attempt to gain that privilege).</listitem>
- * </itemizedlist>
- *
- * For more information about using PolicyKit in mechanisms and
- * callers, refer to the PolicyKit-gnome project which includes a
- * sample application on how to use this in the GNOME desktop.
- **/
-
-/**
- * PolKitContext:
- *
- * Context object for users of PolicyKit.
- **/
-struct _PolKitContext
-{
- int refcount;
-
- PolKitContextConfigChangedCB config_changed_cb;
- void *config_changed_user_data;
-
- PolKitContextAddIOWatch io_add_watch_func;
- PolKitContextRemoveIOWatch io_remove_watch_func;
-
- char *policy_dir;
-
- PolKitPolicyCache *priv_cache;
-
- PolKitConfig *config;
-
- PolKitAuthorizationDB *authdb;
-
- polkit_bool_t load_descriptions;
-
- int inotify_fd;
- int inotify_fd_watch_id;
- int inotify_config_wd;
- int inotify_policy_wd;
- int inotify_grant_perm_wd;
-};
-
-/**
- * polkit_context_new:
- *
- * Create a new context
- *
- * Returns: the object
- **/
-PolKitContext *
-polkit_context_new (void)
-{
- PolKitContext *pk_context;
- pk_context = g_new0 (PolKitContext, 1);
- pk_context->refcount = 1;
- /* TODO: May want to rethink instantiating this on demand.. */
- pk_context->authdb = _polkit_authorization_db_new ();
- return pk_context;
-}
-
-/**
- * polkit_context_init:
- * @pk_context: the context object
- * @error: return location for error
- *
- * Initializes a new context; loads PolicyKit files from
- * /usr/share/PolicyKit/policy.
- *
- * Returns: #FALSE if @error was set, otherwise #TRUE
- **/
-polkit_bool_t
-polkit_context_init (PolKitContext *pk_context, PolKitError **error)
-{
- g_return_val_if_fail (pk_context != NULL, FALSE);
-
- pk_context->policy_dir = g_strdup (PACKAGE_DATA_DIR "/PolicyKit/policy");
- _pk_debug ("Using policy files from directory %s", pk_context->policy_dir);
-
- /* NOTE: we don't populate the cache until it's needed.. */
-
- /* NOTE: we don't load the configuration file until it's needed */
-
- if (pk_context->io_add_watch_func != NULL) {
- pk_context->inotify_fd = inotify_init ();
- if (pk_context->inotify_fd < 0) {
- _pk_debug ("failed to initialize inotify: %s", strerror (errno));
- /* TODO: set error */
- goto error;
- }
-
- /* Watch the /etc/PolicyKit/PolicyKit.conf file */
- pk_context->inotify_config_wd = inotify_add_watch (pk_context->inotify_fd,
- PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf",
- IN_MODIFY | IN_CREATE | IN_ATTRIB);
- if (pk_context->inotify_config_wd < 0) {
- _pk_debug ("failed to add watch on file '" PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf': %s",
- strerror (errno));
- /* TODO: set error */
- goto error;
- }
-
- /* Watch the /usr/share/PolicyKit/policy directory */
- pk_context->inotify_policy_wd = inotify_add_watch (pk_context->inotify_fd,
- PACKAGE_DATA_DIR "/PolicyKit/policy",
- IN_MODIFY | IN_CREATE | IN_DELETE | IN_ATTRIB);
- if (pk_context->inotify_policy_wd < 0) {
- _pk_debug ("failed to add watch on directory '" PACKAGE_DATA_DIR "/PolicyKit/policy': %s",
- strerror (errno));
- /* TODO: set error */
- goto error;
- }
-
-#ifdef POLKIT_AUTHDB_DEFAULT
- /* Watch the /var/lib/misc/PolicyKit.reload file */
- pk_context->inotify_grant_perm_wd = inotify_add_watch (pk_context->inotify_fd,
- PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload",
- IN_MODIFY | IN_CREATE | IN_ATTRIB);
- if (pk_context->inotify_grant_perm_wd < 0) {
- _pk_debug ("failed to add watch on file '" PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload': %s",
- strerror (errno));
- /* TODO: set error */
- goto error;
- }
-#endif
-
- pk_context->inotify_fd_watch_id = pk_context->io_add_watch_func (pk_context, pk_context->inotify_fd);
- if (pk_context->inotify_fd_watch_id == 0) {
- _pk_debug ("failed to add io watch");
- /* TODO: set error */
- goto error;
- }
- }
-
- return TRUE;
-error:
- return FALSE;
-}
-
-/**
- * polkit_context_ref:
- * @pk_context: the context object
- *
- * Increase reference count.
- *
- * Returns: the object
- **/
-PolKitContext *
-polkit_context_ref (PolKitContext *pk_context)
-{
- g_return_val_if_fail (pk_context != NULL, pk_context);
- pk_context->refcount++;
- return pk_context;
-}
-
-/**
- * polkit_context_unref:
- * @pk_context: the context object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-polkit_context_unref (PolKitContext *pk_context)
-{
-
- g_return_if_fail (pk_context != NULL);
- pk_context->refcount--;
- if (pk_context->refcount > 0)
- return;
-
- g_free (pk_context);
-}
-
-/**
- * polkit_context_set_config_changed:
- * @pk_context: the context object
- * @cb: the callback to invoke
- * @user_data: user data to pass to the callback
- *
- * Register the callback function for when configuration changes.
- * Mechanisms should use this callback to e.g. reconfigure all
- * permissions / acl's they have set in response to policy decisions
- * made from information provided by PolicyKit.
- *
- * Note that this function may be called many times within a short
- * interval due to how file monitoring works if e.g. the user is
- * editing a configuration file (editors typically create back-up
- * files). Mechanisms should use a "cool-off" timer (of, say, one
- * second) to avoid doing many expensive operations (such as
- * reconfiguring all ACL's for all devices) within a very short
- * timeframe.
- *
- * This method must be called before polkit_context_init().
- **/
-void
-polkit_context_set_config_changed (PolKitContext *pk_context,
- PolKitContextConfigChangedCB cb,
- void *user_data)
-{
- g_return_if_fail (pk_context != NULL);
- pk_context->config_changed_cb = cb;
- pk_context->config_changed_user_data = user_data;
-}
-
-/**
- * polkit_context_io_func:
- * @pk_context: the object
- * @fd: the file descriptor passed to the supplied function of type #PolKitContextAddIOWatch.
- *
- * Method that the application must call when there is data to read
- * from a file descriptor registered with the supplied function of
- * type #PolKitContextAddIOWatch.
- **/
-void
-polkit_context_io_func (PolKitContext *pk_context, int fd)
-{
- gboolean config_changed;
-
- g_return_if_fail (pk_context != NULL);
-
- _pk_debug ("polkit_context_io_func: data on fd %d", fd);
-
- config_changed = FALSE;
-
- if (fd == pk_context->inotify_fd) {
-/* size of the event structure, not counting name */
-#define EVENT_SIZE (sizeof (struct inotify_event))
-/* reasonable guess as to size of 1024 events */
-#define BUF_LEN (1024 * (EVENT_SIZE + 16))
- char buf[BUF_LEN];
- int len;
- int i = 0;
-again:
- len = read (fd, buf, BUF_LEN);
- if (len < 0) {
- if (errno == EINTR) {
- goto again;
- } else {
- _pk_debug ("read: %s", strerror (errno));
- }
- } else if (len > 0) {
- /* BUF_LEN too small? */
- }
- while (i < len) {
- struct inotify_event *event;
- event = (struct inotify_event *) &buf[i];
- _pk_debug ("wd=%d mask=%u cookie=%u len=%u",
- event->wd, event->mask, event->cookie, event->len);
-
- _pk_debug ("config changed!");
- config_changed = TRUE;
-
- i += EVENT_SIZE + event->len;
- }
- }
-
- if (config_changed) {
- /* purge existing policy files */
- _pk_debug ("purging policy files");
- if (pk_context->priv_cache != NULL) {
- polkit_policy_cache_unref (pk_context->priv_cache);
- pk_context->priv_cache = NULL;
- }
-
- /* Purge existing old config file */
- _pk_debug ("purging configuration file");
- if (pk_context->config != NULL) {
- polkit_config_unref (pk_context->config);
- pk_context->config = NULL;
- }
-
- /* Purge authorization entries from the cache */
- _polkit_authorization_db_invalidate_cache (pk_context->authdb);
-
- if (pk_context->config_changed_cb != NULL) {
- pk_context->config_changed_cb (pk_context,
- pk_context->config_changed_user_data);
- }
- }
-}
-
-/**
- * polkit_context_set_io_watch_functions:
- * @pk_context: the context object
- * @io_add_watch_func: the function that the PolicyKit library can invoke to start watching a file descriptor
- * @io_remove_watch_func: the function that the PolicyKit library can invoke to stop watching a file descriptor
- *
- * Register a functions that PolicyKit can use for watching IO descriptors.
- *
- * This method must be called before polkit_context_init().
- **/
-void
-polkit_context_set_io_watch_functions (PolKitContext *pk_context,
- PolKitContextAddIOWatch io_add_watch_func,
- PolKitContextRemoveIOWatch io_remove_watch_func)
-{
- g_return_if_fail (pk_context != NULL);
- pk_context->io_add_watch_func = io_add_watch_func;
- pk_context->io_remove_watch_func = io_remove_watch_func;
-}
-
-/**
- * polkit_context_set_load_descriptions:
- * @pk_context: the context
- *
- * Set whether policy descriptions should be loaded. By default these
- * are not loaded to keep memory use down. TODO: specify whether they
- * are localized and how.
- *
- * This method must be called before polkit_context_init().
- **/
-void
-polkit_context_set_load_descriptions (PolKitContext *pk_context)
-{
- g_return_if_fail (pk_context != NULL);
- pk_context->load_descriptions = TRUE;
-}
-
-/**
- * polkit_context_get_policy_cache:
- * @pk_context: the context
- *
- * Get the #PolKitPolicyCache object that holds all the defined policies as well as their defaults.
- *
- * Returns: the #PolKitPolicyCache object. Caller shall not unref it.
- **/
-PolKitPolicyCache *
-polkit_context_get_policy_cache (PolKitContext *pk_context)
-{
- g_return_val_if_fail (pk_context != NULL, NULL);
-
- if (pk_context->priv_cache == NULL) {
- PolKitError *error;
-
- _pk_debug ("Populating cache from directory %s", pk_context->policy_dir);
-
- error = NULL;
- pk_context->priv_cache = _polkit_policy_cache_new (pk_context->policy_dir,
- pk_context->load_descriptions,
- &error);
- if (pk_context->priv_cache == NULL) {
- g_warning ("Error loading policy files from %s: %s",
- pk_context->policy_dir, polkit_error_get_error_message (error));
- polkit_error_free (error);
- } else {
- polkit_policy_cache_debug (pk_context->priv_cache);
- }
- }
-
- return pk_context->priv_cache;
-}
-
-
-/**
- * polkit_context_is_session_authorized:
- * @pk_context: the PolicyKit context
- * @action: the type of access to check for
- * @session: the session in question
- * @error: return location for error
- *
- * Determine if any caller from a giver session is authorized to do a
- * given action.
- *
- * Returns: A #PolKitResult specifying if, and how, the caller can
- * do a specific action.
- *
- * Since: 0.7
- */
-PolKitResult
-polkit_context_is_session_authorized (PolKitContext *pk_context,
- PolKitAction *action,
- PolKitSession *session,
- PolKitError **error)
-{
- PolKitPolicyCache *cache;
- PolKitPolicyFileEntry *pfe;
- PolKitPolicyDefault *policy_default;
- PolKitResult result_from_config;
- PolKitResult result_from_grantdb;
- polkit_bool_t from_authdb;
- PolKitResult result;
- PolKitConfig *config;
-
- result = POLKIT_RESULT_NO;
- g_return_val_if_fail (pk_context != NULL, result);
-
- config = polkit_context_get_config (pk_context, NULL);
- /* if the configuration file is malformed, always say no */
- if (config == NULL)
- goto out;
-
- if (action == NULL || session == NULL)
- goto out;
-
- /* now validate the incoming objects */
- if (!polkit_action_validate (action))
- goto out;
- if (!polkit_session_validate (session))
- goto out;
-
- cache = polkit_context_get_policy_cache (pk_context);
- if (cache == NULL)
- goto out;
-
- _pk_debug ("entering polkit_can_session_do_action()");
- polkit_action_debug (action);
- polkit_session_debug (session);
-
- pfe = polkit_policy_cache_get_entry (cache, action);
- if (pfe == NULL) {
- char *action_name;
- if (!polkit_action_get_action_id (action, &action_name)) {
- g_warning ("given action has no name");
- } else {
- g_warning ("no action with name '%s'", action_name);
- }
- result = POLKIT_RESULT_UNKNOWN;
- goto out;
- }
-
- polkit_policy_file_entry_debug (pfe);
-
- result_from_config = polkit_config_can_session_do_action (config, action, session);
-
- result_from_grantdb = POLKIT_RESULT_UNKNOWN;
- if (polkit_authorization_db_is_session_authorized (pk_context->authdb,
- action,
- session,
- &from_authdb)) {
- if (from_authdb)
- result_from_grantdb = POLKIT_RESULT_YES;
- }
-
- /* Fist, the config file is authoritative.. so only use the
- * value from the authdb if the config file allows to gain via
- * authentication
- */
- if (result_from_config != POLKIT_RESULT_UNKNOWN) {
- /* it does.. use it.. although try to use an existing grant if there is one */
- if ((result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS) &&
- result_from_grantdb == POLKIT_RESULT_YES) {
- result = POLKIT_RESULT_YES;
- } else {
- result = result_from_config;
- }
- goto found;
- }
-
- /* If we have a positive answer from the authdb, use it */
- if (result_from_grantdb == POLKIT_RESULT_YES) {
- result = POLKIT_RESULT_YES;
- goto found;
- }
-
- /* Otherwise, fall back to defaults as specified in the .policy file */
- policy_default = polkit_policy_file_entry_get_default (pfe);
- if (policy_default == NULL) {
- g_warning ("no default policy for action!");
- goto out;
- }
- result = polkit_policy_default_can_session_do_action (policy_default, action, session);
-
-found:
- /* Never return UNKNOWN to user */
- if (result == POLKIT_RESULT_UNKNOWN)
- result = POLKIT_RESULT_NO;
-
-out:
- _pk_debug ("... result was %s", polkit_result_to_string_representation (result));
- return result;
-}
-
-/**
- * polkit_context_is_caller_authorized:
- * @pk_context: the PolicyKit context
- * @action: the type of access to check for
- * @caller: the caller in question
- * @revoke_if_one_shot: Whether to revoke one-shot authorizations. See
- * below for discussion.
- * @error: return location for error
- *
- * Determine if a given caller is authorized to do a given
- * action.
- *
- * It is important to understand how one-shot authorizations work.
- * The revoke_if_one_shot parameter, if #TRUE, specifies whether
- * one-shot authorizations should be revoked if they are used
- * to make the decision to return #POLKIT_RESULT_YES.
- *
- * UI applications wanting to hint whether a caller is authorized must
- * pass #FALSE here. Mechanisms that wants to check authorizations
- * before carrying out work on behalf of a caller must pass #TRUE
- * here.
- *
- * As a side-effect, any process with the authorization
- * org.freedesktop.policykit.read can revoke one-shot authorizations
- * from other users. Even though the window for doing so is small
- * (one-shot auths are typically used right away), be careful who you
- * grant that authorization to.
- *
- * This can fail with the following errors:
- * #POLKIT_ERROR_NOT_AUTHORIZED_TO_READ_AUTHORIZATIONS_FOR_OTHER_USERS
- *
- * Returns: A #PolKitResult specifying if, and how, the caller can
- * do a specific action.
- *
- * Since: 0.7
- */
-PolKitResult
-polkit_context_is_caller_authorized (PolKitContext *pk_context,
- PolKitAction *action,
- PolKitCaller *caller,
- polkit_bool_t revoke_if_one_shot,
- PolKitError **error)
-{
-
-
- PolKitPolicyCache *cache;
- PolKitPolicyFileEntry *pfe;
- PolKitResult result;
- PolKitResult result_from_config;
- PolKitResult result_from_grantdb;
- PolKitPolicyDefault *policy_default;
- PolKitConfig *config;
- polkit_bool_t from_authdb;
-
- result = POLKIT_RESULT_NO;
- g_return_val_if_fail (pk_context != NULL, result);
-
- /* if the configuration file is malformed, always say no */
- config = polkit_context_get_config (pk_context, NULL);
- if (config == NULL)
- goto out;
-
- if (action == NULL || caller == NULL)
- goto out;
-
- cache = polkit_context_get_policy_cache (pk_context);
- if (cache == NULL)
- goto out;
-
- /* now validate the incoming objects */
- if (!polkit_action_validate (action))
- goto out;
- if (!polkit_caller_validate (caller))
- goto out;
-
- _pk_debug ("entering polkit_can_caller_do_action()");
- polkit_action_debug (action);
- polkit_caller_debug (caller);
-
- pfe = polkit_policy_cache_get_entry (cache, action);
- if (pfe == NULL) {
- char *action_name;
- if (!polkit_action_get_action_id (action, &action_name)) {
- g_warning ("given action has no name");
- } else {
- g_warning ("no action with name '%s'", action_name);
- }
- result = POLKIT_RESULT_UNKNOWN;
- goto out;
- }
-
- polkit_policy_file_entry_debug (pfe);
-
- result_from_config = polkit_config_can_caller_do_action (config, action, caller);
-
- result_from_grantdb = POLKIT_RESULT_UNKNOWN;
- if (polkit_authorization_db_is_caller_authorized (pk_context->authdb,
- action,
- caller,
- revoke_if_one_shot,
- &from_authdb)) {
- if (from_authdb)
- result_from_grantdb = POLKIT_RESULT_YES;
- }
-
- /* Fist, the config file is authoritative.. so only use the
- * value from the authdb if the config file allows to gain via
- * authentication
- */
- if (result_from_config != POLKIT_RESULT_UNKNOWN) {
- /* it does.. use it.. although try to use an existing grant if there is one */
- if ((result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION ||
- result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS) &&
- result_from_grantdb == POLKIT_RESULT_YES) {
- result = POLKIT_RESULT_YES;
- } else {
- result = result_from_config;
- }
- goto found;
- }
-
- /* If we have a positive answer from the authdb, use it */
- if (result_from_grantdb == POLKIT_RESULT_YES) {
- result = POLKIT_RESULT_YES;
- goto found;
- }
-
- /* Otherwise, fall back to defaults as specified in the .policy file */
- policy_default = polkit_policy_file_entry_get_default (pfe);
- if (policy_default == NULL) {
- g_warning ("no default policy for action!");
- goto out;
- }
- result = polkit_policy_default_can_caller_do_action (policy_default, action, caller);
-
-found:
-
- /* Never return UNKNOWN to user */
- if (result == POLKIT_RESULT_UNKNOWN)
- result = POLKIT_RESULT_NO;
-out:
- _pk_debug ("... result was %s", polkit_result_to_string_representation (result));
- return result;
-}
-
-/**
- * polkit_context_can_session_do_action:
- * @pk_context: the PolicyKit context
- * @action: the type of access to check for
- * @session: the session in question
- *
- * Determine if a given session can do a given action.
- *
- * This can fail with the following errors:
- * #POLKIT_ERROR_NOT_AUTHORIZED_TO_READ_AUTHORIZATIONS_FOR_OTHER_USERS
- *
- * Returns: A #PolKitResult - can only be one of
- * #POLKIT_RESULT_YES, #POLKIT_RESULT_NO.
- *
- * Deprecated: 0.7: use polkit_context_is_session_authorized() instead.
- */
-PolKitResult
-polkit_context_can_session_do_action (PolKitContext *pk_context,
- PolKitAction *action,
- PolKitSession *session)
-{
- return polkit_context_is_session_authorized (pk_context, action, session, NULL);
-}
-
-/**
- * polkit_context_can_caller_do_action:
- * @pk_context: the PolicyKit context
- * @action: the type of access to check for
- * @caller: the caller in question
- *
- * Determine if a given caller can do a given action.
- *
- * Returns: A #PolKitResult specifying if, and how, the caller can
- * do a specific action
- *
- * Deprecated: 0.7: use polkit_context_is_caller_authorized() instead.
- */
-PolKitResult
-polkit_context_can_caller_do_action (PolKitContext *pk_context,
- PolKitAction *action,
- PolKitCaller *caller)
-{
- return polkit_context_is_caller_authorized (pk_context, action, caller, TRUE, NULL);
-}
-
-/**
- * polkit_context_get_config:
- * @pk_context: the PolicyKit context
- * @error: Return location for error
- *
- * Returns an object that provides access to the
- * /etc/PolicyKit/PolicyKit.conf configuration files. Applications
- * using PolicyKit should never use this method; it's only here for
- * integration with other PolicyKit components.
- *
- * Returns: A #PolKitConfig object or NULL if the configuration file
- * is malformed. Caller should not unref this object.
- */
-PolKitConfig *
-polkit_context_get_config (PolKitContext *pk_context, PolKitError **error)
-{
- if (pk_context->config == NULL) {
- PolKitError **pk_error;
- PolKitError *pk_error2;
-
- pk_error2 = NULL;
- if (error != NULL)
- pk_error = error;
- else
- pk_error = &pk_error2;
-
- _pk_debug ("loading configuration file");
- pk_context->config = polkit_config_new (PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf", pk_error);
- /* if configuration file was bad, log it */
- if (pk_context->config == NULL) {
- _pk_debug ("failed to load configuration file: %s",
- polkit_error_get_error_message (*pk_error));
- syslog (LOG_ALERT, "libpolkit: failed to load configuration file: %s",
- polkit_error_get_error_message (*pk_error));
- if (pk_error == &pk_error2)
- polkit_error_free (*pk_error);
- }
- }
- return pk_context->config;
-}
-
-/**
- * polkit_context_get_authorization_db:
- * @pk_context: the PolicyKit context
- *
- * Returns an object that provides access to the authorization
- * database. Applications using PolicyKit should never use this
- * method; it's only here for integration with other PolicyKit
- * components.
- *
- * Returns: A #PolKitAuthorizationDB object. Caller should not unref
- * this object.
- */
-PolKitAuthorizationDB *
-polkit_context_get_authorization_db (PolKitContext *pk_context)
-{
- return pk_context->authdb;
-}
diff --git a/polkit/polkit-context.h b/polkit/polkit-context.h
deleted file mode 100644
index 72e4ad8..0000000
--- a/polkit/polkit-context.h
+++ /dev/null
@@ -1,190 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-context.h : PolicyKit context
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_CONTEXT_H
-#define POLKIT_CONTEXT_H
-
-#include <polkit/polkit-types.h>
-#include <polkit/polkit-error.h>
-#include <polkit/polkit-result.h>
-#include <polkit/polkit-context.h>
-#include <polkit/polkit-action.h>
-#include <polkit/polkit-seat.h>
-#include <polkit/polkit-session.h>
-#include <polkit/polkit-caller.h>
-#include <polkit/polkit-policy-cache.h>
-#include <polkit/polkit-config.h>
-#include <polkit/polkit-authorization-db.h>
-
-POLKIT_BEGIN_DECLS
-
-struct _PolKitContext;
-typedef struct _PolKitContext PolKitContext;
-
-/**
- * PolKitContextConfigChangedCB:
- * @pk_context: PolicyKit context
- * @user_data: user data
- *
- * The type of the callback function for when configuration changes.
- * Mechanisms should use this callback to e.g. reconfigure all
- * permissions / acl's they have set in response to policy decisions
- * made from information provided by PolicyKit.
- *
- * The user must have set up watches using #polkit_context_set_io_watch_functions
- * for this to work.
- *
- * Note that this function may be called many times within a short
- * interval due to how file monitoring works if e.g. the user is
- * editing a configuration file (editors typically create back-up
- * files). Mechanisms should use a "cool-off" timer (of, say, one
- * second) to avoid doing many expensive operations (such as
- * reconfiguring all ACL's for all devices) within a very short
- * timeframe.
- */
-typedef void (*PolKitContextConfigChangedCB) (PolKitContext *pk_context,
- void *user_data);
-
-/**
- * PolKitContextAddIOWatch:
- * @pk_context: the polkit context
- * @fd: the file descriptor to watch
- *
- * Type for function supplied by the application to integrate a watch
- * on a file descriptor into the applications main loop. The
- * application must call polkit_grant_io_func() when there is data
- * to read from the file descriptor.
- *
- * For glib mainloop, the function will typically look like this:
- *
- * <programlisting>
- * static gboolean
- * io_watch_have_data (GIOChannel *channel, GIOCondition condition, gpointer user_data)
- * {
- * int fd;
- * PolKitContext *pk_context = user_data;
- * fd = g_io_channel_unix_get_fd (channel);
- * polkit_context_io_func (pk_context, fd);
- * return TRUE;
- * }
- *
- * static int
- * io_add_watch (PolKitContext *pk_context, int fd)
- * {
- * guint id = 0;
- * GIOChannel *channel;
- * channel = g_io_channel_unix_new (fd);
- * if (channel == NULL)
- * goto out;
- * id = g_io_add_watch (channel, G_IO_IN, io_watch_have_data, pk_context);
- * if (id == 0) {
- * g_io_channel_unref (channel);
- * goto out;
- * }
- * g_io_channel_unref (channel);
- * out:
- * return id;
- * }
- * </programlisting>
- *
- * Returns: 0 if the watch couldn't be set up; otherwise an unique
- * identifier for the watch.
- **/
-typedef int (*PolKitContextAddIOWatch) (PolKitContext *pk_context, int fd);
-
-/**
- * PolKitContextRemoveIOWatch:
- * @pk_context: the context object
- * @watch_id: the id obtained from using the supplied function
- * of type #PolKitContextAddIOWatch
- *
- * Type for function supplied by the application to remove a watch set
- * up via the supplied function of type #PolKitContextAddIOWatch
- *
- * For the glib mainloop, the function will typically look like this:
- *
- * <programlisting>
- * static void
- * io_remove_watch (PolKitContext *pk_context, int watch_id)
- * {
- * g_source_remove (watch_id);
- * }
- * </programlisting>
- *
- **/
-typedef void (*PolKitContextRemoveIOWatch) (PolKitContext *pk_context, int watch_id);
-
-
-PolKitContext *polkit_context_new (void);
-void polkit_context_set_config_changed (PolKitContext *pk_context,
- PolKitContextConfigChangedCB cb,
- void *user_data);
-void polkit_context_set_io_watch_functions (PolKitContext *pk_context,
- PolKitContextAddIOWatch io_add_watch_func,
- PolKitContextRemoveIOWatch io_remove_watch_func);
-void polkit_context_set_load_descriptions (PolKitContext *pk_context);
-polkit_bool_t polkit_context_init (PolKitContext *pk_context,
- PolKitError **error);
-PolKitContext *polkit_context_ref (PolKitContext *pk_context);
-void polkit_context_unref (PolKitContext *pk_context);
-
-void polkit_context_io_func (PolKitContext *pk_context, int fd);
-
-PolKitPolicyCache *polkit_context_get_policy_cache (PolKitContext *pk_context);
-
-POLKIT_GNUC_DEPRECATED
-PolKitResult polkit_context_can_session_do_action (PolKitContext *pk_context,
- PolKitAction *action,
- PolKitSession *session);
-
-POLKIT_GNUC_DEPRECATED
-PolKitResult polkit_context_can_caller_do_action (PolKitContext *pk_context,
- PolKitAction *action,
- PolKitCaller *caller);
-
-PolKitConfig *polkit_context_get_config (PolKitContext *pk_context, PolKitError **error);
-
-PolKitResult polkit_context_is_caller_authorized (PolKitContext *pk_context,
- PolKitAction *action,
- PolKitCaller *caller,
- polkit_bool_t revoke_if_one_shot,
- PolKitError **error);
-
-PolKitResult polkit_context_is_session_authorized (PolKitContext *pk_context,
- PolKitAction *action,
- PolKitSession *session,
- PolKitError **error);
-
-PolKitAuthorizationDB *polkit_context_get_authorization_db (PolKitContext *pk_context);
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_CONTEXT_H */
-
-
diff --git a/polkit/polkit-debug.c b/polkit/polkit-debug.c
deleted file mode 100644
index 50c1491..0000000
--- a/polkit/polkit-debug.c
+++ /dev/null
@@ -1,81 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit.c : library for querying system-wide policy
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-/**
- * SECTION:polkit-debug
- * @short_description: Internal debug functions for polkit.
- *
- * These functions are used for debug purposes
- **/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <sys/time.h>
-#include <time.h>
-
-#include "polkit-types.h"
-#include "polkit-debug.h"
-
-/**
- * pk_debug:
- * @format: format
- *
- * Print debug message
- **/
-void
-_pk_debug (const char *format, ...)
-{
- va_list args;
- static polkit_bool_t show_debug = FALSE;
- static polkit_bool_t init = FALSE;
-
- if (!init) {
- init = TRUE;
- if (getenv ("POLKIT_DEBUG") != NULL) {
- show_debug = TRUE;
- }
- }
-
- if (show_debug) {
- struct timeval tnow;
- struct tm *tlocaltime;
- struct timezone tzone;
- char tbuf[256];
- gettimeofday (&tnow, &tzone);
- tlocaltime = localtime ((time_t *) &tnow.tv_sec);
- strftime (tbuf, sizeof (tbuf), "%H:%M:%S", tlocaltime);
- fprintf (stdout, "%s.%03d: ", tbuf, (int)(tnow.tv_usec/1000));
-
- va_start (args, format);
- vfprintf (stdout, format, args);
- va_end (args);
- fprintf (stdout, "\n");
- }
-}
diff --git a/polkit/polkit-debug.h b/polkit/polkit-debug.h
deleted file mode 100644
index 7177e7e..0000000
--- a/polkit/polkit-debug.h
+++ /dev/null
@@ -1,33 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-debug.h : debug infrastructure for polkit
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#ifndef POLKIT_DEBUG_H
-#define POLKIT_DEBUG_H
-
-void _pk_debug (const char *format, ...) __attribute__((__format__ (__printf__, 1, 2)));
-
-#endif /* POLKIT_DEBUG_H */
-
-
diff --git a/polkit/polkit-error.c b/polkit/polkit-error.c
deleted file mode 100644
index f87f817..0000000
--- a/polkit/polkit-error.c
+++ /dev/null
@@ -1,246 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-error.c : GError error codes from PolicyKit
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-/**
- * SECTION:polkit-error
- * @title: Error reporting
- * @short_description: Representation of recoverable errors.
- *
- * Error codes from PolicyKit.
- **/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <glib.h>
-
-#include "polkit-types.h"
-#include "polkit-error.h"
-#include "polkit-debug.h"
-#include "polkit-test.h"
-#include "polkit-memory.h"
-
-/**
- * PolKitError:
- *
- * Objects of this class are used for error reporting.
- **/
-struct _PolKitError
-{
- polkit_bool_t is_static;
- PolKitErrorCode error_code;
- char *error_message;
-};
-
-/**
- * polkit_error_is_set:
- * @error: the error
- *
- * Determine if an error set
- *
- * Returns: #TRUE if, and only if, the error is set
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_error_is_set (PolKitError *error)
-{
- return error != NULL;
-}
-
-static const char *error_names[POLKIT_ERROR_NUM_ERROR_CODES] = {
- "OutOfMemory",
- "PolicyFileInvalid",
- "GeneralError",
- "NotAuthorizedToReadAuthorizationsForOtherUsers",
- "NotAuthorizedToRevokeAuthorizationsFromOtherUsers",
- "NotAuthorizedToGrantAuthorization",
- "AuthorizationAlreadyExists",
- "NotSupported"
-};
-
-/**
- * polkit_error_get_error_name:
- * @error: the error
- *
- * Get the CamelCase name for the error;
- * e.g. #POLKIT_ERROR_OUT_OF_MEMORY maps to "OutOfMemory" and so on.
- *
- * Returns: the string
- *
- * Since: 0.7
- */
-const char *
-polkit_error_get_error_name (PolKitError *error)
-{
- g_return_val_if_fail (error != NULL, NULL);
- g_return_val_if_fail (error->error_code >= 0 && error->error_code < POLKIT_ERROR_NUM_ERROR_CODES, NULL);
-
- return error_names[error->error_code];
-}
-
-/**
- * polkit_error_get_error_code:
- * @error: the error object
- *
- * Returns the error code.
- *
- * Returns: A value from the #PolKitErrorCode enumeration.
- **/
-PolKitErrorCode
-polkit_error_get_error_code (PolKitError *error)
-{
- g_return_val_if_fail (error != NULL, -1);
- return error->error_code;
-}
-
-/**
- * polkit_error_get_error_message:
- * @error: the error object
- *
- * Get the error message.
- *
- * Returns: A string describing the error. Caller shall not free this string.
- **/
-const char *
-polkit_error_get_error_message (PolKitError *error)
-{
- g_return_val_if_fail (error != NULL, NULL);
- return error->error_message;
-}
-
-/**
- * polkit_error_free:
- * @error: the error
- *
- * Free an error.
- **/
-void
-polkit_error_free (PolKitError *error)
-{
- g_return_if_fail (error != NULL);
- if (!error->is_static) {
- p_free (error->error_message);
- p_free (error);
- }
-}
-
-
-static PolKitError _oom_error = {TRUE, POLKIT_ERROR_OUT_OF_MEMORY, "Pre-allocated OOM error object"};
-
-/**
- * polkit_error_set_error:
- * @error: the error object
- * @error_code: A value from the #PolKitErrorCode enumeration.
- * @format: printf style formatting string
- * @Varargs: printf style arguments
- *
- * Sets an error. If OOM, the error will be set to a pre-allocated OOM error.
- *
- * Returns: TRUE if the error was set
- **/
-polkit_bool_t
-polkit_error_set_error (PolKitError **error, PolKitErrorCode error_code, const char *format, ...)
-{
- va_list args;
- PolKitError *e;
-
- g_return_val_if_fail (format != NULL, FALSE);
- g_return_val_if_fail (error_code >= 0 && error_code < POLKIT_ERROR_NUM_ERROR_CODES, FALSE);
-
- if (error == NULL)
- goto out;
-
- e = p_new0 (PolKitError, 1);
- if (e == NULL) {
- *error = &_oom_error;
- } else {
- e->is_static = FALSE;
- e->error_code = error_code;
- va_start (args, format);
- e->error_message = p_strdup_vprintf (format, args);
- va_end (args);
- if (e->error_message == NULL) {
- p_free (e);
- *error = &_oom_error;
- } else {
- *error = e;
- }
- }
-
-out:
- return TRUE;
-}
-
-#ifdef POLKIT_BUILD_TESTS
-
-static polkit_bool_t
-_run_test (void)
-{
- unsigned int n;
- PolKitError *e;
- char s[256];
-
- e = NULL;
- g_assert (! polkit_error_is_set (e));
- g_assert (! polkit_error_set_error (&e, -1, "Testing"));
- g_assert (! polkit_error_set_error (&e, POLKIT_ERROR_NUM_ERROR_CODES, "Testing"));
-
- for (n = 0; n < POLKIT_ERROR_NUM_ERROR_CODES; n++) {
- polkit_error_set_error (&e, n, "Testing error code %d", n);
- g_assert (polkit_error_is_set (e));
- g_assert (polkit_error_get_error_code (e) == n || polkit_error_get_error_code (e) == POLKIT_ERROR_OUT_OF_MEMORY);
- g_assert (strcmp (polkit_error_get_error_name (e), error_names[polkit_error_get_error_code (e)]) == 0);
-
- if (polkit_error_get_error_code (e) != POLKIT_ERROR_OUT_OF_MEMORY) {
- snprintf (s, sizeof (s), "Testing error code %d", n);
- g_assert (strcmp (polkit_error_get_error_message (e), s) == 0);
- }
-
- polkit_error_free (e);
- }
-
- return TRUE;
-}
-
-
-PolKitTest _test_error = {
- "polkit_error",
- NULL,
- NULL,
- _run_test
-};
-
-#endif /* POLKIT_BUILD_TESTS */
diff --git a/polkit/polkit-error.h b/polkit/polkit-error.h
deleted file mode 100644
index 472d670..0000000
--- a/polkit/polkit-error.h
+++ /dev/null
@@ -1,88 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-error.h : error reporting from PolicyKit
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_ERROR_H
-#define POLKIT_ERROR_H
-
-#include <polkit/polkit-types.h>
-
-POLKIT_BEGIN_DECLS
-
-/**
- * PolKitErrorCode:
- * @POLKIT_ERROR_OUT_OF_MEMORY: Out of memory
- * @POLKIT_ERROR_POLICY_FILE_INVALID: There was an error parsing the given policy file
- * @POLKIT_ERROR_GENERAL_ERROR: A general error code typically
- * indicating problems with the installation of PolicyKit,
- * e.g. helpers missing or wrong owner / permission.
- * @POLKIT_ERROR_NOT_AUTHORIZED_TO_READ_AUTHORIZATIONS_FOR_OTHER_USERS:
- * An attempt was made to read authorizations for other users and the
- * calling process is not authorized.
- * @POLKIT_ERROR_NOT_AUTHORIZED_TO_REVOKE_AUTHORIZATIONS_FROM_OTHER_USERS:
- * An attempt was made to revoke authorizations for other users and the
- * calling process is not authorized.
- * @POLKIT_ERROR_NOT_AUTHORIZED_TO_GRANT_AUTHORIZATION: An attempt was
- * made to grant an authorization and the calling process is not
- * authorized.
- * @POLKIT_ERROR_AUTHORIZATION_ALREADY_EXISTS: Subject already has an
- * similar authorization already (modulo time of grant and who granted).
- * @POLKIT_ERROR_NOT_SUPPORTED: The operation is not supported by the
- * authorization database backend
- * @POLKIT_ERROR_NUM_ERROR_CODES: Number of error codes. This may change
- * from version to version; do not rely on it.
- *
- * Errors returned by PolicyKit
- */
-typedef enum
-{
- POLKIT_ERROR_OUT_OF_MEMORY,
- POLKIT_ERROR_POLICY_FILE_INVALID,
- POLKIT_ERROR_GENERAL_ERROR,
- POLKIT_ERROR_NOT_AUTHORIZED_TO_READ_AUTHORIZATIONS_FOR_OTHER_USERS,
- POLKIT_ERROR_NOT_AUTHORIZED_TO_REVOKE_AUTHORIZATIONS_FROM_OTHER_USERS,
- POLKIT_ERROR_NOT_AUTHORIZED_TO_GRANT_AUTHORIZATION,
- POLKIT_ERROR_AUTHORIZATION_ALREADY_EXISTS,
- POLKIT_ERROR_NOT_SUPPORTED,
-
- POLKIT_ERROR_NUM_ERROR_CODES
-} PolKitErrorCode;
-
-struct _PolKitError;
-typedef struct _PolKitError PolKitError;
-
-polkit_bool_t polkit_error_is_set (PolKitError *error);
-const char *polkit_error_get_error_name (PolKitError *error);
-PolKitErrorCode polkit_error_get_error_code (PolKitError *error);
-const char *polkit_error_get_error_message (PolKitError *error);
-void polkit_error_free (PolKitError *error);
-polkit_bool_t polkit_error_set_error (PolKitError **error, PolKitErrorCode error_code, const char *format, ...) __attribute__((__format__ (__printf__, 3, 4)));
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_ERROR_H */
diff --git a/polkit/polkit-hash.c b/polkit/polkit-hash.c
deleted file mode 100644
index ef2797d..0000000
--- a/polkit/polkit-hash.c
+++ /dev/null
@@ -1,560 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-hash.c : Hash tables
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <glib.h>
-#include <polkit/polkit-hash.h>
-#include <polkit/polkit-memory.h>
-#include <polkit/polkit-test.h>
-
-/**
- * SECTION:polkit-hash
- * @title: Hash Tables
- * @short_description: Hash Tables
- *
- * This class provides support for hash tables.
- *
- * Since: 0.7
- **/
-
-struct _PolKitHashNode;
-
-typedef struct _PolKitHashNode {
- void *key;
- void *value;
- struct _PolKitHashNode *next;
-} PolKitHashNode;
-
-
-/**
- * PolKitHash:
- *
- * The #PolKitHash structure not be accessed directly.
- *
- * Since: 0.7
- */
-struct _PolKitHash
-{
- int refcount;
-
- int num_top_nodes;
- PolKitHashNode **top_nodes;
-
- PolKitHashFunc hash_func;
- PolKitEqualFunc key_equal_func;
- PolKitCopyFunc key_copy_func;
- PolKitCopyFunc value_copy_func;
- PolKitFreeFunc key_destroy_func;
- PolKitFreeFunc value_destroy_func;
-};
-
-/**
- * polkit_hash_new:
- * @hash_func: The hash function to use
- * @key_equal_func: The function used to determine key equality
- * @key_copy_func: Function for copying keys or #NULL
- * @value_copy_func: Function for copying values or #NULL
- * @key_destroy_func: Function for freeing keys or #NULL
- * @value_destroy_func: Function for freeing values or #NULL
- *
- * Creates a new Hash Table.
- *
- * Returns: The new hash table. Returns #NULL on OOM.
- *
- * Since: 0.7
- */
-PolKitHash *
-polkit_hash_new (PolKitHashFunc hash_func,
- PolKitEqualFunc key_equal_func,
- PolKitCopyFunc key_copy_func,
- PolKitCopyFunc value_copy_func,
- PolKitFreeFunc key_destroy_func,
- PolKitFreeFunc value_destroy_func)
-{
- PolKitHash *h;
-
- g_return_val_if_fail (hash_func != NULL, NULL);
- g_return_val_if_fail (key_equal_func != NULL, NULL);
-
- h = p_new0 (PolKitHash, 1);
- if (h == NULL)
- goto error;
-
- h->refcount = 1;
- h->hash_func = hash_func;
- h->key_copy_func = key_copy_func;
- h->value_copy_func = value_copy_func;
- h->key_equal_func = key_equal_func;
- h->key_destroy_func = key_destroy_func;
- h->value_destroy_func = value_destroy_func;
-
- h->num_top_nodes = 11; /* TODO: configurable? */
- h->top_nodes = p_new0 (PolKitHashNode*, h->num_top_nodes);
- if (h->top_nodes == NULL)
- goto error;
-
- return h;
-error:
- if (h != NULL)
- polkit_hash_unref (h);
- return NULL;
-}
-
-/**
- * polkit_hash_ref:
- * @hash: the hash table
- *
- * Increase reference count.
- *
- * Returns: the hash table
- *
- * Since: 0.7
- */
-PolKitHash *
-polkit_hash_ref (PolKitHash *hash)
-{
- g_return_val_if_fail (hash != NULL, hash);
- hash->refcount++;
- return hash;
-}
-
-/**
- * polkit_hash_unref:
- * @hash: the hash table
- *
- * Decrease reference count. If reference count drop to zero the hash
- * table is freed.
- *
- * Since: 0.7
- */
-void
-polkit_hash_unref (PolKitHash *hash)
-{
- g_return_if_fail (hash != NULL);
-
- hash->refcount--;
- if (hash->refcount > 0)
- return;
-
- if (hash->top_nodes != NULL) {
- int n;
-
- for (n = 0; n < hash->num_top_nodes; n++) {
- PolKitHashNode *node;
- PolKitHashNode *next;
-
- for (node = hash->top_nodes[n]; node != NULL; node = next) {
- if (hash->key_destroy_func != NULL)
- hash->key_destroy_func (node->key);
- if (hash->value_destroy_func != NULL)
- hash->value_destroy_func (node->value);
- next = node->next;
- p_free (node);
- }
- }
- }
-
- p_free (hash->top_nodes);
- p_free (hash);
-}
-
-/**
- * polkit_hash_insert:
- * @hash: the hash table
- * @key: key to insert
- * @value: value to insert
- *
- * Inserts a new key and value into a hash table. If the key already
- * exists in the hash table it's current value is replaced with the
- * new value.
- *
- * Returns: #TRUE unless OOM
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_hash_insert (PolKitHash *hash,
- void *key,
- void *value)
-{
- int bucket;
- PolKitHashNode **nodep;
- PolKitHashNode *node;
- void *key_copy;
- void *value_copy;
-
- g_return_val_if_fail (hash != NULL, FALSE);
- g_return_val_if_fail (key != NULL, FALSE);
-
- key_copy = NULL;
- value_copy = NULL;
- if (hash->key_copy_func != NULL) {
- key_copy = hash->key_copy_func (key);
- if (key_copy == NULL) {
- goto oom;
- }
- } else {
- key_copy = key;
- }
- if (hash->value_copy_func != NULL) {
- value_copy = hash->value_copy_func (value);
- if (value_copy == NULL) {
- goto oom;
- }
- } else {
- value_copy = value;
- }
-
- bucket = hash->hash_func (key) % hash->num_top_nodes;
-
- nodep = & (hash->top_nodes [bucket]);
- node = hash->top_nodes [bucket];
- while (node != NULL) {
- nodep = &(node->next);
-
- if (hash->key_equal_func (key, node->key)) {
- /* replace the value */
-
- if (hash->key_destroy_func != NULL)
- hash->key_destroy_func (node->key);
- if (hash->value_destroy_func != NULL)
- hash->value_destroy_func (node->value);
-
- node->key = key_copy;
- node->value = value_copy;
-
- goto out;
- } else {
- node = node->next;
- }
- }
-
- node = p_new0 (PolKitHashNode, 1);
- if (node == NULL)
- goto oom;
-
- node->key = key_copy;
- node->value = value_copy;
- *nodep = node;
-
-out:
- return TRUE;
-
-oom:
- if (key_copy != NULL && hash->key_copy_func != NULL && hash->key_destroy_func != NULL)
- hash->key_destroy_func (key_copy);
-
- if (value_copy != NULL && hash->value_copy_func != NULL && hash->value_destroy_func != NULL)
- hash->value_destroy_func (value_copy);
-
- return FALSE;
-}
-
-/**
- * polkit_hash_lookup:
- * @hash: the hash table
- * @key: key to look up
- * @found: if not #NULL, will return #TRUE only if the key was found in the hash table
- *
- * Look up a value in the hash table.
- *
- * Returns: the value; caller shall not free/unref this value
- *
- * Since: 0.7
- */
-void *
-polkit_hash_lookup (PolKitHash *hash, void *key, polkit_bool_t *found)
-{
- int bucket;
- void *value;
- PolKitHashNode *node;
-
- value = NULL;
- if (found != NULL)
- *found = FALSE;
-
- g_return_val_if_fail (hash != NULL, NULL);
- g_return_val_if_fail (key != NULL, NULL);
-
- bucket = hash->hash_func (key) % hash->num_top_nodes;
-
- node = hash->top_nodes [bucket];
- while (node != NULL) {
- if (hash->key_equal_func (key, node->key)) {
- /* got it */
-
- value = node->value;
- if (found != NULL)
- *found = TRUE;
- goto out;
- } else {
- node = node->next;
- }
- }
-
-out:
- return value;
-}
-
-
-/**
- * polkit_hash_foreach:
- * @hash: the hash table
- * @cb: callback function
- * @user_data: user data
- *
- * Iterate over all elements in a hash table
- *
- * Returns: #TRUE only if the callback short-circuited the iteration
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_hash_foreach (PolKitHash *hash, PolKitHashForeachFunc cb, void *user_data)
-{
- int n;
-
- g_return_val_if_fail (hash != NULL, FALSE);
- g_return_val_if_fail (cb != NULL, FALSE);
-
- for (n = 0; n < hash->num_top_nodes; n++) {
- PolKitHashNode *node;
-
- for (node = hash->top_nodes[n]; node != NULL; node = node->next) {
- if (cb (hash, node->key, node->value, user_data))
- return TRUE;
- }
- }
-
- return FALSE;
-}
-
-
-/**
- * polkit_hash_direct_hash_func:
- * @key: the key
- *
- * Converts a pointer to a hash value.
- *
- * Returns: a hash value corresponding to the key
- *
- * Since: 0.7
- */
-polkit_uint32_t
-polkit_hash_direct_hash_func (const void *key)
-{
- /* TODO: reimplement */
- return g_direct_hash (key);
-}
-
-/**
- * polkit_hash_direct_equal_func:
- * @v1: first value
- * @v2: second value
- *
- * Compares two pointers and return #TRUE if they are equal (same address).
- *
- * Returns: #TRUE only if the values are equal
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_hash_direct_equal_func (const void *v1, const void *v2)
-{
- /* TODO: reimplement */
- return g_direct_equal (v1, v2);
-}
-
-/**
- * polkit_hash_str_hash_func:
- * @key: the key
- *
- * Converts a string to a hash value.
- *
- * Returns: a hash value corresponding to the key
- *
- * Since: 0.7
- */
-polkit_uint32_t
-polkit_hash_str_hash_func (const void *key)
-{
- const char *p;
- polkit_uint32_t hash;
-
- hash = 0;
- for (p = key; *p != '\0'; p++)
- hash = hash * 617 ^ *p;
-
- return hash;
-}
-
-/**
- * polkit_hash_str_equal_func:
- * @v1: first value
- * @v2: second value
- *
- * Compares two strings and return #TRUE if they are equal.
- *
- * Returns: #TRUE only if the values are equal
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_hash_str_equal_func (const void *v1, const void *v2)
-{
- return strcmp (v1, v2) == 0;
-}
-
-/**
- * polkit_hash_str_copy:
- * @p: void pointer to string
- *
- * Similar to p_strdup() except for types.
- *
- * Returns: a void pointer to a copy or #NULL on OOM
- */
-void *
-polkit_hash_str_copy (const void *p)
-{
- return (void *) p_strdup ((const char *) p);
-}
-
-#ifdef POLKIT_BUILD_TESTS
-
-static polkit_bool_t
-_it1 (PolKitHash *hash, void *key, void *value, void *user_data)
-{
- int *count = (int *) user_data;
- *count += 1;
- return FALSE;
-}
-
-static polkit_bool_t
-_it2 (PolKitHash *hash, void *key, void *value, void *user_data)
-{
- int *count = (int *) user_data;
- *count += 1;
- return TRUE;
-}
-
-static polkit_bool_t
-_run_test (void)
-{
- int count;
- PolKitHash *h;
- polkit_bool_t found;
-
- /* string hash tables */
- if ((h = polkit_hash_new (polkit_hash_str_hash_func, polkit_hash_str_equal_func,
- polkit_hash_str_copy, polkit_hash_str_copy,
- p_free, p_free)) != NULL) {
- int n;
- char *key;
- char *value;
- char *test_data[] = {"key1", "val1",
- "key2", "val2",
- "key3", "val3",
- "key4", "val4",
- "key5", "val5",
- "key6", "val6",
- "key7", "val7",
- "key8", "val8",
- "key9", "val9",
- "key10", "val10",
- "key11", "val11",
- "key12", "val12",
- NULL};
-
- /* first insert the values */
- for (n = 0; test_data [n*2] != NULL; n++) {
- if (!polkit_hash_insert (h, test_data [n*2], test_data [n*2 + 1])) {
- goto oom;
- }
- }
-
- /* then check that we can look them up */
- for (n = 0; test_data [n*2] != NULL; n++) {
- key = test_data [n*2];
- value = polkit_hash_lookup (h, test_data[n*2], &found);
-
- g_assert (found && strcmp (value, test_data[n*2 + 1]) == 0);
- }
-
- /* lookup unknown key */
- g_assert (polkit_hash_lookup (h, "unknown", &found) == NULL && !found);
-
- /* replace key */
- if (key != NULL) {
- if (polkit_hash_insert (h, "key1", "val1-replaced")) {
- /* check for replaced value */
- value = polkit_hash_lookup (h, "key1", &found);
- g_assert (found && value != NULL && strcmp (value, "val1-replaced") == 0);
- }
- }
-
- count = 0;
- g_assert (polkit_hash_foreach (h, _it1, &count) == FALSE);
- g_assert (count == ((sizeof (test_data) / sizeof (char *) - 1) / 2));
- count = 0;
- g_assert (polkit_hash_foreach (h, _it2, &count) == TRUE);
- g_assert (count == 1);
-
- polkit_hash_ref (h);
- polkit_hash_unref (h);
- oom:
-
- polkit_hash_unref (h);
- }
-
- /* direct hash tables */
- if ((h = polkit_hash_new (polkit_hash_direct_hash_func, polkit_hash_direct_equal_func,
- NULL, NULL,
- NULL, NULL)) != NULL) {
- if (polkit_hash_insert (h, h, h)) {
- g_assert ((polkit_hash_lookup (h, h, &found) == h) && found);
- if (polkit_hash_insert (h, h, NULL)) {
- g_assert (polkit_hash_lookup (h, h, &found) == NULL && found);
- }
- }
- polkit_hash_unref (h);
- }
-
- return TRUE;
-}
-
-PolKitTest _test_hash = {
- "polkit_hash",
- NULL,
- NULL,
- _run_test
-};
-
-#endif /* POLKIT_BUILD_TESTS */
diff --git a/polkit/polkit-hash.h b/polkit/polkit-hash.h
deleted file mode 100644
index 0c3428f..0000000
--- a/polkit/polkit-hash.h
+++ /dev/null
@@ -1,147 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-hash.h : Hash tables
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_HASH_H
-#define POLKIT_HASH_H
-
-#include <polkit/polkit-types.h>
-
-POLKIT_BEGIN_DECLS
-
-struct _PolKitHash;
-typedef struct _PolKitHash PolKitHash;
-
-/**
- * PolKitHashFunc:
- * @key: a key
- *
- * The function is passed a key and should return a hash value. The
- * functions polkit_hash_direct_hash_func() and
- * polkit_hash_str_hash_func() provide hash functions which can be
- * used when the key is a pointer and an char* respectively.
- *
- * Returns: the hash value corresponding to the key
- *
- * Since: 0.7
- */
-typedef polkit_uint32_t (*PolKitHashFunc) (const void *key);
-
-/**
- * PolKitEqualFunc:
- * @key1: first key
- * @key2: second key
- *
- * Determines if two keys are equal. The functions
- * polkit_hash_direct_equal_func() and polkit_hash_str_equal_func()
- * provide equality functions which can be used when the key is a
- * pointer and an char* respectively.
- *
- * Returns: #TRUE iff the keys are equal
- *
- * Since: 0.7
- */
-typedef polkit_bool_t (*PolKitEqualFunc) (const void *key1, const void *key2);
-
-/**
- * PolKitFreeFunc:
- * @p: pointer
- *
- * Specifies the type of function which is called when a data element
- * is destroyed. It is passed the pointer to the data element and
- * should free any memory and resources allocated for it. The function
- * p_free() or any of the object unref functions can be passed here.
- *
- * Since: 0.7
- */
-typedef void (*PolKitFreeFunc) (void *p);
-
-/**
- * PolKitCopyFunc:
- * @p: pointer
- *
- * Specifies the type of function which is called when a data element
- * is to be cloned or reffed. It is passed the pointer to the data
- * element and should return a new pointer to a reffed or cloned
- * object. The function polkit_hash_str_copy() or any of the object
- * ref functions can be passed here.
- *
- * Returns: A copy or ref of the object in question
- *
- * Since: 0.7
- */
-typedef void *(*PolKitCopyFunc) (const void *p);
-
-/**
- * PolKitHashForeachFunc:
- * @hash: the hash table
- * @key: key
- * @value: value
- * @user_data: user data passed to polkit_hash_foreach()
- *
- * Type signature for callback function used in polkit_hash_foreach().
- *
- * Returns: Return #TRUE to short-circuit, e.g. stop the iteration.
- *
- * Since: 0.7
- */
-typedef polkit_bool_t (*PolKitHashForeachFunc) (PolKitHash *hash,
- void *key,
- void *value,
- void *user_data);
-
-
-PolKitHash *polkit_hash_new (PolKitHashFunc hash_func,
- PolKitEqualFunc key_equal_func,
- PolKitCopyFunc key_copy_func,
- PolKitCopyFunc value_copy_func,
- PolKitFreeFunc key_destroy_func,
- PolKitFreeFunc value_destroy_func);
-
-PolKitHash *polkit_hash_ref (PolKitHash *hash);
-void polkit_hash_unref (PolKitHash *hash);
-
-polkit_bool_t polkit_hash_insert (PolKitHash *hash, void *key, void *value);
-
-void *polkit_hash_lookup (PolKitHash *hash, void *key, polkit_bool_t *found);
-
-polkit_bool_t polkit_hash_foreach (PolKitHash *hash, PolKitHashForeachFunc cb, void *user_data);
-
-
-polkit_uint32_t polkit_hash_direct_hash_func (const void *key);
-polkit_bool_t polkit_hash_direct_equal_func (const void *v1, const void *v2);
-
-polkit_uint32_t polkit_hash_str_hash_func (const void *key);
-polkit_bool_t polkit_hash_str_equal_func (const void *v1, const void *v2);
-void *polkit_hash_str_copy (const void *p);
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_HASH_H */
-
-
diff --git a/polkit/polkit-list.c b/polkit/polkit-list.c
deleted file mode 100644
index 72f6642..0000000
--- a/polkit/polkit-list.c
+++ /dev/null
@@ -1,330 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-list.c : Doubly-linked lists
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <glib.h>
-#include <polkit/polkit-list.h>
-#include <polkit/polkit-memory.h>
-#include <polkit/polkit-test.h>
-
-/**
- * SECTION:polkit-list
- * @title: Doubly-linked lists
- * @short_description: Doubly-linked lists
- *
- * This class provides support for doubly-linked lists.
- *
- * Since: 0.7
- **/
-
-/**
- * polkit_list_append:
- * @list: existing list or #NULL to create a new list
- * @data: data to append to the list
- *
- * Append an entry to a list.
- *
- * Returns: the head of the new list or #NULL on OOM
- *
- * Since: 0.7
- */
-PolKitList *
-polkit_list_append (PolKitList *list, void *data)
-{
- PolKitList *l;
- PolKitList *j;
-
- for (j = list; j != NULL && j->next != NULL; j = j->next)
- ;
-
- l = p_new0 (PolKitList, 1);
- if (l == NULL)
- goto oom;
-
- l->data = data;
- l->prev = j;
-
- if (j != NULL) {
- j->next = l;
- } else {
- list = l;
- }
-
- return list;
-oom:
- return NULL;
-}
-
-/**
- * polkit_list_prepend:
- * @list: existing list or #NULL to create a new list
- * @data: data to prepend to the list
- *
- * Prepend an entry to a list.
- *
- * Returns: the head of the new list or #NULL on OOM
- *
- * Since: 0.7
- */
-PolKitList *
-polkit_list_prepend (PolKitList *list, void *data)
-{
- PolKitList *l;
-
- l = p_new0 (PolKitList, 1);
- if (l == NULL)
- goto oom;
-
- l->next = list;
- l->data = data;
- if (list != NULL) {
- list->prev = l;
- }
-
-oom:
- return l;
-}
-
-/**
- * polkit_list_delete_link:
- * @list: existing list, cannot be #NULL
- * @link: link to delete, cannot be #NULL
- *
- * Delete a link from a list.
- *
- * Returns: the new head of the list or #NULL if the list is empty after deletion.
- *
- * Since: 0.7
- */
-PolKitList *
-polkit_list_delete_link (PolKitList *list, PolKitList *link)
-{
- PolKitList *ret;
-
- g_return_val_if_fail (list != NULL, NULL);
- g_return_val_if_fail (link != NULL, NULL);
-
- if (list == link)
- ret = link->next;
- else
- ret = list;
-
- if (link->prev != NULL) {
- link->prev->next = link->next;
- }
-
- if (link->next != NULL) {
- link->next->prev = link->prev;
- }
-
- p_free (link);
-
- return ret;
-}
-
-/**
- * polkit_list_free:
- * @list: the list
- *
- * Frees all links in a list
- *
- * Since: 0.7
- */
-void
-polkit_list_free (PolKitList *list)
-{
- PolKitList *l;
- PolKitList *j;
-
- for (l = list; l != NULL; l = j) {
- j = l->next;
- p_free (l);
- }
-}
-
-/**
- * polkit_list_length:
- * @list: the list
- *
- * Compute the length of a list.
- *
- * Returns: Number of entries in list
- *
- * Since: 0.7
- */
-size_t
-polkit_list_length (PolKitList *list)
-{
- ssize_t n;
- PolKitList *l;
-
- n = 0;
- for (l = list; l != NULL; l = l->next)
- n++;
-
- return n;
-}
-
-/**
- * polkit_list_foreach:
- * @list: the list
- * @func: callback function
- * @user_data: user data to pass to callback
- *
- * Iterate over all entries in a list.
- *
- * Returns: #TRUE only if the callback short-circuited the iteration
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_list_foreach (PolKitList *list, PolKitListForeachFunc func, void *user_data)
-{
- PolKitList *l;
-
- g_return_val_if_fail (list != NULL, FALSE);
- g_return_val_if_fail (func != NULL, FALSE);
-
- for (l = list; l != NULL; l = l->next) {
- if (func (list, l->data, user_data))
- return TRUE;
- }
-
- return FALSE;
-}
-
-
-#ifdef POLKIT_BUILD_TESTS
-
-typedef struct {
- int num;
- int result;
-} _Closure;
-
-static polkit_bool_t
-_sum (PolKitList *list, void *data, void *user_data)
-{
- _Closure *c = (_Closure*) user_data;
-
- c->result += ((int) data) * (c->num + 1);
- c->num += 1;
-
- return FALSE;
-}
-
-static polkit_bool_t
-_sum2 (PolKitList *list, void *data, void *user_data)
-{
- _Closure *c = (_Closure*) user_data;
-
- if (c->num == 2)
- return TRUE;
-
- c->result += ((int) data) * (c->num + 1);
- c->num += 1;
-
- return FALSE;
-}
-
-static polkit_bool_t
-_run_test (void)
-{
- _Closure c;
- int items[] = {1, 2, 3, 4, 5};
- unsigned int num_items = sizeof (items) / sizeof (int);
- unsigned int n;
- PolKitList *l;
- PolKitList *j;
-
- l = NULL;
- for (n = 0; n < num_items; n++) {
- j = l;
- l = polkit_list_prepend (l, (void *) items[n]);
- if (l == NULL)
- goto oom;
- }
-
- g_assert (polkit_list_length (l) == num_items);
- c.num = 0;
- c.result = 0;
- polkit_list_foreach (l, _sum, &c);
- g_assert (c.result == 1*5 + 2*4 + 3*3 + 4*2 + 5*1);
-
- c.num = 0;
- c.result = 0;
- polkit_list_foreach (l, _sum2, &c);
- g_assert (c.result == 1*5 + 2*4);
-
- l = polkit_list_delete_link (l, l);
- g_assert (polkit_list_length (l) == num_items - 1);
- c.num = 0;
- c.result = 0;
- polkit_list_foreach (l, _sum, &c);
- g_assert (c.result == 1*4 + 2*3 + 3*2 + 4*1);
-
- l = polkit_list_delete_link (l, l->next);
- g_assert (polkit_list_length (l) == num_items - 2);
- c.num = 0;
- c.result = 0;
- polkit_list_foreach (l, _sum, &c);
- g_assert (c.result == 1*4 + 2*2 + 3*1);
-
- polkit_list_free (l);
-
- l = NULL;
- for (n = 0; n < num_items; n++) {
- j = l;
- l = polkit_list_append (l, (void *) items[n]);
- if (l == NULL)
- goto oom;
- }
-
- c.num = 0;
- c.result = 0;
- polkit_list_foreach (l, _sum, &c);
- g_assert (c.result == 1*1 + 2*2 + 3*3 + 4*4 + 5*5);
-
- polkit_list_free (l);
-
- return TRUE;
-oom:
- polkit_list_free (j);
- return TRUE;
-}
-
-PolKitTest _test_list = {
- "polkit_list",
- NULL,
- NULL,
- _run_test
-};
-
-#endif /* POLKIT_BUILD_TESTS */
diff --git a/polkit/polkit-list.h b/polkit/polkit-list.h
deleted file mode 100644
index e8de811..0000000
--- a/polkit/polkit-list.h
+++ /dev/null
@@ -1,85 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-list.h : Doubly-linked list
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_LIST_H
-#define POLKIT_LIST_H
-
-#include <polkit/polkit-types.h>
-
-POLKIT_BEGIN_DECLS
-
-struct _PolKitList;
-typedef struct _PolKitList PolKitList;
-
-/**
- * PolKitList:
- * @data: the value passed in polkit_list_append() and polkit_list_prepend()
- * @next: the next element in the list or #NULL if this is the last element
- * @prev: the previous element in the list or #NULL if this is the last element
- *
- * Public members of the #PolKitList data structure
- *
- * Since: 0.7
- */
-struct _PolKitList {
- void *data;
- PolKitList *next;
- PolKitList *prev;
-};
-
-/**
- * PolKitListForeachFunc:
- * @list: the list
- * @data: data of link entry
- * @user_data: user data passed to polkit_list_foreach()
- *
- * Type signature for callback function used in polkit_list_foreach().
- *
- * Returns: Return #TRUE to short-circuit, e.g. stop the iteration.
- *
- * Since: 0.7
- */
-typedef polkit_bool_t (*PolKitListForeachFunc) (PolKitList *list,
- void *data,
- void *user_data);
-
-PolKitList *polkit_list_append (PolKitList *list, void *data);
-PolKitList *polkit_list_prepend (PolKitList *list, void *data);
-void polkit_list_free (PolKitList *list);
-PolKitList *polkit_list_delete_link (PolKitList *list, PolKitList *link);
-
-size_t polkit_list_length (PolKitList *list);
-polkit_bool_t polkit_list_foreach (PolKitList *list, PolKitListForeachFunc func, void *user_data);
-
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_LIST_H */
-
-
diff --git a/polkit/polkit-memory.c b/polkit/polkit-memory.c
deleted file mode 100644
index 10c208d..0000000
--- a/polkit/polkit-memory.c
+++ /dev/null
@@ -1,373 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-memory.c : Memory management
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <string.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <glib.h>
-
-#include <polkit/polkit-memory.h>
-#include <polkit/polkit-private.h>
-
-/**
- * SECTION:polkit-memory
- * @title: Memory management
- * @short_description: Memory management
- *
- * Functions used for memory management.
- *
- * Since: 0.7
- **/
-
-
-#ifdef POLKIT_BUILD_TESTS
-
-static int _cur_allocs = 0;
-static int _total_allocs = 0;
-static int _fail_nth = -1;
-
-void
-_polkit_memory_reset (void)
-{
- _cur_allocs = 0;
- _total_allocs = 0;
- _fail_nth = -1;
-}
-
-int
-_polkit_memory_get_current_allocations (void)
-{
- return _cur_allocs;
-}
-
-int
-_polkit_memory_get_total_allocations (void)
-{
- return _total_allocs;
-}
-
-void
-_polkit_memory_fail_nth_alloc (int number)
-{
- _fail_nth = number;
-}
-
-/**
- * p_malloc:
- * @bytes: number of 8-bit bytes to allocate
- *
- * Allocate memory
- *
- * Returns: memory location or #NULL on OOM. Free with p_free().
- *
- * Since: 0.7
- */
-void *
-p_malloc (size_t bytes)
-{
- void *p;
-
- if (_fail_nth != -1 && _total_allocs == _fail_nth) {
- return NULL;
- }
-
- p = malloc (bytes);
-
- if (p != NULL) {
- _cur_allocs++;
- _total_allocs++;
- }
-
- return p;
-}
-
-/**
- * p_malloc0:
- * @bytes: number of 8-bit bytes to allocate
- *
- * Allocate memory and zero it.
- *
- * Returns: memory location or #NULL on OOM. Free with p_free().
- *
- * Since: 0.7
- */
-void *
-p_malloc0 (size_t bytes)
-{
- void *p;
-
- if (_fail_nth != -1 && _total_allocs == _fail_nth) {
- return NULL;
- }
-
- p = calloc (1, bytes);
-
- if (p != NULL) {
- _cur_allocs++;
- _total_allocs++;
- }
-
- return p;
-}
-
-/**
- * p_realloc:
- * @memory: memory previously allocated
- * @bytes: new size
- *
- * Reallocate memory; like realloc(3).
- *
- * Returns: memory location or #NULL on OOM. Free with p_free().
- *
- * Since: 0.7
- */
-void *
-p_realloc (void *memory, size_t bytes)
-{
- void *p;
-
- g_debug ("realloc %p %d", memory, bytes);
-
- if (memory == NULL)
- return p_malloc (bytes);
-
- if (bytes == 0) {
- p_free (memory);
- return memory;
- }
-
- if (_fail_nth != -1 && _total_allocs == _fail_nth) {
- return NULL;
- }
-
- p = realloc (memory, bytes);
-
- return p;
-}
-
-/**
- * p_free:
- * @memory: pointer to memory allocated with p_malloc() + friends
- *
- * Free memory allocated by p_malloc() + friends.
- *
- * Since: 0.7
- */
-void
-p_free (void *memory)
-{
- free (memory);
- if (memory != NULL) {
- _cur_allocs--;
- }
-}
-
-/**
- * p_strdup:
- * @s: string
- *
- * Duplicate a string. Similar to strdup(3).
- *
- * Returns: Allocated memory or #NULL on OOM. Free with p_free().
- *
- * Since: 0.7
- */
-char *
-p_strdup (const char *s)
-{
- char *p;
- size_t len;
-
- len = strlen (s);
-
- p = p_malloc (len + 1);
- if (p == NULL)
- goto out;
-
- memcpy (p, s, len);
- p[len] = '\0';
-
-out:
- return p;
-}
-
-/**
- * p_strndup:
- * @s: string
- * @n: size
- *
- * Duplicate a string but copy at most @n characters. If @s is longer
- * than @n, only @n characters are copied, and a terminating null byte
- * is added. Similar to strndup(3).
- *
- * Returns: Allocated memory or #NULL on OOM. Free with p_free().
- *
- * Since: 0.7
- */
-char *
-p_strndup (const char *s, size_t n)
-{
- char *p;
- size_t len;
-
- for (len = 0; len < n; len++) {
- if (s[len] == '\0')
- break;
- if (len == n)
- break;
- }
-
-
- p = p_malloc (len + 1);
- if (p == NULL)
- goto out;
-
- memcpy (p, s, len);
- p[len] = '\0';
-out:
- return p;
-}
-
-/*--------------------------------------------------------------------------------------------------------------*/
-#else
-/*--------------------------------------------------------------------------------------------------------------*/
-
-void *
-p_malloc (size_t bytes)
-{
- return malloc (bytes);
-}
-
-void *
-p_malloc0 (size_t bytes)
-{
- return calloc (1, bytes);
-}
-
-void *
-p_realloc (void *memory, size_t bytes)
-{
- return realloc (memory, bytes);
-}
-
-void
-p_free (void *memory)
-{
- free (memory);
-}
-
-void
-_polkit_memory_reset (void)
-{
-}
-
-int
-_polkit_memory_get_current_allocations (void)
-{
- return -1;
-}
-
-int
-_polkit_memory_get_total_allocations (void)
-{
- return -1;
-}
-
-void
-_polkit_memory_fail_nth_alloc (int number)
-{
-}
-
-char *
-p_strdup (const char *s)
-{
- return strdup (s);
-}
-
-char *
-p_strndup (const char *s, size_t n)
-{
- return strndup (s, n);
-}
-
-#endif /* POLKIT_BUILD_TESTS */
-
-/**
- * p_strdup_printf:
- * @format: sprintf(3) format string
- * @...: the parameters to insert into the format string.
- *
- * Similar to the standard C sprintf(3) function but safer, since it
- * calculates the maximum space required and allocates memory to hold
- * the result. The returned string should be freed when no longer
- * needed.
- *
- * Returns: A newly allocated string or #NULL on OOM. Free with p_free().
- *
- * Since: 0.7
- */
-char*
-p_strdup_printf (const char *format, ...)
-{
- char *s;
- va_list args;
-
- va_start (args, format);
- s = p_strdup_vprintf (format, args);
- va_end (args);
-
- return s;
-}
-
-/**
- * p_strdup_vprintf:
- * @format: printf(3) format string
- * @args: list of parameters to insert
- *
- * Similar to the standard C vsprintf(3) function but safer, since it
- * calculates the maximum space required and allocates memory to hold
- * the result. The returned string should be freed when no longer
- * needed.
- *
- * Returns: A newly allocated string or #NULL on OOM. Free with p_free().
- *
- * Since: 0.7
- */
-char*
-p_strdup_vprintf (const char *format, va_list args)
-{
- char *s;
- char *gs;
- /* TODO: reimplement */
- gs = g_strdup_vprintf (format, args);
- s = p_strdup (gs);
- g_free (gs);
-
- return s;
-}
diff --git a/polkit/polkit-memory.h b/polkit/polkit-memory.h
deleted file mode 100644
index 78d3d83..0000000
--- a/polkit/polkit-memory.h
+++ /dev/null
@@ -1,75 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-memory.h : Memory management
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_MEMORY_H
-#define POLKIT_MEMORY_H
-
-#include <stdarg.h>
-#include <polkit/polkit-types.h>
-
-POLKIT_BEGIN_DECLS
-
-void *p_malloc (size_t bytes);
-void *p_malloc0 (size_t bytes);
-void *p_realloc (void *memory, size_t bytes);
-void p_free (void *memory);
-
-/**
- * p_new:
- * @type: the type of object to allocate
- * @count: number of objects to allocate
- *
- * Allocate memory for @count structures of type @type.
- *
- * Returns: Allocated memory, cast to a pointer of #type or #NULL on OOM.
- */
-#define p_new(type, count) ((type*)p_malloc (sizeof (type) * (count)));
-
-/**
- * p_new0:
- * @type: the type of object to allocate
- * @count: number of objects to allocate
- *
- * Allocate zeroed memory for @count structures of type @type.
- *
- * Returns: Allocated memory, cast to a pointer of #type or #NULL on OOM.
- */
-#define p_new0(type, count) ((type*)p_malloc0 (sizeof (type) * (count)));
-
-char *p_strdup (const char *s);
-char *p_strndup (const char *s, size_t n);
-char* p_strdup_printf (const char *format, ...);
-char* p_strdup_vprintf (const char *format, va_list args);
-
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_MEMORY_H */
-
-
diff --git a/polkit/polkit-policy-cache.c b/polkit/polkit-policy-cache.c
deleted file mode 100644
index e9be5ea..0000000
--- a/polkit/polkit-policy-cache.c
+++ /dev/null
@@ -1,355 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-policy-cache.c : policy cache
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-#include <syslog.h>
-
-#include <glib.h>
-#include "polkit-debug.h"
-#include "polkit-policy-file.h"
-#include "polkit-policy-cache.h"
-#include "polkit-private.h"
-
-/**
- * SECTION:polkit-policy-cache
- * @title: Policy Cache
- * @short_description: Holds the actions defined on the system.
- *
- * This class is used to hold all policy objects (stemming from policy
- * files) and provide look-up functions.
- **/
-
-/**
- * PolKitPolicyCache:
- *
- * Instances of this class are used to hold all policy objects
- * (stemming from policy files) and provide look-up functions.
- **/
-struct _PolKitPolicyCache
-{
- int refcount;
-
- GSList *priv_entries;
-};
-
-
-static void
-_append_entry (PolKitPolicyFile *policy_file,
- PolKitPolicyFileEntry *policy_file_entry,
- void *user_data)
-{
- PolKitPolicyCache *policy_cache = user_data;
-
- polkit_policy_file_entry_ref (policy_file_entry);
- policy_cache->priv_entries = g_slist_append (policy_cache->priv_entries, policy_file_entry);
-}
-
-PolKitPolicyCache *
-_polkit_policy_cache_new (const char *dirname, polkit_bool_t load_descriptions, PolKitError **error)
-{
- const char *file;
- GDir *dir;
- PolKitPolicyCache *pc;
- GError *g_error;
-
- pc = g_new0 (PolKitPolicyCache, 1);
- pc->refcount = 1;
-
- g_error = NULL;
- dir = g_dir_open (dirname, 0, &g_error);
- if (dir == NULL) {
- polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID,
- "Cannot load policy files from directory %s: %s",
- dirname,
- g_error->message);
- g_error_free (g_error);
- goto out;
- }
- while ((file = g_dir_read_name (dir)) != NULL) {
- char *path;
- PolKitPolicyFile *pf;
- PolKitError *pk_error;
-
- if (!g_str_has_suffix (file, ".policy"))
- continue;
-
- if (g_str_has_prefix (file, "."))
- continue;
-
- path = g_strdup_printf ("%s/%s", dirname, file);
-
- _pk_debug ("Loading %s", path);
- pk_error = NULL;
- pf = polkit_policy_file_new (path, load_descriptions, &pk_error);
- g_free (path);
-
- if (pf == NULL) {
- _pk_debug ("libpolkit: ignoring malformed policy file: %s",
- polkit_error_get_error_message (pk_error));
- syslog (LOG_ALERT, "libpolkit: ignoring malformed policy file: %s",
- polkit_error_get_error_message (pk_error));
- polkit_error_free (pk_error);
- continue;
- }
-
- /* steal entries */
- polkit_policy_file_entry_foreach (pf, _append_entry, pc);
- polkit_policy_file_unref (pf);
- }
- g_dir_close (dir);
-
- return pc;
-out:
- if (pc != NULL)
- polkit_policy_cache_ref (pc);
- return NULL;
-}
-
-/**
- * polkit_policy_cache_ref:
- * @policy_cache: the policy cache object
- *
- * Increase reference count.
- *
- * Returns: the object
- **/
-PolKitPolicyCache *
-polkit_policy_cache_ref (PolKitPolicyCache *policy_cache)
-{
- g_return_val_if_fail (policy_cache != NULL, policy_cache);
- policy_cache->refcount++;
- return policy_cache;
-}
-
-/**
- * polkit_policy_cache_unref:
- * @policy_cache: the policy cache object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-polkit_policy_cache_unref (PolKitPolicyCache *policy_cache)
-{
- GSList *i;
-
- g_return_if_fail (policy_cache != NULL);
- policy_cache->refcount--;
- if (policy_cache->refcount > 0)
- return;
-
- for (i = policy_cache->priv_entries; i != NULL; i = g_slist_next (i)) {
- PolKitPolicyFileEntry *pfe = i->data;
- polkit_policy_file_entry_unref (pfe);
- }
- if (policy_cache->priv_entries != NULL)
- g_slist_free (policy_cache->priv_entries);
-
- g_free (policy_cache);
-}
-
-/**
- * polkit_policy_cache_debug:
- * @policy_cache: the cache
- *
- * Print debug information about object
- **/
-void
-polkit_policy_cache_debug (PolKitPolicyCache *policy_cache)
-{
- GSList *i;
- g_return_if_fail (policy_cache != NULL);
-
- _pk_debug ("PolKitPolicyCache: refcount=%d num_entries=%d ...",
- policy_cache->refcount,
- policy_cache->priv_entries == NULL ? 0 : g_slist_length (policy_cache->priv_entries));
-
- for (i = policy_cache->priv_entries; i != NULL; i = g_slist_next (i)) {
- PolKitPolicyFileEntry *pfe = i->data;
- polkit_policy_file_entry_debug (pfe);
- }
-}
-
-/**
- * polkit_policy_cache_get_entry_by_id:
- * @policy_cache: the cache
- * @action_id: the action identifier
- *
- * Given a action identifier, find the object describing the
- * definition of the policy; e.g. data stemming from files in
- * /usr/share/PolicyKit/policy.
- *
- * Returns: A #PolKitPolicyFileEntry entry on sucess; otherwise
- * #NULL if the action wasn't identified. Caller shall not unref
- * this object.
- **/
-PolKitPolicyFileEntry*
-polkit_policy_cache_get_entry_by_id (PolKitPolicyCache *policy_cache, const char *action_id)
-{
- GSList *i;
- PolKitPolicyFileEntry *pfe;
-
- g_return_val_if_fail (policy_cache != NULL, NULL);
- g_return_val_if_fail (action_id != NULL, NULL);
-
- pfe = NULL;
-
- for (i = policy_cache->priv_entries; i != NULL; i = g_slist_next (i)) {
- pfe = i->data;
- if (strcmp (polkit_policy_file_entry_get_id (pfe), action_id) == 0) {
- goto out;
- }
- }
-
- if (pfe == NULL) {
- /* the authdb backend may want to synthesize pfe's */
- pfe = _polkit_authorization_db_pfe_get_by_id (policy_cache, action_id);
- }
-
-out:
- return pfe;
-}
-
-/**
- * polkit_policy_cache_get_entry:
- * @policy_cache: the cache
- * @action: the action
- *
- * Given a action, find the object describing the definition of the
- * policy; e.g. data stemming from files in
- * /usr/share/PolicyKit/policy.
- *
- * Returns: A #PolKitPolicyFileEntry entry on sucess; otherwise
- * #NULL if the action wasn't identified. Caller shall not unref
- * this object.
- **/
-PolKitPolicyFileEntry*
-polkit_policy_cache_get_entry (PolKitPolicyCache *policy_cache,
- PolKitAction *action)
-{
- char *action_id;
- PolKitPolicyFileEntry *pfe;
-
- /* I'm sure it would be easy to make this O(1)... */
-
- g_return_val_if_fail (policy_cache != NULL, NULL);
- g_return_val_if_fail (action != NULL, NULL);
-
- pfe = NULL;
-
- if (!polkit_action_get_action_id (action, &action_id))
- goto out;
-
- pfe = polkit_policy_cache_get_entry_by_id (policy_cache, action_id);
-
-out:
- return pfe;
-}
-
-/**
- * polkit_policy_cache_foreach:
- * @policy_cache: the policy cache
- * @callback: callback function
- * @user_data: user data to pass to callback function
- *
- * Visit all entries in the policy cache.
- **/
-void
-polkit_policy_cache_foreach (PolKitPolicyCache *policy_cache,
- PolKitPolicyCacheForeachFunc callback,
- void *user_data)
-{
- GSList *i;
- PolKitPolicyFileEntry *pfe;
-
- g_return_if_fail (policy_cache != NULL);
- g_return_if_fail (callback != NULL);
-
- for (i = policy_cache->priv_entries; i != NULL; i = g_slist_next (i)) {
- pfe = i->data;
- callback (policy_cache, pfe, user_data);
- }
-
- /* the authdb backend may also want to return synthesized pfe's */
- _polkit_authorization_db_pfe_foreach (policy_cache,
- callback,
- user_data);
-}
-
-/**
- * polkit_policy_cache_get_entry_by_annotation:
- * @policy_cache: the policy cache
- * @annotation_key: the key to check for
- * @annotation_value: the value to check for
- *
- * Find the first policy file entry where a given annotation matches a
- * given value. Note that there is nothing preventing the existence of
- * multiple policy file entries matching this criteria; it would
- * however be a packaging bug if this situation occured.
- *
- * Returns: The first #PolKitPolicyFileEntry matching the search
- * criteria. The caller shall not unref this object. Returns #NULL if
- * there are no policy file entries matching the search criteria.
- *
- * Since: 0.7
- */
-PolKitPolicyFileEntry*
-polkit_policy_cache_get_entry_by_annotation (PolKitPolicyCache *policy_cache,
- const char *annotation_key,
- const char *annotation_value)
-{
- GSList *i;
-
- g_return_val_if_fail (policy_cache != NULL, NULL);
- g_return_val_if_fail (annotation_key != NULL, NULL);
- g_return_val_if_fail (annotation_value != NULL, NULL);
-
- for (i = policy_cache->priv_entries; i != NULL; i = g_slist_next (i)) {
- const char *value;
- PolKitPolicyFileEntry *pfe = i->data;
-
- value = polkit_policy_file_entry_get_annotation (pfe, annotation_key);
- if (value == NULL)
- continue;
-
- if (strcmp (annotation_value, value) == 0) {
- return pfe;
- }
- }
-
- return NULL;
-}
diff --git a/polkit/polkit-policy-cache.h b/polkit/polkit-policy-cache.h
deleted file mode 100644
index e7e5662..0000000
--- a/polkit/polkit-policy-cache.h
+++ /dev/null
@@ -1,75 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-policy-cache.h : policy cache
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_POLICY_CACHE_H
-#define POLKIT_POLICY_CACHE_H
-
-#include <polkit/polkit-types.h>
-#include <polkit/polkit-error.h>
-#include <polkit/polkit-action.h>
-#include <polkit/polkit-policy-file-entry.h>
-
-POLKIT_BEGIN_DECLS
-
-struct _PolKitPolicyCache;
-typedef struct _PolKitPolicyCache PolKitPolicyCache;
-
-/**
- * PolKitPolicyCacheForeachFunc:
- * @policy_cache: the policy cache
- * @entry: an entry in the cache - do not unref
- * @user_data: user data passed to polkit_policy_cache_foreach()
- *
- * Callback function for polkit_policy_cache_foreach().
- **/
-typedef void (*PolKitPolicyCacheForeachFunc) (PolKitPolicyCache *policy_cache,
- PolKitPolicyFileEntry *entry,
- void *user_data);
-
-PolKitPolicyCache *polkit_policy_cache_ref (PolKitPolicyCache *policy_cache);
-void polkit_policy_cache_unref (PolKitPolicyCache *policy_cache);
-void polkit_policy_cache_debug (PolKitPolicyCache *policy_cache);
-PolKitPolicyFileEntry* polkit_policy_cache_get_entry (PolKitPolicyCache *policy_cache,
- PolKitAction *action);
-PolKitPolicyFileEntry* polkit_policy_cache_get_entry_by_id (PolKitPolicyCache *policy_cache,
- const char *action_id);
-
-PolKitPolicyFileEntry* polkit_policy_cache_get_entry_by_annotation (PolKitPolicyCache *policy_cache,
- const char *annotation_key,
- const char *annotation_value);
-
-void polkit_policy_cache_foreach (PolKitPolicyCache *policy_cache,
- PolKitPolicyCacheForeachFunc callback,
- void *user_data);
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_POLICY_CACHE_H */
-
-
diff --git a/polkit/polkit-policy-default.c b/polkit/polkit-policy-default.c
deleted file mode 100644
index ed689e5..0000000
--- a/polkit/polkit-policy-default.c
+++ /dev/null
@@ -1,442 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-policy-default.c : policy definition for the defaults
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <glib.h>
-#include "polkit-debug.h"
-#include "polkit-error.h"
-#include "polkit-policy-default.h"
-#include "polkit-private.h"
-#include "polkit-test.h"
-#include "polkit-memory.h"
-
-/**
- * SECTION:polkit-policy-default
- * @title: Defaults
- * @short_description: Models the default policy for an action.
- *
- * This class records the default policy of an action.
- **/
-
-/**
- * PolKitPolicyDefault:
- *
- * Objects of this class are used to record information about a
- * default policy for an action.
- **/
-struct _PolKitPolicyDefault
-{
- int refcount;
- PolKitResult default_any;
- PolKitResult default_inactive;
- PolKitResult default_active;
-};
-
-PolKitPolicyDefault *
-_polkit_policy_default_new (PolKitResult defaults_allow_any,
- PolKitResult defaults_allow_inactive,
- PolKitResult defaults_allow_active)
-{
- PolKitPolicyDefault *pd;
-
- pd = p_new0 (PolKitPolicyDefault, 1);
- if (pd == NULL)
- goto out;
- pd->refcount = 1;
- pd->default_any = defaults_allow_any;
- pd->default_inactive = defaults_allow_inactive;
- pd->default_active = defaults_allow_active;
-out:
- return pd;
-}
-
-/**
- * polkit_policy_default_ref:
- * @policy_default: the policy object
- *
- * Increase reference count.
- *
- * Returns: the object
- **/
-PolKitPolicyDefault *
-polkit_policy_default_ref (PolKitPolicyDefault *policy_default)
-{
- g_return_val_if_fail (policy_default != NULL, policy_default);
- policy_default->refcount++;
- return policy_default;
-}
-
-/**
- * polkit_policy_default_unref:
- * @policy_default: the object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-polkit_policy_default_unref (PolKitPolicyDefault *policy_default)
-{
- g_return_if_fail (policy_default != NULL);
- policy_default->refcount--;
- if (policy_default->refcount > 0)
- return;
- p_free (policy_default);
-}
-
-/**
- * polkit_policy_default_debug:
- * @policy_default: the object
- *
- * Print debug details
- **/
-void
-polkit_policy_default_debug (PolKitPolicyDefault *policy_default)
-{
- g_return_if_fail (policy_default != NULL);
- _pk_debug ("PolKitPolicyDefault: refcount=%d\n"
- " default_any=%s\n"
- " default_inactive=%s\n"
- " default_active=%s",
- policy_default->refcount,
- polkit_result_to_string_representation (policy_default->default_any),
- polkit_result_to_string_representation (policy_default->default_inactive),
- polkit_result_to_string_representation (policy_default->default_active));
-}
-
-
-/**
- * polkit_policy_default_can_session_do_action:
- * @policy_default: the object
- * @action: the type of access to check for
- * @session: the session in question
- *
- * Using the default policy for an action, determine if a given
- * session can do a given action.
- *
- * Returns: A #PolKitResult - can only be one of
- * #POLKIT_RESULT_YES, #POLKIT_RESULT_NO.
- **/
-PolKitResult
-polkit_policy_default_can_session_do_action (PolKitPolicyDefault *policy_default,
- PolKitAction *action,
- PolKitSession *session)
-{
- polkit_bool_t is_local;
- polkit_bool_t is_active;
- PolKitResult ret;
-
- ret = POLKIT_RESULT_NO;
-
- g_return_val_if_fail (policy_default != NULL, ret);
- g_return_val_if_fail (action != NULL, ret);
- g_return_val_if_fail (session != NULL, ret);
-
- ret = policy_default->default_any;
-
- polkit_session_get_ck_is_local (session, &is_local);
- polkit_session_get_ck_is_active (session, &is_active);
-
- if (!is_local)
- goto out;
-
- if (is_active) {
- ret = policy_default->default_active;
- } else {
- ret = policy_default->default_inactive;
- }
-out:
- return ret;
-}
-
-/**
- * polkit_policy_default_can_caller_do_action:
- * @policy_default: the object
- * @action: the type of access to check for
- * @caller: the caller in question
- *
- * Using the default policy for an action, determine if a given
- * caller can do a given action.
- *
- * Returns: A #PolKitResult specifying if, and how, the caller can
- * do the given action.
- **/
-PolKitResult
-polkit_policy_default_can_caller_do_action (PolKitPolicyDefault *policy_default,
- PolKitAction *action,
- PolKitCaller *caller)
-{
- polkit_bool_t is_local;
- polkit_bool_t is_active;
- PolKitSession *session;
- PolKitResult ret;
-
- ret = POLKIT_RESULT_NO;
-
- g_return_val_if_fail (policy_default != NULL, ret);
- g_return_val_if_fail (action != NULL, ret);
- g_return_val_if_fail (caller != NULL, ret);
-
- ret = policy_default->default_any;
-
- polkit_caller_get_ck_session (caller, &session);
- if (session == NULL)
- goto out;
-
- polkit_session_get_ck_is_local (session, &is_local);
- polkit_session_get_ck_is_active (session, &is_active);
-
- if (!is_local)
- goto out;
-
- if (is_active) {
- ret = policy_default->default_active;
- } else {
- ret = policy_default->default_inactive;
- }
-
-out:
- return ret;
-}
-
-/**
- * polkit_policy_default_get_allow_any:
- * @policy_default: the object
- *
- * Get default policy.
- *
- * Returns: default policy
- **/
-PolKitResult
-polkit_policy_default_get_allow_any (PolKitPolicyDefault *policy_default)
-{
- g_return_val_if_fail (policy_default != NULL, POLKIT_RESULT_NO);
- return policy_default->default_any;
-}
-
-/**
- * polkit_policy_default_get_allow_inactive:
- * @policy_default: the object
- *
- * Get default policy.
- *
- * Returns: default policy
- **/
-PolKitResult
-polkit_policy_default_get_allow_inactive (PolKitPolicyDefault *policy_default)
-{
- g_return_val_if_fail (policy_default != NULL, POLKIT_RESULT_NO);
- return policy_default->default_inactive;
-}
-
-/**
- * polkit_policy_default_get_allow_active:
- * @policy_default: the object
- *
- * Get default policy.
- *
- * Returns: default policy
- **/
-PolKitResult
-polkit_policy_default_get_allow_active (PolKitPolicyDefault *policy_default)
-{
- g_return_val_if_fail (policy_default != NULL, POLKIT_RESULT_NO);
- return policy_default->default_active;
-}
-
-
-#ifdef POLKIT_BUILD_TESTS
-
-static polkit_bool_t
-_ts (PolKitSession *s, PolKitResult any, PolKitResult inactive, PolKitResult active, PolKitResult *ret)
-{
- PolKitAction *a;
- PolKitPolicyDefault *d;
- polkit_bool_t oom;
-
- oom = TRUE;
-
- if (s == NULL)
- goto out;
-
- if ((a = polkit_action_new ()) != NULL) {
- if (polkit_action_set_action_id (a, "org.dummy")) {
- if ((d = _polkit_policy_default_new (any,
- inactive,
- active)) != NULL) {
- PolKitCaller *c;
-
- *ret = polkit_policy_default_can_session_do_action (d, a, s);
- oom = FALSE;
-
- if ((c = polkit_caller_new ()) != NULL) {
- g_assert (polkit_policy_default_can_caller_do_action (d, a, c) == any);
-
- g_assert (polkit_caller_set_ck_session (c, s));
- g_assert (polkit_policy_default_can_caller_do_action (d, a, c) == *ret);
- polkit_caller_unref (c);
- }
-
- polkit_policy_default_ref (d);
- polkit_policy_default_get_allow_any (d);
- polkit_policy_default_get_allow_inactive (d);
- polkit_policy_default_get_allow_active (d);
- polkit_policy_default_unref (d);
- polkit_policy_default_debug (d);
- polkit_policy_default_unref (d);
- }
- }
- polkit_action_unref (a);
- }
-
-out:
- return oom;
-}
-
-static polkit_bool_t
-_run_test (void)
-{
- PolKitResult ret;
- PolKitSession *s_active;
- PolKitSession *s_inactive;
- PolKitSession *s_active_remote;
- PolKitSession *s_inactive_remote;
-
- if ((s_active = polkit_session_new ()) != NULL) {
- if (!polkit_session_set_ck_objref (s_active, "/session1")) {
- polkit_session_unref (s_active);
- s_active = NULL;
- } else {
- g_assert (polkit_session_set_ck_is_local (s_active, TRUE));
- g_assert (polkit_session_set_ck_is_active (s_active, TRUE));
- }
- }
-
- if ((s_inactive = polkit_session_new ()) != NULL) {
- if (!polkit_session_set_ck_objref (s_inactive, "/session2")) {
- polkit_session_unref (s_inactive);
- s_inactive = NULL;
- } else {
- g_assert (polkit_session_set_ck_is_local (s_inactive, TRUE));
- g_assert (polkit_session_set_ck_is_active (s_inactive, FALSE));
- }
- }
-
- if ((s_active_remote = polkit_session_new ()) != NULL) {
- if (!polkit_session_set_ck_objref (s_active_remote, "/session3") ||
- !polkit_session_set_ck_remote_host (s_active_remote, "remotehost.com")) {
- polkit_session_unref (s_active_remote);
- s_active_remote = NULL;
- } else {
- g_assert (polkit_session_set_ck_is_local (s_active_remote, FALSE));
- g_assert (polkit_session_set_ck_is_active (s_active_remote, TRUE));
- }
- }
-
- if ((s_inactive_remote = polkit_session_new ()) != NULL) {
- if (!polkit_session_set_ck_objref (s_inactive_remote, "/session4") ||
- !polkit_session_set_ck_remote_host (s_inactive_remote, "remotehost.com")) {
- polkit_session_unref (s_inactive_remote);
- s_inactive_remote = NULL;
- } else {
- g_assert (polkit_session_set_ck_is_local (s_inactive_remote, FALSE));
- g_assert (polkit_session_set_ck_is_active (s_inactive_remote, FALSE));
- }
- }
-
- g_assert (_ts (s_active,
- POLKIT_RESULT_NO, POLKIT_RESULT_NO, POLKIT_RESULT_YES, &ret) ||
- ret == POLKIT_RESULT_YES);
- g_assert (_ts (s_inactive,
- POLKIT_RESULT_NO, POLKIT_RESULT_NO, POLKIT_RESULT_YES, &ret) ||
- ret == POLKIT_RESULT_NO);
- g_assert (_ts (s_active_remote,
- POLKIT_RESULT_NO, POLKIT_RESULT_NO, POLKIT_RESULT_YES, &ret) ||
- ret == POLKIT_RESULT_NO);
- g_assert (_ts (s_inactive_remote,
- POLKIT_RESULT_NO, POLKIT_RESULT_NO, POLKIT_RESULT_YES, &ret) ||
- ret == POLKIT_RESULT_NO);
-
- g_assert (_ts (s_active,
- POLKIT_RESULT_NO, POLKIT_RESULT_YES, POLKIT_RESULT_YES, &ret) ||
- ret == POLKIT_RESULT_YES);
- g_assert (_ts (s_inactive,
- POLKIT_RESULT_NO, POLKIT_RESULT_YES, POLKIT_RESULT_YES, &ret) ||
- ret == POLKIT_RESULT_YES);
- g_assert (_ts (s_active_remote,
- POLKIT_RESULT_NO, POLKIT_RESULT_YES, POLKIT_RESULT_YES, &ret) ||
- ret == POLKIT_RESULT_NO);
- g_assert (_ts (s_inactive_remote,
- POLKIT_RESULT_NO, POLKIT_RESULT_YES, POLKIT_RESULT_YES, &ret) ||
- ret == POLKIT_RESULT_NO);
-
- g_assert (_ts (s_active,
- POLKIT_RESULT_YES, POLKIT_RESULT_YES, POLKIT_RESULT_YES, &ret) ||
- ret == POLKIT_RESULT_YES);
- g_assert (_ts (s_inactive,
- POLKIT_RESULT_YES, POLKIT_RESULT_YES, POLKIT_RESULT_YES, &ret) ||
- ret == POLKIT_RESULT_YES);
- g_assert (_ts (s_active_remote,
- POLKIT_RESULT_YES, POLKIT_RESULT_YES, POLKIT_RESULT_YES, &ret) ||
- ret == POLKIT_RESULT_YES);
- g_assert (_ts (s_inactive_remote,
- POLKIT_RESULT_YES, POLKIT_RESULT_YES, POLKIT_RESULT_YES, &ret) ||
- ret == POLKIT_RESULT_YES);
-
- if (s_active != NULL)
- polkit_session_unref (s_active);
-
- if (s_inactive != NULL)
- polkit_session_unref (s_inactive);
-
- if (s_active_remote != NULL)
- polkit_session_unref (s_active_remote);
-
- if (s_inactive_remote != NULL)
- polkit_session_unref (s_inactive_remote);
-
- return TRUE;
-}
-
-PolKitTest _test_policy_default = {
- "polkit_policy_default",
- NULL,
- NULL,
- _run_test
-};
-
-#endif /* POLKIT_BUILD_TESTS */
diff --git a/polkit/polkit-policy-default.h b/polkit/polkit-policy-default.h
deleted file mode 100644
index a9f6146..0000000
--- a/polkit/polkit-policy-default.h
+++ /dev/null
@@ -1,67 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-policy-default.h : policy definition for the defaults
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_POLICY_DEFAULT_H
-#define POLKIT_POLICY_DEFAULT_H
-
-#include <polkit/polkit-types.h>
-#include <polkit/polkit-result.h>
-#include <polkit/polkit-action.h>
-#include <polkit/polkit-session.h>
-#include <polkit/polkit-caller.h>
-#include <polkit/polkit-error.h>
-
-POLKIT_BEGIN_DECLS
-
-struct _PolKitPolicyDefault;
-typedef struct _PolKitPolicyDefault PolKitPolicyDefault;
-
-PolKitPolicyDefault *polkit_policy_default_ref (PolKitPolicyDefault *policy_default);
-void polkit_policy_default_unref (PolKitPolicyDefault *policy_default);
-void polkit_policy_default_debug (PolKitPolicyDefault *policy_default);
-
-PolKitResult polkit_policy_default_can_session_do_action (PolKitPolicyDefault *policy_default,
- PolKitAction *action,
- PolKitSession *session);
-
-PolKitResult polkit_policy_default_can_caller_do_action (PolKitPolicyDefault *policy_default,
- PolKitAction *action,
- PolKitCaller *caller);
-
-PolKitResult polkit_policy_default_get_allow_any (PolKitPolicyDefault *policy_default);
-PolKitResult polkit_policy_default_get_allow_inactive (PolKitPolicyDefault *policy_default);
-PolKitResult polkit_policy_default_get_allow_active (PolKitPolicyDefault *policy_default);
-
-/* TODO: export knobs for "default policy" */
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_POLICY_DEFAULT_H */
-
-
diff --git a/polkit/polkit-policy-file-entry.c b/polkit/polkit-policy-file-entry.c
deleted file mode 100644
index 5517ea2..0000000
--- a/polkit/polkit-policy-file-entry.c
+++ /dev/null
@@ -1,471 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-policy-file-entry.c : entries in policy files
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <glib.h>
-#include "polkit-debug.h"
-#include "polkit-error.h"
-#include "polkit-result.h"
-#include "polkit-policy-file-entry.h"
-#include "polkit-authorization-db.h"
-#include "polkit-private.h"
-#include "polkit-test.h"
-#include "polkit-memory.h"
-
-/**
- * SECTION:polkit-policy-file-entry
- * @title: Policy File Entry
- * @short_description: Represents a declared action in a policy file.
- *
- * This class is used to represent a entries in policy files.
- **/
-
-/**
- * PolKitPolicyFileEntry:
- *
- * Objects of this class are used to record information about a
- * policy.
- **/
-struct _PolKitPolicyFileEntry
-{
- int refcount;
- char *action;
- PolKitPolicyDefault *defaults;
-
- char *policy_description;
- char *policy_message;
- PolKitHash *annotations;
-};
-
-
-/* NOTE: we take ownership of the annotations object */
-PolKitPolicyFileEntry *
-_polkit_policy_file_entry_new (const char *action_id,
- PolKitResult defaults_allow_any,
- PolKitResult defaults_allow_inactive,
- PolKitResult defaults_allow_active,
- PolKitHash *annotations)
-{
- PolKitPolicyFileEntry *pfe;
-
- g_return_val_if_fail (action_id != NULL, NULL);
-
- pfe = p_new0 (PolKitPolicyFileEntry, 1);
- if (pfe == NULL)
- goto error;
- pfe->refcount = 1;
- pfe->action = p_strdup (action_id);
- if (pfe->action == NULL)
- goto error;
-
- if (! (polkit_authorization_db_get_capabilities () & POLKIT_AUTHORIZATION_DB_CAPABILITY_CAN_OBTAIN)) {
- /* if we don't support obtaining authorizations
- * through authenticating, then make the defaults
- * reflect this ...*/
- defaults_allow_any = POLKIT_RESULT_NO;
- defaults_allow_inactive = POLKIT_RESULT_NO;
- defaults_allow_active = POLKIT_RESULT_NO;
- }
-
- pfe->defaults = _polkit_policy_default_new (defaults_allow_any,
- defaults_allow_inactive,
- defaults_allow_active);
- if (pfe->defaults == NULL)
- goto error;
-
- pfe->annotations = annotations;
-
- return pfe;
-error:
- if (pfe != NULL)
- polkit_policy_file_entry_unref (pfe);
- return NULL;
-}
-
-polkit_bool_t
-_polkit_policy_file_entry_set_descriptions (PolKitPolicyFileEntry *pfe,
- const char *policy_description,
- const char *policy_message)
-{
- g_return_val_if_fail (pfe != NULL, FALSE);
-
- if (pfe->policy_description != NULL)
- p_free (pfe->policy_description);
- if (pfe->policy_message != NULL)
- p_free (pfe->policy_message);
-
- pfe->policy_description = p_strdup (policy_description);
- pfe->policy_message = p_strdup (policy_message);
-
- if (policy_description != NULL && pfe->policy_description == NULL)
- return FALSE;
-
- if (policy_message != NULL && pfe->policy_message == NULL)
- return FALSE;
-
- return TRUE;
-}
-
-/**
- * polkit_policy_file_entry_get_action_description:
- * @policy_file_entry: the object
- *
- * Get the description of the action that this policy entry describes. This
- * is intended to be used in policy editors, for example "Mount internal
- * volumes". Contrast with polkit_policy_file_entry_get_action_message(). The
- * textual string will be returned in the current locale.
- *
- * Note, if polkit_context_set_load_descriptions() on the
- * #PolKitContext object used to get this object wasn't called, this
- * method will return #NULL.
- *
- * Returns: string or #NULL if descriptions are not loaded - caller shall not free this string
- **/
-const char *
-polkit_policy_file_entry_get_action_description (PolKitPolicyFileEntry *policy_file_entry)
-{
- g_return_val_if_fail (policy_file_entry != NULL, NULL);
- return policy_file_entry->policy_description;
-}
-
-/**
- * polkit_policy_file_entry_get_action_message:
- * @policy_file_entry: the object
- *
- * Get the message describing the action that this policy entry
- * describes. This is to be used in dialogs, for example "System
- * Policy prevents mounting this volume". Contrast with
- * polkit_policy_file_entry_get_action_description(). The textual string
- * will be returned in the current locale.
- *
- * Note, if polkit_context_set_load_descriptions() on the
- * #PolKitContext object used to get this object wasn't called, this
- * method will return #NULL.
- *
- * Returns: string or #NULL if descriptions are not loaded - caller shall not free this string
- **/
-const char *
-polkit_policy_file_entry_get_action_message (PolKitPolicyFileEntry *policy_file_entry)
-{
- g_return_val_if_fail (policy_file_entry != NULL, NULL);
- return policy_file_entry->policy_message;
-}
-
-/**
- * polkit_policy_file_entry_ref:
- * @policy_file_entry: the policy file object
- *
- * Increase reference count.
- *
- * Returns: the object
- **/
-PolKitPolicyFileEntry *
-polkit_policy_file_entry_ref (PolKitPolicyFileEntry *policy_file_entry)
-{
- g_return_val_if_fail (policy_file_entry != NULL, policy_file_entry);
- policy_file_entry->refcount++;
- return policy_file_entry;
-}
-
-/**
- * polkit_policy_file_entry_unref:
- * @policy_file_entry: the policy file object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-polkit_policy_file_entry_unref (PolKitPolicyFileEntry *policy_file_entry)
-{
- g_return_if_fail (policy_file_entry != NULL);
- policy_file_entry->refcount--;
- if (policy_file_entry->refcount > 0)
- return;
-
- p_free (policy_file_entry->action);
-
- if (policy_file_entry->defaults != NULL)
- polkit_policy_default_unref (policy_file_entry->defaults);
-
- if (policy_file_entry->annotations != NULL)
- polkit_hash_unref (policy_file_entry->annotations);
-
- p_free (policy_file_entry->policy_description);
- p_free (policy_file_entry->policy_message);
-
- p_free (policy_file_entry);
-}
-
-/**
- * polkit_policy_file_entry_debug:
- * @policy_file_entry: the entry
- *
- * Print debug information about object
- **/
-void
-polkit_policy_file_entry_debug (PolKitPolicyFileEntry *policy_file_entry)
-{
- g_return_if_fail (policy_file_entry != NULL);
- _pk_debug ("PolKitPolicyFileEntry: refcount=%d action=%s",
- policy_file_entry->refcount,
- policy_file_entry->action);
- polkit_policy_default_debug (policy_file_entry->defaults);
-}
-
-/**
- * polkit_policy_file_entry_get_id:
- * @policy_file_entry: the file entry
- *
- * Get the action identifier.
- *
- * Returns: A string - caller shall not free this string.
- **/
-const char *
-polkit_policy_file_entry_get_id (PolKitPolicyFileEntry *policy_file_entry)
-{
- g_return_val_if_fail (policy_file_entry != NULL, NULL);
- return policy_file_entry->action;
-}
-
-/**
- * polkit_policy_file_entry_get_default:
- * @policy_file_entry: the file entry
- *
- * Get the the default policy for this policy.
- *
- * Returns: A #PolKitPolicyDefault object - caller shall not unref this object.
- **/
-PolKitPolicyDefault *
-polkit_policy_file_entry_get_default (PolKitPolicyFileEntry *policy_file_entry)
-{
- g_return_val_if_fail (policy_file_entry != NULL, NULL);
- return policy_file_entry->defaults;
-}
-
-typedef struct {
- PolKitPolicyFileEntry *pfe;
- PolKitPolicyFileEntryAnnotationsForeachFunc cb;
- void *user_data;
-} _AnnotationsClosure;
-
-static polkit_bool_t
-_annotations_cb (PolKitHash *hash,
- void *key,
- void *value,
- void *user_data)
-{
- _AnnotationsClosure *closure = user_data;
- closure->cb (closure->pfe, (const char *) key, (const char *) value, closure->user_data);
- return FALSE;
-}
-
-/**
- * polkit_policy_file_entry_annotations_foreach:
- * @policy_file_entry: the policy file entry
- * @cb: callback function
- * @user_data: user data to pass to the callback function
- *
- * Iterate over all annotations on the policy file entry.
- */
-void
-polkit_policy_file_entry_annotations_foreach (PolKitPolicyFileEntry *policy_file_entry,
- PolKitPolicyFileEntryAnnotationsForeachFunc cb,
- void *user_data)
-{
- _AnnotationsClosure closure;
-
- g_return_if_fail (policy_file_entry != NULL);
- if (policy_file_entry->annotations == NULL)
- return;
-
- closure.pfe = policy_file_entry;
- closure.cb = cb;
- closure.user_data = user_data;
-
- polkit_hash_foreach (policy_file_entry->annotations,
- _annotations_cb,
- &closure);
-}
-
-/**
- * polkit_policy_file_entry_get_annotation:
- * @policy_file_entry: the policy file entry
- * @key: the key of the annotation
- *
- * Look of the value of a given annotation.
- *
- * Returns: The value of the annotation or #NULL if not found.
- */
-const char *
-polkit_policy_file_entry_get_annotation (PolKitPolicyFileEntry *policy_file_entry,
- const char *key)
-{
- const char *value;
- g_return_val_if_fail (policy_file_entry != NULL, NULL);
- g_return_val_if_fail (key != NULL, NULL);
-
- value = NULL;
- if (policy_file_entry->annotations != NULL) {
- value = polkit_hash_lookup (policy_file_entry->annotations, (void *) key, NULL);
- }
- return value;
-}
-
-#ifdef POLKIT_BUILD_TESTS
-
-static void
-_pfe_cb (PolKitPolicyFileEntry *pfe,
- const char *key,
- const char *value,
- void *user_data)
-{
- int *count = (int *) user_data;
-
- if (strcmp (key, "a1") == 0 && strcmp (value, "v1") == 0)
- *count += 1;
- else if (strcmp (key, "a2") == 0 && strcmp (value, "v2") == 0)
- *count += 1;
-}
-
-static void
-_pfe_cb2 (PolKitPolicyFileEntry *pfe,
- const char *key,
- const char *value,
- void *user_data)
-{
- int *count = (int *) user_data;
- *count += 1;
-}
-
-
-static polkit_bool_t
-_run_test (void)
-{
- PolKitPolicyFileEntry *pfe;
- PolKitPolicyDefault *d;
- PolKitHash *a;
- int count;
-
- a = NULL;
- pfe = NULL;
-
- if ((a = polkit_hash_new (polkit_hash_str_hash_func,
- polkit_hash_str_equal_func,
- NULL, NULL,
- NULL, NULL)) == NULL)
- goto oom;
-
- if (!polkit_hash_insert (a, "a1", "v1"))
- goto oom;
-
- if (!polkit_hash_insert (a, "a2", "v2"))
- goto oom;
-
- if ((pfe = _polkit_policy_file_entry_new ("org.example-action",
- POLKIT_RESULT_NO,
- POLKIT_RESULT_ONLY_VIA_SELF_AUTH,
- POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH,
- a)) == NULL)
- goto oom;
- /* _file_entry_new assumes ownership of the passed a variable */
- a = NULL;
-
- g_assert (strcmp (polkit_policy_file_entry_get_id (pfe), "org.example-action") == 0);
-
- if (_polkit_policy_file_entry_set_descriptions (pfe,
- "the desc",
- "the msg")) {
- g_assert (strcmp (polkit_policy_file_entry_get_action_description (pfe), "the desc") == 0);
- g_assert (strcmp (polkit_policy_file_entry_get_action_message (pfe), "the msg") == 0);
- }
-
- if (_polkit_policy_file_entry_set_descriptions (pfe,
- "the desc2",
- "the msg2")) {
- g_assert (strcmp (polkit_policy_file_entry_get_action_description (pfe), "the desc2") == 0);
- g_assert (strcmp (polkit_policy_file_entry_get_action_message (pfe), "the msg2") == 0);
- }
-
- g_assert ((d = polkit_policy_file_entry_get_default (pfe)) != NULL);
- g_assert (polkit_policy_default_get_allow_any (d) == POLKIT_RESULT_NO);
- g_assert (polkit_policy_default_get_allow_inactive (d) == POLKIT_RESULT_ONLY_VIA_SELF_AUTH);
- g_assert (polkit_policy_default_get_allow_active (d) == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH);
-
- polkit_policy_file_entry_ref (pfe);
- polkit_policy_file_entry_unref (pfe);
- polkit_policy_file_entry_debug (pfe);
-
- g_assert (strcmp (polkit_policy_file_entry_get_annotation (pfe, "a1"), "v1") == 0);
- g_assert (strcmp (polkit_policy_file_entry_get_annotation (pfe, "a2"), "v2") == 0);
- g_assert (polkit_policy_file_entry_get_annotation (pfe, "a3") == NULL);
-
- count = 0;
- polkit_policy_file_entry_annotations_foreach (pfe, _pfe_cb, &count);
- g_assert (count == 2);
-
- polkit_policy_file_entry_unref (pfe);
- if ((pfe = _polkit_policy_file_entry_new ("org.example-action-2",
- POLKIT_RESULT_NO,
- POLKIT_RESULT_ONLY_VIA_SELF_AUTH,
- POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH,
- NULL)) == NULL)
- goto oom;
- count = 0;
- polkit_policy_file_entry_annotations_foreach (pfe, _pfe_cb2, &count);
- g_assert (count == 0);
- _pfe_cb2 (pfe, NULL, NULL, &count); /* want to get coverage of _pfe_cb2 */
- g_assert (count == 1);
-
-oom:
- if (pfe != NULL)
- polkit_policy_file_entry_unref (pfe);
-
- if (a != NULL)
- polkit_hash_unref (a);
-
- return TRUE;
-}
-
-PolKitTest _test_policy_file_entry = {
- "polkit_policy_file_entry",
- NULL,
- NULL,
- _run_test
-};
-
-#endif /* POLKIT_BUILD_TESTS */
diff --git a/polkit/polkit-policy-file-entry.h b/polkit/polkit-policy-file-entry.h
deleted file mode 100644
index 8eb88a9..0000000
--- a/polkit/polkit-policy-file-entry.h
+++ /dev/null
@@ -1,76 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-policy-file-entry.h : entries in policy files
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_POLICY_FILE_ENTRY_H
-#define POLKIT_POLICY_FILE_ENTRY_H
-
-#include <polkit/polkit-types.h>
-#include <polkit/polkit-result.h>
-#include <polkit/polkit-policy-default.h>
-
-POLKIT_BEGIN_DECLS
-
-struct _PolKitPolicyFileEntry;
-typedef struct _PolKitPolicyFileEntry PolKitPolicyFileEntry;
-
-/**
- * PolKitPolicyFileEntryAnnotationsForeachFunc:
- * @policy_file_entry: the policy file entry
- * @key: key of the annotation
- * @value: corrosponding value of the annotation
- * @user_data: user data passed to polkit_policy_file_entry_annotations_foreach()
- *
- * Callback function for polkit_policy_file_entry_annotations_foreach().
- **/
-typedef void (*PolKitPolicyFileEntryAnnotationsForeachFunc) (PolKitPolicyFileEntry *policy_file_entry,
- const char *key,
- const char *value,
- void *user_data);
-
-PolKitPolicyFileEntry *polkit_policy_file_entry_ref (PolKitPolicyFileEntry *policy_file_entry);
-void polkit_policy_file_entry_unref (PolKitPolicyFileEntry *policy_file_entry);
-void polkit_policy_file_entry_debug (PolKitPolicyFileEntry *policy_file_entry);
-
-const char *polkit_policy_file_entry_get_id (PolKitPolicyFileEntry *policy_file_entry);
-PolKitPolicyDefault *polkit_policy_file_entry_get_default (PolKitPolicyFileEntry *policy_file_entry);
-
-const char *polkit_policy_file_entry_get_action_description (PolKitPolicyFileEntry *policy_file_entry);
-const char *polkit_policy_file_entry_get_action_message (PolKitPolicyFileEntry *policy_file_entry);
-
-void polkit_policy_file_entry_annotations_foreach (PolKitPolicyFileEntry *policy_file_entry,
- PolKitPolicyFileEntryAnnotationsForeachFunc cb,
- void *user_data);
-const char *polkit_policy_file_entry_get_annotation (PolKitPolicyFileEntry *policy_file_entry,
- const char *key);
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_POLICY_FILE_ENTRY_H */
-
-
diff --git a/polkit/polkit-policy-file.c b/polkit/polkit-policy-file.c
deleted file mode 100644
index a894e0f..0000000
--- a/polkit/polkit-policy-file.c
+++ /dev/null
@@ -1,809 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-policy-file.c : policy files
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-#include <syslog.h>
-
-#include <expat.h>
-
-#include <glib.h>
-#include "polkit-error.h"
-#include "polkit-result.h"
-#include "polkit-policy-file.h"
-#include "polkit-policy-file-entry.h"
-#include "polkit-debug.h"
-#include "polkit-private.h"
-#include "polkit-test.h"
-#include "polkit-list.h"
-
-/**
- * SECTION:polkit-policy-file
- * @title: Policy Definition Files
- * @short_description: Represents a set of declared actions.
- *
- * This class is used to represent a policy file.
- **/
-
-/**
- * PolKitPolicyFile:
- *
- * Objects of this class are used to record information about a
- * policy file.
- **/
-struct _PolKitPolicyFile
-{
- int refcount;
- PolKitList *entries;
-};
-
-enum {
- STATE_NONE,
- STATE_UNKNOWN_TAG,
- STATE_IN_POLICY_CONFIG,
- STATE_IN_ACTION,
- STATE_IN_ACTION_DESCRIPTION,
- STATE_IN_ACTION_MESSAGE,
- STATE_IN_DEFAULTS,
- STATE_IN_DEFAULTS_ALLOW_ANY,
- STATE_IN_DEFAULTS_ALLOW_INACTIVE,
- STATE_IN_DEFAULTS_ALLOW_ACTIVE,
- STATE_IN_ANNOTATE
-};
-
-#define PARSER_MAX_DEPTH 32
-
-typedef struct {
- XML_Parser parser;
- int state;
- int state_stack[PARSER_MAX_DEPTH];
- int stack_depth;
-
- const char *path;
-
- char *action_id;
-
- PolKitResult defaults_allow_any;
- PolKitResult defaults_allow_inactive;
- PolKitResult defaults_allow_active;
-
- PolKitPolicyFile *pf;
-
- polkit_bool_t load_descriptions;
-
- PolKitHash *policy_descriptions;
- PolKitHash *policy_messages;
-
- char *policy_description_nolang;
- char *policy_message_nolang;
-
- /* the language according to $LANG (e.g. en_US, da_DK, fr, en_CA minus the encoding) */
- char *lang;
-
- /* the value of xml:lang for the thing we're reading in _cdata() */
- char *elem_lang;
-
- char *annotate_key;
- PolKitHash *annotations;
-
- polkit_bool_t is_oom;
-} ParserData;
-
-static void
-pd_unref_action_data (ParserData *pd)
-{
- p_free (pd->action_id);
- pd->action_id = NULL;
- p_free (pd->policy_description_nolang);
- pd->policy_description_nolang = NULL;
- p_free (pd->policy_message_nolang);
- pd->policy_message_nolang = NULL;
- if (pd->policy_descriptions != NULL) {
- polkit_hash_unref (pd->policy_descriptions);
- pd->policy_descriptions = NULL;
- }
- if (pd->policy_messages != NULL) {
- polkit_hash_unref (pd->policy_messages);
- pd->policy_messages = NULL;
- }
- p_free (pd->annotate_key);
- pd->annotate_key = NULL;
- if (pd->annotations != NULL) {
- polkit_hash_unref (pd->annotations);
- pd->annotations = NULL;
- }
- p_free (pd->elem_lang);
- pd->elem_lang = NULL;
-}
-
-static void
-pd_unref_data (ParserData *pd)
-{
- pd_unref_action_data (pd);
- p_free (pd->lang);
- pd->lang = NULL;
-}
-
-static void
-_start (void *data, const char *el, const char **attr)
-{
- int state;
- int num_attr;
- ParserData *pd = data;
-
- for (num_attr = 0; attr[num_attr] != NULL; num_attr++)
- ;
-
- state = STATE_NONE;
-
- switch (pd->state) {
- case STATE_NONE:
- if (strcmp (el, "policyconfig") == 0) {
- state = STATE_IN_POLICY_CONFIG;
- }
- break;
- case STATE_IN_POLICY_CONFIG:
- if (strcmp (el, "action") == 0) {
- if (num_attr != 2 || strcmp (attr[0], "id") != 0)
- goto error;
- state = STATE_IN_ACTION;
-
- if (!polkit_action_validate_id (attr[1]))
- goto error;
-
- pd_unref_action_data (pd);
- pd->action_id = p_strdup (attr[1]);
- if (pd->action_id == NULL)
- goto oom;
- pd->policy_descriptions = polkit_hash_new (polkit_hash_str_hash_func,
- polkit_hash_str_equal_func,
- polkit_hash_str_copy, polkit_hash_str_copy,
- p_free, p_free);
- pd->policy_messages = polkit_hash_new (polkit_hash_str_hash_func,
- polkit_hash_str_equal_func,
- polkit_hash_str_copy, polkit_hash_str_copy,
- p_free, p_free);
-
- /* initialize defaults */
- pd->defaults_allow_any = POLKIT_RESULT_NO;
- pd->defaults_allow_inactive = POLKIT_RESULT_NO;
- pd->defaults_allow_active = POLKIT_RESULT_NO;
- }
- break;
- case STATE_IN_ACTION:
- if (strcmp (el, "defaults") == 0) {
- state = STATE_IN_DEFAULTS;
- } else if (strcmp (el, "description") == 0) {
- if (num_attr == 2 && strcmp (attr[0], "xml:lang") == 0) {
- pd->elem_lang = p_strdup (attr[1]);
- if (pd->elem_lang == NULL)
- goto oom;
- }
- state = STATE_IN_ACTION_DESCRIPTION;
- } else if (strcmp (el, "message") == 0) {
- if (num_attr == 2 && strcmp (attr[0], "xml:lang") == 0) {
- pd->elem_lang = p_strdup (attr[1]);
- if (pd->elem_lang == NULL)
- goto oom;
- }
- state = STATE_IN_ACTION_MESSAGE;
- } else if (strcmp (el, "annotate") == 0) {
- if (num_attr != 2 || strcmp (attr[0], "key") != 0)
- goto error;
- state = STATE_IN_ANNOTATE;
-
- p_free (pd->annotate_key);
- pd->annotate_key = p_strdup (attr[1]);
- if (pd->annotate_key == NULL)
- goto oom;
- }
- break;
- case STATE_IN_DEFAULTS:
- if (strcmp (el, "allow_any") == 0)
- state = STATE_IN_DEFAULTS_ALLOW_ANY;
- else if (strcmp (el, "allow_inactive") == 0)
- state = STATE_IN_DEFAULTS_ALLOW_INACTIVE;
- else if (strcmp (el, "allow_active") == 0)
- state = STATE_IN_DEFAULTS_ALLOW_ACTIVE;
- break;
- default:
- break;
- }
-
- if (state == STATE_NONE) {
- //g_warning ("skipping unknown tag <%s> at line %d of %s",
- // el, (int) XML_GetCurrentLineNumber (pd->parser), pd->path);
- //syslog (LOG_ALERT, "libpolkit: skipping unknown tag <%s> at line %d of %s",
- // el, (int) XML_GetCurrentLineNumber (pd->parser), pd->path);
- state = STATE_UNKNOWN_TAG;
- }
-
- pd->state = state;
- pd->state_stack[pd->stack_depth] = pd->state;
- pd->stack_depth++;
- return;
-oom:
- pd->is_oom = TRUE;
-error:
- XML_StopParser (pd->parser, FALSE);
-}
-
-static void
-_cdata (void *data, const char *s, int len)
-{
- char *str;
- ParserData *pd = data;
-
- str = p_strndup (s, len);
- if (str == NULL)
- goto oom;
-
- switch (pd->state) {
-
- case STATE_IN_ACTION_DESCRIPTION:
- if (pd->load_descriptions) {
- if (pd->elem_lang == NULL) {
- p_free (pd->policy_description_nolang);
- pd->policy_description_nolang = str;
- str = NULL;
- } else {
- if (!polkit_hash_insert (pd->policy_descriptions, pd->elem_lang, str))
- goto oom;
- }
- }
- break;
-
- case STATE_IN_ACTION_MESSAGE:
- if (pd->load_descriptions) {
- if (pd->elem_lang == NULL) {
- p_free (pd->policy_message_nolang);
- pd->policy_message_nolang = str;
- str = NULL;
- } else {
- if (!polkit_hash_insert (pd->policy_messages, pd->elem_lang, str))
- goto oom;
- }
- }
- break;
-
- case STATE_IN_DEFAULTS_ALLOW_ANY:
- if (!polkit_result_from_string_representation (str, &pd->defaults_allow_any))
- goto error;
- break;
- case STATE_IN_DEFAULTS_ALLOW_INACTIVE:
- if (!polkit_result_from_string_representation (str, &pd->defaults_allow_inactive))
- goto error;
- break;
- case STATE_IN_DEFAULTS_ALLOW_ACTIVE:
- if (!polkit_result_from_string_representation (str, &pd->defaults_allow_active))
- goto error;
- break;
-
- case STATE_IN_ANNOTATE:
- if (pd->annotations == NULL) {
- pd->annotations = polkit_hash_new (polkit_hash_str_hash_func,
- polkit_hash_str_equal_func,
- polkit_hash_str_copy, polkit_hash_str_copy,
- p_free, p_free);
- if (pd->annotations == NULL)
- goto oom;
- }
- if (!polkit_hash_insert (pd->annotations, pd->annotate_key, str))
- goto oom;
- break;
-
- default:
- break;
- }
- p_free (str);
- return;
-oom:
- pd->is_oom = TRUE;
-error:
- p_free (str);
- XML_StopParser (pd->parser, FALSE);
-}
-
-/**
- * _localize:
- * @translations: a mapping from xml:lang to the value, e.g. 'da' -> 'Smadre', 'en_CA' -> 'Punch, Aye!'
- * @untranslated: the untranslated value, e.g. 'Punch'
- * @lang: the locale we're interested in, e.g. 'da_DK', 'da', 'en_CA', 'en_US'; basically just $LANG
- * with the encoding cut off. Maybe be NULL.
- *
- * Pick the correct translation to use.
- *
- * Returns: the localized string to use
- */
-static const char *
-_localize (PolKitHash *translations, const char *untranslated, const char *lang)
-{
- const char *result;
- char lang2[256];
- int n;
-
- if (lang == NULL) {
- result = untranslated;
- goto out;
- }
-
- /* first see if we have the translation */
- result = (const char *) polkit_hash_lookup (translations, (void *) lang, NULL);
- if (result != NULL)
- goto out;
-
- /* we could have a translation for 'da' but lang=='da_DK'; cut off the last part and try again */
- strncpy (lang2, lang, sizeof (lang2));
- for (n = 0; lang2[n] != '\0'; n++) {
- if (lang2[n] == '_') {
- lang2[n] = '\0';
- break;
- }
- }
- result = (const char *) polkit_hash_lookup (translations, (void *) lang2, NULL);
- if (result != NULL)
- goto out;
-
- /* fall back to untranslated */
- result = untranslated;
-out:
- return result;
-}
-
-static void
-_end (void *data, const char *el)
-{
- ParserData *pd = data;
- PolKitList *l;
-
- p_free (pd->elem_lang);
- pd->elem_lang = NULL;
-
- switch (pd->state) {
- case STATE_IN_ACTION:
- {
- const char *policy_description;
- const char *policy_message;
- PolKitPolicyFileEntry *pfe;
-
- /* NOTE: caller takes ownership of the annotations object */
- pfe = _polkit_policy_file_entry_new (pd->action_id,
- pd->defaults_allow_any,
- pd->defaults_allow_inactive,
- pd->defaults_allow_active,
- pd->annotations);
- if (pfe == NULL)
- goto oom;
- pd->annotations = NULL;
-
- if (pd->load_descriptions) {
- policy_description = _localize (pd->policy_descriptions, pd->policy_description_nolang, pd->lang);
- policy_message = _localize (pd->policy_messages, pd->policy_message_nolang, pd->lang);
- } else {
- policy_description = NULL;
- policy_message = NULL;
- }
-
- if (pd->load_descriptions) {
- if (!_polkit_policy_file_entry_set_descriptions (pfe,
- policy_description,
- policy_message)) {
- polkit_policy_file_entry_unref (pfe);
- goto oom;
- }
- }
-
- l = polkit_list_prepend (pd->pf->entries, pfe);
- if (l == NULL) {
- polkit_policy_file_entry_unref (pfe);
- goto oom;
- }
- pd->pf->entries = l;
- break;
- }
- default:
- break;
- }
-
- --pd->stack_depth;
- if (pd->stack_depth < 0 || pd->stack_depth >= PARSER_MAX_DEPTH) {
- _pk_debug ("reached max depth?");
- goto error;
- }
- if (pd->stack_depth > 0)
- pd->state = pd->state_stack[pd->stack_depth - 1];
- else
- pd->state = STATE_NONE;
-
- return;
-oom:
- pd->is_oom = 1;
-error:
- XML_StopParser (pd->parser, FALSE);
-}
-
-
-/**
- * polkit_policy_file_new:
- * @path: path to file
- * @load_descriptions: whether descriptions should be loaded
- * @error: Return location for error
- *
- * Load a policy file.
- *
- * Returns: The new object or #NULL if error is set
- **/
-PolKitPolicyFile *
-polkit_policy_file_new (const char *path, polkit_bool_t load_descriptions, PolKitError **error)
-{
- PolKitPolicyFile *pf;
- ParserData pd;
- int xml_res;
- char *lang;
- char *buf;
- gsize buflen;
- GError *g_error;
-
- pf = NULL;
- buf = NULL;
-
- /* clear parser data */
- memset (&pd, 0, sizeof (ParserData));
-
- if (!g_str_has_suffix (path, ".policy")) {
- polkit_error_set_error (error,
- POLKIT_ERROR_POLICY_FILE_INVALID,
- "Policy files must have extension .policy; file '%s' doesn't", path);
- goto error;
- }
-
- g_error = NULL;
- if (!g_file_get_contents (path, &buf, &buflen, &g_error)) {
- polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID,
- "Cannot load PolicyKit policy file at '%s': %s",
- path,
- g_error->message);
- g_error_free (g_error);
- goto error;
- }
-
- pd.path = path;
-/* #ifdef POLKIT_BUILD_TESTS
- TODO: expat appears to leak on certain OOM paths
-*/
-#if 0
- XML_Memory_Handling_Suite memsuite = {p_malloc, p_realloc, p_free};
- pd.parser = XML_ParserCreate_MM (NULL, &memsuite, NULL);
-#else
- pd.parser = XML_ParserCreate (NULL);
-#endif
- pd.stack_depth = 0;
- if (pd.parser == NULL) {
- polkit_error_set_error (error, POLKIT_ERROR_OUT_OF_MEMORY,
- "Cannot load PolicyKit policy file at '%s': %s",
- path,
- "No memory for parser");
- goto error;
- }
- XML_SetUserData (pd.parser, &pd);
- XML_SetElementHandler (pd.parser, _start, _end);
- XML_SetCharacterDataHandler (pd.parser, _cdata);
-
- pf = p_new0 (PolKitPolicyFile, 1);
- if (pf == NULL) {
- polkit_error_set_error (error, POLKIT_ERROR_OUT_OF_MEMORY,
- "Cannot load PolicyKit policy file at '%s': No memory for object",
- path);
- goto error;
- }
-
- pf->refcount = 1;
-
- /* init parser data */
- pd.state = STATE_NONE;
- pd.pf = pf;
- pd.load_descriptions = load_descriptions;
- lang = getenv ("LANG");
- if (lang != NULL) {
- int n;
- pd.lang = p_strdup (lang);
- if (pd.lang == NULL) {
- polkit_error_set_error (error, POLKIT_ERROR_OUT_OF_MEMORY,
- "Cannot load PolicyKit policy file at '%s': No memory for lang",
- path);
- goto error;
- }
- for (n = 0; pd.lang[n] != '\0'; n++) {
- if (pd.lang[n] == '.') {
- pd.lang[n] = '\0';
- break;
- }
- }
- }
-
- xml_res = XML_Parse (pd.parser, buf, buflen, 1);
-
- if (xml_res == 0) {
- if (XML_GetErrorCode (pd.parser) == XML_ERROR_NO_MEMORY) {
- polkit_error_set_error (error, POLKIT_ERROR_OUT_OF_MEMORY,
- "Out of memory parsing %s",
- path);
- } else if (pd.is_oom) {
- polkit_error_set_error (error, POLKIT_ERROR_OUT_OF_MEMORY,
- "Out of memory parsing %s",
- path);
- } else {
- polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID,
- "%s:%d: parse error: %s",
- path,
- (int) XML_GetCurrentLineNumber (pd.parser),
- XML_ErrorString (XML_GetErrorCode (pd.parser)));
- }
- XML_ParserFree (pd.parser);
- goto error;
- }
-
- XML_ParserFree (pd.parser);
- g_free (buf);
- pd_unref_data (&pd);
- return pf;
-error:
- if (pf != NULL)
- polkit_policy_file_unref (pf);
- pd_unref_data (&pd);
- g_free (buf);
- return NULL;
-}
-
-/**
- * polkit_policy_file_ref:
- * @policy_file: the policy file object
- *
- * Increase reference count.
- *
- * Returns: the object
- **/
-PolKitPolicyFile *
-polkit_policy_file_ref (PolKitPolicyFile *policy_file)
-{
- g_return_val_if_fail (policy_file != NULL, policy_file);
- policy_file->refcount++;
- return policy_file;
-}
-
-/**
- * polkit_policy_file_unref:
- * @policy_file: the policy file object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-polkit_policy_file_unref (PolKitPolicyFile *policy_file)
-{
- PolKitList *i;
- g_return_if_fail (policy_file != NULL);
- policy_file->refcount--;
- if (policy_file->refcount > 0)
- return;
- for (i = policy_file->entries; i != NULL; i = i->next) {
- polkit_policy_file_entry_unref (i->data);
- }
- if (policy_file->entries != NULL)
- polkit_list_free (policy_file->entries);
- p_free (policy_file);
-}
-
-/**
- * polkit_policy_file_entry_foreach:
- * @policy_file: the policy file object
- * @cb: callback to invoke for each entry
- * @user_data: user data
- *
- * Visits all entries in a policy file.
- **/
-void
-polkit_policy_file_entry_foreach (PolKitPolicyFile *policy_file,
- PolKitPolicyFileEntryForeachFunc cb,
- void *user_data)
-{
- PolKitList *i;
-
- g_return_if_fail (policy_file != NULL);
- g_return_if_fail (cb != NULL);
-
- for (i = policy_file->entries; i != NULL; i = i->next) {
- PolKitPolicyFileEntry *pfe = i->data;
- cb (policy_file, pfe, user_data);
- }
-}
-
-#ifdef POLKIT_BUILD_TESTS
-
-/* this checks that the policy descriptions read from test-valid-3-lang.policy are correct */
-static void
-_check_pf (PolKitPolicyFile *pf, PolKitPolicyFileEntry *pfe, void *user_data)
-{
- const char *r_msg;
- const char *r_desc;
- char *msg;
- char *desc;
- char *lang;
- int *counter = (int *) user_data;
- polkit_bool_t is_danish;
-
- is_danish = FALSE;
- lang = getenv ("LANG");
- if (lang != NULL) {
- if (strcmp (lang, "da_DK.UTF8") == 0 ||
- strcmp (lang, "da_DK") == 0 ||
- strcmp (lang, "da") == 0)
- is_danish = TRUE;
- }
-
-
- if (strcmp (polkit_policy_file_entry_get_id (pfe), "org.example") == 0) {
- if (is_danish) {
- desc = "example (danish)";
- msg = "message (danish)";
- } else {
- desc = "example";
- msg = "message";
- }
- r_desc = polkit_policy_file_entry_get_action_description (pfe);
- r_msg = polkit_policy_file_entry_get_action_message (pfe);
-
- if (strcmp (r_desc, desc) == 0 &&
- strcmp (r_msg, msg) == 0)
- *counter += 1;
-
- } else if (strcmp (polkit_policy_file_entry_get_id (pfe), "org.example2") == 0) {
- if (is_danish) {
- desc = "example 2 (danish)";
- msg = "message 2 (danish)";
- } else {
- desc = "example 2";
- msg = "message 2";
- }
- r_desc = polkit_policy_file_entry_get_action_description (pfe);
- r_msg = polkit_policy_file_entry_get_action_message (pfe);
-
- if (strcmp (r_desc, desc) == 0 &&
- strcmp (r_msg, msg) == 0)
- *counter += 1;
- }
-}
-
-static polkit_bool_t
-_run_test (void)
-{
- int m;
- unsigned int n;
- PolKitPolicyFile *pf;
- PolKitError *error;
- const char *valid_files[] = {
- TEST_DATA_DIR "test-valid-1.policy",
- TEST_DATA_DIR "test-valid-2-annotations.policy",
- TEST_DATA_DIR "test-valid-3-lang.policy",
- TEST_DATA_DIR "test-valid-4-unknown-tags.policy",
- };
- const char *invalid_files[] = {
- TEST_DATA_DIR "non-existant-file.policy",
- TEST_DATA_DIR "bad.extension",
- TEST_DATA_DIR "test-invalid-1-action-id.policy",
- TEST_DATA_DIR "test-invalid-2-bogus-any.policy",
- TEST_DATA_DIR "test-invalid-3-bogus-inactive.policy",
- TEST_DATA_DIR "test-invalid-4-bogus-active.policy",
- TEST_DATA_DIR "test-invalid-5-max-depth.policy",
- };
-
- for (n = 0; n < sizeof (invalid_files) / sizeof (char*); n++) {
- error = NULL;
- g_assert (polkit_policy_file_new (invalid_files[n], TRUE, &error) == NULL);
- g_assert (polkit_error_get_error_code (error) == POLKIT_ERROR_OUT_OF_MEMORY ||
- polkit_error_get_error_code (error) == POLKIT_ERROR_POLICY_FILE_INVALID);
- polkit_error_free (error);
- }
-
- for (n = 0; n < sizeof (valid_files) / sizeof (char*); n++) {
-
- for (m = 0; m < 6; m++) {
- polkit_bool_t load_descriptions;
-
- /* only run the multiple lang tests for test-valid-3-lang.policy */
- if (n != 2) {
- if (m > 0)
- break;
- }
-
- load_descriptions = TRUE;
-
- switch (m) {
- case 0:
- unsetenv ("LANG");
- break;
- case 1:
- setenv ("LANG", "da_DK.UTF8", 1);
- break;
- case 2:
- setenv ("LANG", "da_DK", 1);
- break;
- case 3:
- setenv ("LANG", "da", 1);
- break;
- case 4:
- setenv ("LANG", "en_CA", 1);
- break;
- case 5:
- unsetenv ("LANG");
- load_descriptions = FALSE;
- break;
- }
-
- error = NULL;
- if ((pf = polkit_policy_file_new (valid_files[n], load_descriptions, &error)) == NULL) {
- g_assert (polkit_error_get_error_code (error) == POLKIT_ERROR_OUT_OF_MEMORY);
- polkit_error_free (error);
- } else {
-
- if (n == 2 && m != 5) {
- int num_passed;
-
- num_passed = 0;
- polkit_policy_file_entry_foreach (pf,
- _check_pf,
- &num_passed);
- g_assert (num_passed == 2);
- }
-
- polkit_policy_file_ref (pf);
- polkit_policy_file_unref (pf);
- polkit_policy_file_unref (pf);
- }
- }
- }
-
- return TRUE;
-}
-
-PolKitTest _test_policy_file = {
- "polkit_policy_file",
- NULL,
- NULL,
- _run_test
-};
-
-#endif /* POLKIT_BUILD_TESTS */
diff --git a/polkit/polkit-policy-file.h b/polkit/polkit-policy-file.h
deleted file mode 100644
index ac590c3..0000000
--- a/polkit/polkit-policy-file.h
+++ /dev/null
@@ -1,67 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-policy-file.h : policy files
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_POLICY_FILE_H
-#define POLKIT_POLICY_FILE_H
-
-#include <polkit/polkit-types.h>
-#include <polkit/polkit-error.h>
-#include <polkit/polkit-policy-file-entry.h>
-
-POLKIT_BEGIN_DECLS
-
-struct _PolKitPolicyFile;
-typedef struct _PolKitPolicyFile PolKitPolicyFile;
-
-/**
- * PolKitPolicyFileEntryForeachFunc:
- * @policy_file: the policy file
- * @policy_file_entry: the entry
- * @user_data: user data
- *
- * Type for function used in polkit_policy_file_entry_foreach().
- **/
-typedef void (*PolKitPolicyFileEntryForeachFunc) (PolKitPolicyFile *policy_file,
- PolKitPolicyFileEntry *policy_file_entry,
- void *user_data);
-
-PolKitPolicyFile *polkit_policy_file_new (const char *path,
- polkit_bool_t load_descriptions,
- PolKitError **error);
-PolKitPolicyFile *polkit_policy_file_ref (PolKitPolicyFile *policy_file);
-void polkit_policy_file_unref (PolKitPolicyFile *policy_file);
-void polkit_policy_file_entry_foreach (PolKitPolicyFile *policy_file,
- PolKitPolicyFileEntryForeachFunc cb,
- void *user_data);
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_POLICY_FILE_H */
-
-
diff --git a/polkit/polkit-private.h b/polkit/polkit-private.h
deleted file mode 100644
index cff4a91..0000000
--- a/polkit/polkit-private.h
+++ /dev/null
@@ -1,107 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-private.h : Private functions
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION)
-#error "This is a private file and shouldn't be included outside PolicyKit."
-#endif
-
-#ifndef POLKIT_PRIVATE_H
-#define POLKIT_PRIVATE_H
-
-#include <glib.h>
-#include <polkit/polkit.h>
-#include <polkit/polkit-memory.h>
-#include <polkit/polkit-hash.h>
-
-POLKIT_BEGIN_DECLS
-
-void _polkit_memory_reset (void);
-int _polkit_memory_get_current_allocations (void);
-int _polkit_memory_get_total_allocations (void);
-void _polkit_memory_fail_nth_alloc (int number);
-
-PolKitAuthorization *_polkit_authorization_new_for_uid (const char *entry_in_auth_file, uid_t uid);
-const char *_polkit_authorization_get_authfile_entry (PolKitAuthorization *auth);
-
-PolKitAuthorizationConstraint *_polkit_authorization_constraint_new (const char *entry_in_auth_file);
-
-polkit_bool_t _polkit_authorization_db_auth_file_add (const char *root, polkit_bool_t transient, uid_t uid, char *str_to_add);
-
-PolKitAuthorizationDB *_polkit_authorization_db_new (void);
-void _polkit_authorization_db_invalidate_cache (PolKitAuthorizationDB *authdb);
-
-void _polkit_authorization_db_pfe_foreach (PolKitPolicyCache *policy_cache,
- PolKitPolicyCacheForeachFunc callback,
- void *user_data);
-
-PolKitPolicyFileEntry* _polkit_authorization_db_pfe_get_by_id (PolKitPolicyCache *policy_cache,
- const char *action_id);
-
-
-PolKitPolicyCache *_polkit_policy_cache_new (const char *dirname, polkit_bool_t load_descriptions, PolKitError **error);
-
-PolKitPolicyCache *_polkit_policy_cache_new (const char *dirname, polkit_bool_t load_descriptions, PolKitError **error);
-
-PolKitPolicyDefault *_polkit_policy_default_new (PolKitResult defaults_allow_any,
- PolKitResult defaults_allow_inactive,
- PolKitResult defaults_allow_active);
-
-polkit_bool_t _polkit_policy_file_entry_set_descriptions (PolKitPolicyFileEntry *pfe,
- const char *policy_description,
- const char *policy_message);
-
-
-PolKitPolicyDefault *_polkit_policy_default_new (PolKitResult defaults_allow_any,
- PolKitResult defaults_allow_inactive,
- PolKitResult defaults_allow_active);
-
-
-PolKitPolicyFileEntry *_polkit_policy_file_entry_new (const char *action_id,
- PolKitResult defaults_allow_any,
- PolKitResult defaults_allow_inactive,
- PolKitResult defaults_allow_active,
- PolKitHash *annotations);
-
-
-#ifdef POLKIT_AUTHDB_DUMMY
-struct _PolKitAuthorizationDB
-{
- /*< private >*/
- int refcount;
-};
-#elif POLKIT_AUTHDB_DEFAULT
-struct _PolKitAuthorizationDB
-{
- /*< private >*/
- int refcount;
- GHashTable *uid_to_authlist;
-};
-
-#endif
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_PRIVATE_H */
-
diff --git a/polkit/polkit-result.c b/polkit/polkit-result.c
deleted file mode 100644
index eee04c0..0000000
--- a/polkit/polkit-result.c
+++ /dev/null
@@ -1,152 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-result.c : result codes from PolicyKit
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-/**
- * SECTION:polkit-result
- * @title: Results
- * @short_description: Definition of results of PolicyKit queries.
- *
- * These functions are used to manipulate PolicyKit results.
- **/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <glib.h>
-#include "polkit-result.h"
-#include "polkit-test.h"
-#include "polkit-memory.h"
-
-
-static const struct {
- PolKitResult result;
- const char *str;
-} mapping[POLKIT_RESULT_N_RESULTS] =
-{
- {POLKIT_RESULT_UNKNOWN, "unknown"},
- {POLKIT_RESULT_NO, "no"},
- {POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH, "auth_admin"},
- {POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION, "auth_admin_keep_session"},
- {POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS, "auth_admin_keep_always"},
- {POLKIT_RESULT_ONLY_VIA_SELF_AUTH, "auth_self"},
- {POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION, "auth_self_keep_session"},
- {POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS, "auth_self_keep_always"},
- {POLKIT_RESULT_YES, "yes"},
- {POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT, "auth_admin_one_shot"},
- {POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT, "auth_self_one_shot"},
-};
-
-
-/**
- * polkit_result_to_string_representation:
- * @result: the given result to get a textual representation of
- *
- * Gives a textual representation of a #PolKitResult object. This
- * string is not suitable for displaying to an end user (it's not
- * localized for starters) but is useful for serialization as it can
- * be converted back to a #PolKitResult object using
- * polkit_result_from_string_representation().
- *
- * Returns: string representing the result (do not free) or #NULL if the given result is invalid
- **/
-const char *
-polkit_result_to_string_representation (PolKitResult result)
-{
- if (result < 0 || result >= POLKIT_RESULT_N_RESULTS) {
- g_warning ("The passed result code, %d, is not valid", result);
- return NULL;
- }
-
- return mapping[result].str;
-}
-
-/**
- * polkit_result_from_string_representation:
- * @string: textual representation of a #PolKitResult object
- * @out_result: return location for #PolKitResult
- *
- * Given a textual representation of a #PolKitResult object, find the
- * #PolKitResult value.
- *
- * Returns: TRUE if the textual representation was valid, otherwise FALSE
- **/
-polkit_bool_t
-polkit_result_from_string_representation (const char *string, PolKitResult *out_result)
-{
- int n;
-
- g_return_val_if_fail (out_result != NULL, FALSE);
-
- for (n = 0; n < POLKIT_RESULT_N_RESULTS; n++) {
- if (strcmp (mapping[n].str, string) == 0) {
- *out_result = mapping[n].result;
- goto found;
- }
- }
-
- return FALSE;
-found:
- return TRUE;
-}
-
-#ifdef POLKIT_BUILD_TESTS
-
-static polkit_bool_t
-_run_test (void)
-{
- PolKitResult n;
- PolKitResult m;
-
- for (n = 0; n < POLKIT_RESULT_N_RESULTS; n++) {
- g_assert (polkit_result_from_string_representation (polkit_result_to_string_representation (n), &m) && n== m);
- }
-
- g_assert (polkit_result_to_string_representation ((PolKitResult) -1) == NULL);
- g_assert (polkit_result_to_string_representation (POLKIT_RESULT_N_RESULTS) == NULL);
-
- g_assert (! polkit_result_from_string_representation ("non-exiting-result-id", &m));
-
-
- return TRUE;
-}
-
-PolKitTest _test_result = {
- "polkit_result",
- NULL,
- NULL,
- _run_test
-};
-
-#endif /* POLKIT_BUILD_TESTS */
diff --git a/polkit/polkit-result.h b/polkit/polkit-result.h
deleted file mode 100644
index 17b45df..0000000
--- a/polkit/polkit-result.h
+++ /dev/null
@@ -1,110 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-result.h : result codes from PolicyKit
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_RESULT_H
-#define POLKIT_RESULT_H
-
-#include <polkit/polkit-types.h>
-
-POLKIT_BEGIN_DECLS
-
-/**
- * PolKitResult:
- * @POLKIT_RESULT_UNKNOWN: The result is unknown / cannot be
- * computed. This is mostly used internally in libpolkit.
- * @POLKIT_RESULT_NO: Access denied.
- * @POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT: Access denied, but
- * authentication by the caller as administrator (e.g. root or a
- * member in the wheel group depending on configuration) will grant
- * access exactly one time to the process the caller is originating
- * from. See polkit_context_is_caller_authorized() for discussion (and
- * limitations) about one-shot authorizations.
- * @POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH: Access denied, but
- * authentication by the caller as administrator (e.g. root or a
- * member in the wheel group depending on configuration) will grant
- * access to the process the caller is originating from.
- * @POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION: Access denied, but
- * authentication by the caller as administrator (e.g. root or a
- * member in the wheel group depending on configuration) will grant
- * access for the remainder of the session
- * @POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS: Access denied, but
- * authentication by the caller as administrator (e.g. root or a
- * member in the wheel group depending on configuration) will grant
- * access in the future.
- * @POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT: Access denied, but
- * authentication by the caller as himself will grant access exactly
- * one time to the process the caller is originating from. See
- * polkit_context_is_caller_authorized() for discussion (and
- * limitations) about one-shot authorizations.
- * @POLKIT_RESULT_ONLY_VIA_SELF_AUTH: Access denied, but
- * authentication by the caller as himself will grant access to the
- * process the caller is originating from.
- * @POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION: Access denied, but
- * authentication by the caller as himself will grant access to the
- * resource for the remainder of the session
- * @POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS: Access denied, but
- * authentication by the caller as himself will grant access to the
- * resource in the future.
- * @POLKIT_RESULT_YES: Access granted.
- * @POLKIT_RESULT_N_RESULTS: Number of result codes
- *
- * Result codes from queries to PolicyKit. This enumeration may grow
- * in the future. One should never rely on the ordering
- */
-typedef enum
-{
- POLKIT_RESULT_UNKNOWN,
-
- POLKIT_RESULT_NO,
-
- POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH,
- POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION,
- POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS,
-
- POLKIT_RESULT_ONLY_VIA_SELF_AUTH,
- POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION,
- POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS,
-
- POLKIT_RESULT_YES,
-
- POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT,
- POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT,
-
- POLKIT_RESULT_N_RESULTS
-} PolKitResult;
-
-const char *
-polkit_result_to_string_representation (PolKitResult result);
-
-polkit_bool_t
-polkit_result_from_string_representation (const char *string, PolKitResult *out_result);
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_RESULT_H */
diff --git a/polkit/polkit-seat.c b/polkit/polkit-seat.c
deleted file mode 100644
index 0056da9..0000000
--- a/polkit/polkit-seat.c
+++ /dev/null
@@ -1,231 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-seat.c : seat
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <glib.h>
-#include "polkit-debug.h"
-#include "polkit-seat.h"
-#include "polkit-utils.h"
-#include "polkit-test.h"
-#include "polkit-memory.h"
-
-/**
- * SECTION:polkit-seat
- * @title: Seat
- * @short_description: Represents a ConsoleKit Seat.
- *
- * This class is used to represent a seat.
- **/
-
-/**
- * PolKitSeat:
- *
- * Objects of this class are used to record information about a
- * seat.
- **/
-struct _PolKitSeat
-{
- int refcount;
- char *ck_objref;
-};
-
-/**
- * polkit_seat_new:
- *
- * Creates a new #PolKitSeat object.
- *
- * Returns: the new object
- **/
-PolKitSeat *
-polkit_seat_new (void)
-{
- PolKitSeat *seat;
- seat = p_new0 (PolKitSeat, 1);
- if (seat == NULL)
- goto out;
- seat->refcount = 1;
-out:
- return seat;
-}
-
-/**
- * polkit_seat_ref:
- * @seat: the seat object
- *
- * Increase reference count.
- *
- * Returns: the object
- **/
-PolKitSeat *
-polkit_seat_ref (PolKitSeat *seat)
-{
- g_return_val_if_fail (seat != NULL, seat);
- seat->refcount++;
- return seat;
-}
-
-/**
- * polkit_seat_unref:
- * @seat: the seat object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-polkit_seat_unref (PolKitSeat *seat)
-{
- g_return_if_fail (seat != NULL);
- seat->refcount--;
- if (seat->refcount > 0)
- return;
- p_free (seat->ck_objref);
- p_free (seat);
-}
-
-/**
- * polkit_seat_set_ck_objref:
- * @seat: the seat object
- * @ck_objref: the D-Bus object path to the ConsoleKit seat object
- *
- * Set the D-Bus object path to the ConsoleKit seat object.
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-polkit_seat_set_ck_objref (PolKitSeat *seat, const char *ck_objref)
-{
- g_return_val_if_fail (seat != NULL, FALSE);
- g_return_val_if_fail (_pk_validate_identifier (ck_objref), FALSE);
- if (seat->ck_objref != NULL)
- p_free (seat->ck_objref);
- seat->ck_objref = p_strdup (ck_objref);
- if (seat->ck_objref == NULL)
- return FALSE;
- else
- return TRUE;
-}
-
-/**
- * polkit_seat_get_ck_objref:
- * @seat: the seat object
- * @out_ck_objref: Returns the D-Bus object path to the ConsoleKit seat object. The caller shall not free this string.
- *
- * Get the D-Bus object path to the ConsoleKit seat object.
- *
- * Returns: TRUE iff the value is returned
- **/
-polkit_bool_t
-polkit_seat_get_ck_objref (PolKitSeat *seat, char **out_ck_objref)
-{
- g_return_val_if_fail (seat != NULL, FALSE);
- g_return_val_if_fail (out_ck_objref != NULL, FALSE);
- *out_ck_objref = seat->ck_objref;
- return TRUE;
-}
-
-/**
- * polkit_seat_debug:
- * @seat: the object
- *
- * Print debug details
- **/
-void
-polkit_seat_debug (PolKitSeat *seat)
-{
- g_return_if_fail (seat != NULL);
- _pk_debug ("PolKitSeat: refcount=%d objpath=%s", seat->refcount, seat->ck_objref);
-}
-
-/**
- * polkit_seat_validate:
- * @seat: the object
- *
- * Validate the object
- *
- * Returns: #TRUE iff the object is valid.
- **/
-polkit_bool_t
-polkit_seat_validate (PolKitSeat *seat)
-{
- g_return_val_if_fail (seat != NULL, FALSE);
- g_return_val_if_fail (seat->ck_objref != NULL, FALSE);
- return TRUE;
-}
-
-#ifdef POLKIT_BUILD_TESTS
-
-static polkit_bool_t
-_run_test (void)
-{
- char *str;
- PolKitSeat *s;
-
- s = polkit_seat_new ();
- if (s == NULL) {
- /* OOM */
- } else {
- if (! polkit_seat_set_ck_objref (s, "/someseat")) {
- /* OOM */
- } else {
- g_assert (polkit_seat_get_ck_objref (s, &str) && strcmp (str, "/someseat") == 0);
- g_assert (polkit_seat_validate (s));
- polkit_seat_ref (s);
- g_assert (polkit_seat_validate (s));
- polkit_seat_unref (s);
- g_assert (polkit_seat_validate (s));
- polkit_seat_debug (s);
- if (! polkit_seat_set_ck_objref (s, "/someseat2")) {
- /* OOM */
- } else {
- g_assert (polkit_seat_get_ck_objref (s, &str) && strcmp (str, "/someseat2") == 0);
- }
- }
- polkit_seat_unref (s);
- }
-
- return TRUE;
-}
-
-PolKitTest _test_seat = {
- "polkit_seat",
- NULL,
- NULL,
- _run_test
-};
-
-#endif /* POLKIT_BUILD_TESTS */
diff --git a/polkit/polkit-seat.h b/polkit/polkit-seat.h
deleted file mode 100644
index ecb9958..0000000
--- a/polkit/polkit-seat.h
+++ /dev/null
@@ -1,53 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-seat.h : seats
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_SEAT_H
-#define POLKIT_SEAT_H
-
-#include <polkit/polkit-types.h>
-
-POLKIT_BEGIN_DECLS
-
-struct _PolKitSeat;
-typedef struct _PolKitSeat PolKitSeat;
-
-PolKitSeat *polkit_seat_new (void);
-PolKitSeat *polkit_seat_ref (PolKitSeat *seat);
-void polkit_seat_unref (PolKitSeat *seat);
-polkit_bool_t polkit_seat_set_ck_objref (PolKitSeat *seat, const char *ck_objref);
-polkit_bool_t polkit_seat_get_ck_objref (PolKitSeat *seat, char **out_ck_objref);
-
-void polkit_seat_debug (PolKitSeat *seat);
-polkit_bool_t polkit_seat_validate (PolKitSeat *seat);
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_SEAT_H */
-
-
diff --git a/polkit/polkit-session.c b/polkit/polkit-session.c
deleted file mode 100644
index 3c0ebd2..0000000
--- a/polkit/polkit-session.c
+++ /dev/null
@@ -1,501 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-session.c : sessions
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <glib.h>
-#include "polkit-debug.h"
-#include "polkit-session.h"
-#include "polkit-utils.h"
-#include "polkit-test.h"
-#include "polkit-memory.h"
-
-/**
- * SECTION:polkit-session
- * @title: Session
- * @short_description: Represents a ConsoleKit Session.
- *
- * This class is used to represent a session.
- **/
-
-/**
- * PolKitSession:
- *
- * Objects of this class are used to record information about a
- * session.
- **/
-struct _PolKitSession
-{
- int refcount;
- uid_t uid;
- PolKitSeat *seat;
- char *ck_objref;
- polkit_bool_t is_active;
- polkit_bool_t is_local;
- char *remote_host;
-};
-
-/**
- * polkit_session_new:
- *
- * Creates a new #PolKitSession object.
- *
- * Returns: the new object
- **/
-PolKitSession *
-polkit_session_new (void)
-{
- PolKitSession *session;
- session = p_new0 (PolKitSession, 1);
- if (session == NULL)
- goto out;
- session->refcount = 1;
-out:
- return session;
-}
-
-/**
- * polkit_session_ref:
- * @session: The session object
- *
- * Increase reference count.
- *
- * Returns: the object
- **/
-PolKitSession *
-polkit_session_ref (PolKitSession *session)
-{
- g_return_val_if_fail (session != NULL, session);
- session->refcount++;
- return session;
-}
-
-
-/**
- * polkit_session_unref:
- * @session: The session object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-polkit_session_unref (PolKitSession *session)
-{
- g_return_if_fail (session != NULL);
- session->refcount--;
- if (session->refcount > 0)
- return;
- p_free (session->ck_objref);
- p_free (session->remote_host);
- if (session->seat != NULL)
- polkit_seat_unref (session->seat);
- p_free (session);
-}
-
-/**
- * polkit_session_set_uid:
- * @session: The session object
- * @uid: UNIX user id
- *
- * Set the UNIX user id of the user owning the session.
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-polkit_session_set_uid (PolKitSession *session, uid_t uid)
-{
- g_return_val_if_fail (session != NULL, FALSE);
- session->uid = uid;
- return TRUE;
-}
-
-/**
- * polkit_session_set_ck_objref:
- * @session: The session object
- * @ck_objref: D-Bus object path
- *
- * Set the D-Bus object path to the ConsoleKit session object.
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-polkit_session_set_ck_objref (PolKitSession *session, const char *ck_objref)
-{
- g_return_val_if_fail (session != NULL, FALSE);
- g_return_val_if_fail (_pk_validate_identifier (ck_objref), FALSE);
- if (session->ck_objref != NULL)
- p_free (session->ck_objref);
- session->ck_objref = p_strdup (ck_objref);
- if (session->ck_objref == NULL)
- return FALSE;
- else
- return TRUE;
-}
-
-/**
- * polkit_session_set_ck_is_active:
- * @session: The session object
- * @is_active: whether ConsoleKit reports the session as active
- *
- * Set whether ConsoleKit regard the session as active.
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-polkit_session_set_ck_is_active (PolKitSession *session, polkit_bool_t is_active)
-{
- g_return_val_if_fail (session != NULL, FALSE);
- session->is_active = is_active;
- return TRUE;
-}
-
-/**
- * polkit_session_set_ck_is_local:
- * @session: The session object
- * @is_local: whether ConsoleKit reports the session as local
- *
- * Set whether ConsoleKit regard the session as local.
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-polkit_session_set_ck_is_local (PolKitSession *session, polkit_bool_t is_local)
-{
- g_return_val_if_fail (session != NULL, FALSE);
- session->is_local = is_local;
- return TRUE;
-}
-
-/**
- * polkit_session_set_ck_remote_host:
- * @session: The session object
- * @remote_host: hostname of the host/display that ConsoleKit reports
- * the session to occur at
- *
- * Set the remote host/display that ConsoleKit reports the session to
- * occur at.
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-polkit_session_set_ck_remote_host (PolKitSession *session, const char *remote_host)
-{
- g_return_val_if_fail (session != NULL, FALSE);
- /* TODO: FIXME: probably need to allow a lot more here */
- g_return_val_if_fail (_pk_validate_identifier (remote_host), FALSE);
- if (session->remote_host != NULL)
- p_free (session->remote_host);
- session->remote_host = p_strdup (remote_host);
- if (session->remote_host == NULL)
- return FALSE;
- else
- return TRUE;
-}
-
-/**
- * polkit_session_set_seat:
- * @session: The session object
- * @seat: a #PolKitSeat object
- *
- * Set the seat that the session belongs to. The reference count on
- * the given object will be increased by one. If an existing seat
- * object was set already, the reference count on that one will be
- * decreased by one.
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-polkit_session_set_seat (PolKitSession *session, PolKitSeat *seat)
-{
- g_return_val_if_fail (session != NULL, FALSE);
- g_return_val_if_fail (polkit_seat_validate (seat), FALSE);
- if (session->seat != NULL)
- polkit_seat_unref (session->seat);
- session->seat = seat != NULL ? polkit_seat_ref (seat) : NULL;
- return TRUE;
-}
-
-/**
- * polkit_session_get_uid:
- * @session: The session object
- * @out_uid: UNIX user id
- *
- * Get the UNIX user id of the user owning the session.
- *
- * Returns: TRUE iff the value is returned
- **/
-polkit_bool_t
-polkit_session_get_uid (PolKitSession *session, uid_t *out_uid)
-{
- g_return_val_if_fail (session != NULL, FALSE);
- g_return_val_if_fail (out_uid != NULL, FALSE);
- *out_uid = session->uid;
- return TRUE;
-}
-
-/**
- * polkit_session_get_ck_objref:
- * @session: The session object
- * @out_ck_objref: D-Bus object path. Shall not be freed by the caller.
- *
- * Get the D-Bus object path to the ConsoleKit session object.
- *
- * Returns: TRUE iff the value is returned
- **/
-polkit_bool_t
-polkit_session_get_ck_objref (PolKitSession *session, char **out_ck_objref)
-{
- g_return_val_if_fail (session != NULL, FALSE);
- g_return_val_if_fail (out_ck_objref != NULL, FALSE);
- *out_ck_objref = session->ck_objref;
- return TRUE;
-}
-
-/**
- * polkit_session_get_ck_is_active:
- * @session: The session object
- * @out_is_active: whether ConsoleKit reports the session as active
- *
- * Get whether ConsoleKit regard the session as active.
- *
- * Returns: TRUE iff the value is returned
- **/
-polkit_bool_t
-polkit_session_get_ck_is_active (PolKitSession *session, polkit_bool_t *out_is_active)
-{
- g_return_val_if_fail (session != NULL, FALSE);
- g_return_val_if_fail (out_is_active != NULL, FALSE);
- *out_is_active = session->is_active;
- return TRUE;
-}
-
-/**
- * polkit_session_get_ck_is_local:
- * @session: The session object
- * @out_is_local: whether ConsoleKit reports the session as local
- *
- * Set whether ConsoleKit regard the session as local.
- *
- * Returns: TRUE iff the value is returned
- **/
-polkit_bool_t
-polkit_session_get_ck_is_local (PolKitSession *session, polkit_bool_t *out_is_local)
-{
- g_return_val_if_fail (session != NULL, FALSE);
- g_return_val_if_fail (out_is_local != NULL, FALSE);
- *out_is_local = session->is_local;
- return TRUE;
-}
-
-/**
- * polkit_session_get_ck_remote_host:
- * @session: The session object
- * @out_remote_host: hostname of the host/display that ConsoleKit
- * reports the session to occur at. Shall not be freed by the caller.
- *
- * Get the remote host/display that ConsoleKit reports the session to
- * occur at.
- *
- * Returns: TRUE iff the value is returned
- **/
-polkit_bool_t
-polkit_session_get_ck_remote_host (PolKitSession *session, char **out_remote_host)
-{
- g_return_val_if_fail (session != NULL, FALSE);
- g_return_val_if_fail (out_remote_host != NULL, FALSE);
- *out_remote_host = session->remote_host;
- return TRUE;
-}
-
-/**
- * polkit_session_get_seat:
- * @session: The session object
- * @out_seat: Returns the seat the session belongs to. Shall not
- * be unreffed by the caller.
- *
- * Get the seat that the session belongs to.
- *
- * Returns: TRUE iff the value is returned
- **/
-polkit_bool_t
-polkit_session_get_seat (PolKitSession *session, PolKitSeat **out_seat)
-{
- g_return_val_if_fail (session != NULL, FALSE);
- g_return_val_if_fail (out_seat != NULL, FALSE);
- *out_seat = session->seat;
- return TRUE;
-}
-
-/**
- * polkit_session_debug:
- * @session: the object
- *
- * Print debug details
- **/
-void
-polkit_session_debug (PolKitSession *session)
-{
- g_return_if_fail (session != NULL);
- _pk_debug ("PolKitSession: refcount=%d uid=%d objpath=%s is_active=%d is_local=%d remote_host=%s",
- session->refcount, session->uid,
- session->ck_objref, session->is_active, session->is_local, session->remote_host);
- if (session->seat != NULL)
- polkit_seat_debug (session->seat);
-}
-
-
-/**
- * polkit_session_validate:
- * @session: the object
- *
- * Validate the object
- *
- * Returns: #TRUE iff the object is valid.
- **/
-polkit_bool_t
-polkit_session_validate (PolKitSession *session)
-{
- polkit_bool_t ret;
- g_return_val_if_fail (session != NULL, FALSE);
-
- ret = FALSE;
- if (session->is_local) {
- if (session->remote_host != NULL)
- goto error;
- } else {
- if (session->remote_host == NULL)
- goto error;
- }
- ret = TRUE;
-error:
- return ret;
-}
-
-#ifdef POLKIT_BUILD_TESTS
-
-static polkit_bool_t
-_run_test (void)
-{
- char *str;
- PolKitSession *s;
- PolKitSeat *seat;
- PolKitSeat *seat2;
- uid_t uid;
- polkit_bool_t b;
-
- s = polkit_session_new ();
- if (s == NULL) {
- /* OOM */
- } else {
- if (! polkit_session_set_ck_objref (s, "/somesession")) {
- /* OOM */
- } else {
- g_assert (polkit_session_get_ck_objref (s, &str) && strcmp (str, "/somesession") == 0);
- polkit_session_ref (s);
- polkit_session_unref (s);
- polkit_session_debug (s);
- if (! polkit_session_set_ck_objref (s, "/somesession2")) {
- /* OOM */
- } else {
- g_assert (polkit_session_get_ck_objref (s, &str) && strcmp (str, "/somesession2") == 0);
- }
-
- if ((seat = polkit_seat_new ()) != NULL) {
- if (polkit_seat_set_ck_objref (seat, "/someseat")) {
- g_assert (polkit_session_set_seat (s, seat));
- g_assert (polkit_session_get_seat (s, &seat2) && seat == seat2);
- }
- polkit_seat_unref (seat);
- if ((seat = polkit_seat_new ()) != NULL) {
- if (polkit_seat_set_ck_objref (seat, "/someseat2")) {
- g_assert (polkit_session_set_seat (s, seat));
- g_assert (polkit_session_get_seat (s, &seat2) && seat == seat2);
- }
- polkit_seat_unref (seat);
- }
- }
-
- g_assert (polkit_session_set_uid (s, 0));
- g_assert (polkit_session_get_uid (s, &uid) && uid == 0);
- g_assert (polkit_session_set_ck_is_active (s, TRUE));
- g_assert (polkit_session_get_ck_is_active (s, &b) && b == TRUE);
- g_assert (polkit_session_set_ck_is_local (s, TRUE));
- g_assert (polkit_session_get_ck_is_local (s, &b) && b == TRUE);
- g_assert (polkit_session_validate (s));
-
- g_assert (polkit_session_set_uid (s, 500));
- g_assert (polkit_session_get_uid (s, &uid) && uid == 500);
- g_assert (polkit_session_set_ck_is_active (s, FALSE));
- g_assert (polkit_session_get_ck_is_active (s, &b) && b == FALSE);
- g_assert (polkit_session_set_ck_is_local (s, FALSE));
- g_assert (polkit_session_get_ck_is_local (s, &b) && b == FALSE);
-
- /* not valid because remote host is not set.. */
- g_assert (!polkit_session_validate (s));
-
-
- if (polkit_session_set_ck_remote_host (s, "somehost.com")) {
- g_assert (polkit_session_get_ck_remote_host (s, &str) && strcmp (str, "somehost.com") == 0);
- g_assert (polkit_session_validate (s));
-
- /* not valid because remote host is set and local==TRUE */
- g_assert (polkit_session_set_ck_is_local (s, TRUE));
- g_assert (!polkit_session_validate (s));
- g_assert (polkit_session_set_ck_is_local (s, FALSE));
-
- if (polkit_session_set_ck_remote_host (s, "somehost2.com")) {
- g_assert (polkit_session_get_ck_remote_host (s, &str) && strcmp (str, "somehost2.com") == 0);
- g_assert (polkit_session_validate (s));
- }
- polkit_session_debug (s);
- }
-
- }
- polkit_session_unref (s);
- }
-
- return TRUE;
-}
-
-PolKitTest _test_session = {
- "polkit_session",
- NULL,
- NULL,
- _run_test
-};
-
-#endif /* POLKIT_BUILD_TESTS */
diff --git a/polkit/polkit-session.h b/polkit/polkit-session.h
deleted file mode 100644
index b1a2abe..0000000
--- a/polkit/polkit-session.h
+++ /dev/null
@@ -1,64 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-session.h : sessions
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_SESSION_H
-#define POLKIT_SESSION_H
-
-#include <polkit/polkit-types.h>
-#include <polkit/polkit-seat.h>
-
-#include <sys/types.h>
-
-POLKIT_BEGIN_DECLS
-
-struct _PolKitSession;
-typedef struct _PolKitSession PolKitSession;
-
-PolKitSession *polkit_session_new (void);
-PolKitSession *polkit_session_ref (PolKitSession *session);
-void polkit_session_unref (PolKitSession *session);
-polkit_bool_t polkit_session_set_uid (PolKitSession *session, uid_t uid);
-polkit_bool_t polkit_session_set_seat (PolKitSession *session, PolKitSeat *seat);
-polkit_bool_t polkit_session_set_ck_objref (PolKitSession *session, const char *ck_objref);
-polkit_bool_t polkit_session_set_ck_is_active (PolKitSession *session, polkit_bool_t is_active);
-polkit_bool_t polkit_session_set_ck_is_local (PolKitSession *session, polkit_bool_t is_local);
-polkit_bool_t polkit_session_set_ck_remote_host (PolKitSession *session, const char *remote_host);
-polkit_bool_t polkit_session_get_uid (PolKitSession *session, uid_t *out_uid);
-polkit_bool_t polkit_session_get_seat (PolKitSession *session, PolKitSeat **out_seat);
-polkit_bool_t polkit_session_get_ck_objref (PolKitSession *session, char **out_ck_objref);
-polkit_bool_t polkit_session_get_ck_is_active (PolKitSession *session, polkit_bool_t *out_is_active);
-polkit_bool_t polkit_session_get_ck_is_local (PolKitSession *session, polkit_bool_t *out_is_local);
-polkit_bool_t polkit_session_get_ck_remote_host (PolKitSession *session, char **out_remote_host);
-
-void polkit_session_debug (PolKitSession *session);
-polkit_bool_t polkit_session_validate (PolKitSession *session);
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_SESSION_H */
diff --git a/polkit/polkit-sysdeps.c b/polkit/polkit-sysdeps.c
deleted file mode 100644
index 1a8f15d..0000000
--- a/polkit/polkit-sysdeps.c
+++ /dev/null
@@ -1,159 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-sysdeps.c : Various platform specific utility functions
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-#include <sys/inotify.h>
-#include <syslog.h>
-
-#include <glib.h>
-#include "polkit-sysdeps.h"
-
-
-/**
- * SECTION:polkit-sysdeps
- * @title: System Dependencies
- * @short_description: Various platform specific utility functions
- *
- * Various platform specific utility functions.
- *
- * Since: 0.7
- **/
-
-
-/**
- * polkit_sysdeps_get_start_time_for_pid:
- * @pid: process id
- *
- * Get when a process started.
- *
- * Returns: start time for the process or 0 if an error occured
- *
- * Since: 0.7
- */
-polkit_uint64_t
-polkit_sysdeps_get_start_time_for_pid (pid_t pid)
-{
- char *filename;
- char *contents;
- gsize length;
- polkit_uint64_t start_time;
- GError *error = NULL;
- char **tokens;
- char *p;
- char *endp;
-
- start_time = 0;
- contents = NULL;
-
- filename = g_strdup_printf ("/proc/%d/stat", pid);
- if (filename == NULL) {
- fprintf (stderr, "Out of memory\n");
- goto out;
- }
-
- if (!g_file_get_contents (filename, &contents, &length, &error)) {
- //fprintf (stderr, "Cannot get contents of '%s': %s\n", filename, error->message);
- g_error_free (error);
- goto out;
- }
-
- /* start time is the 19th token after the '(process name)' entry */
-
- p = strchr (contents, ')');
- if (p == NULL) {
- goto out;
- }
- p += 2; /* skip ') ' */
- if (p - contents >= (int) length) {
- goto out;
- }
-
- tokens = g_strsplit (p, " ", 0);
- if (g_strv_length (tokens) < 20) {
- goto out;
- }
-
- start_time = strtoll (tokens[19], &endp, 10);
- if (endp == tokens[19]) {
- goto out;
- }
-
- g_strfreev (tokens);
-
-out:
- g_free (filename);
- g_free (contents);
- return start_time;
-}
-
-/**
- * polkit_sysdeps_get_exe_for_pid:
- * @pid: process id
- * @out_buf: buffer to store the string representation in
- * @buf_size: size of buffer
- *
- * Get the name of the binary a given process was started from. Note
- * that this is not reliable information; it should not be part of any
- * security decision.
- *
- * Returns: Number of characters written (not including trailing
- * '\0'). If the output was truncated due to the buffer being too
- * small, buf_size will be returned. Thus, a return value of buf_size
- * or more indicates that the output was truncated (see snprintf(3))
- * or an error occured. If the name cannot be found, -1 will be
- * returned.
- *
- * Since: 0.7
- */
-int
-polkit_sysdeps_get_exe_for_pid (pid_t pid, char *out_buf, size_t buf_size)
-{
- int ret;
- char proc_name[32];
-
- ret = 0;
-
- snprintf (proc_name, sizeof (proc_name), "/proc/%d/exe", pid);
- ret = readlink (proc_name, out_buf, buf_size - 1);
- if (ret == -1) {
- goto out;
- }
- g_assert (ret >= 0 && ret < (int) buf_size - 1);
- out_buf[ret] = '\0';
-
-out:
- return ret;
-}
diff --git a/polkit/polkit-sysdeps.h b/polkit/polkit-sysdeps.h
deleted file mode 100644
index b4b62b0..0000000
--- a/polkit/polkit-sysdeps.h
+++ /dev/null
@@ -1,45 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-sysdeps.h : Various platform specific utility functions
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_SYSDEPS_H
-#define POLKIT_SYSDEPS_H
-
-#include <sys/types.h>
-#include <polkit/polkit-types.h>
-
-POLKIT_BEGIN_DECLS
-
-polkit_uint64_t polkit_sysdeps_get_start_time_for_pid (pid_t pid);
-
-int polkit_sysdeps_get_exe_for_pid (pid_t pid, char *out_buf, size_t buf_size);
-
-
-POLKIT_END_DECLS
-
-#endif
diff --git a/polkit/polkit-test.c b/polkit/polkit-test.c
deleted file mode 100644
index e1124bc..0000000
--- a/polkit/polkit-test.c
+++ /dev/null
@@ -1,112 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-test.c : PolicyKit test
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <polkit/polkit-test.h>
-#include <polkit/polkit-memory.h>
-#include <polkit/polkit-private.h>
-
-#define MAX_TESTS 64
-
-static PolKitTest *tests[] = {
- &_test_list,
- &_test_hash,
- &_test_action,
- &_test_error,
- &_test_result,
- &_test_seat,
- &_test_session,
- &_test_caller,
- &_test_policy_default,
- &_test_policy_file_entry,
- &_test_policy_file,
-};
-
-int
-main (int argc, char *argv[])
-{
- int ret;
- int n;
- int num_tests;
-
- ret = 0;
-
- num_tests = sizeof (tests) / sizeof (PolKitTest*);
-
- printf ("Running %d unit tests\n", num_tests);
- for (n = 0; n < num_tests; n++) {
- int m;
- int total_allocs;
- int delta;
- PolKitTest *test = tests[n];
-
- _polkit_memory_reset ();
-
- if (test->setup != NULL)
- test->setup ();
-
- printf ("Running: %s\n", test->name);
- if (!test->run ()) {
- printf ("Failed\n");
- ret = 1;
- goto test_done;
- }
-
- total_allocs = _polkit_memory_get_total_allocations ();
- printf (" Unit test made %d allocations in total\n", total_allocs);
-
- delta = _polkit_memory_get_current_allocations ();
- if (delta != 0) {
- printf (" Unit test leaked %d allocations\n", delta);
- ret = 1;
- }
-
- for (m = 0; m < total_allocs; m++) {
- printf (" Failing allocation %d of %d\n", m + 1, total_allocs);
-
- _polkit_memory_reset ();
- _polkit_memory_fail_nth_alloc (m);
-
- if (!test->run ()) {
- printf (" Failed\n");
- ret = 1;
- continue;
- }
-
- delta = _polkit_memory_get_current_allocations ();
- if (delta != 0) {
- printf (" Unit test leaked %d allocations\n", delta);
- ret = 1;
- }
- }
-
- test_done:
- if (test->teardown != NULL)
- test->teardown ();
- }
-
- return ret;
-}
diff --git a/polkit/polkit-test.h b/polkit/polkit-test.h
deleted file mode 100644
index 9f938de..0000000
--- a/polkit/polkit-test.h
+++ /dev/null
@@ -1,69 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-test.h : PolicyKit test
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION)
-#error "polkit-test.h is a private file"
-#endif
-
-#ifndef POLKIT_TEST_H
-#define POLKIT_TEST_H
-
-#include <polkit/polkit-types.h>
-
-POLKIT_BEGIN_DECLS
-
-polkit_bool_t _test_polkit_action (void);
-polkit_bool_t _test_polkit_error (void);
-
-/**
- * PolKitTest:
- *
- * Test suite abstraction.
- */
-typedef struct {
- /*< private >*/
- const char *name;
- void (*setup) (void);
- void (*teardown) (void);
- polkit_bool_t (*run) (void);
-} PolKitTest;
-
-extern PolKitTest _test_action;
-extern PolKitTest _test_error;
-extern PolKitTest _test_result;
-extern PolKitTest _test_seat;
-extern PolKitTest _test_session;
-extern PolKitTest _test_caller;
-extern PolKitTest _test_policy_default;
-extern PolKitTest _test_policy_file_entry;
-extern PolKitTest _test_hash;
-extern PolKitTest _test_policy_file;
-extern PolKitTest _test_list;
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_TEST_H */
-
-
diff --git a/polkit/polkit-types.h b/polkit/polkit-types.h
deleted file mode 100644
index 969af78..0000000
--- a/polkit/polkit-types.h
+++ /dev/null
@@ -1,105 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-types.h : fundamental types such as polkit_bool_t
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_TYPES_H
-#define POLKIT_TYPES_H
-
-#ifdef __cplusplus
-# define POLKIT_BEGIN_DECLS extern "C" {
-# define POLKIT_END_DECLS }
-#else
-/**
- * POLKIT_BEGIN_DECLS:
- *
- * C++ include header guard.
- */
-# define POLKIT_BEGIN_DECLS
-/**
- * POLKIT_END_DECLS:
- *
- * C++ include header guard.
- */
-# define POLKIT_END_DECLS
-#endif
-
-#if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1)
-#define POLKIT_GNUC_DEPRECATED \
- __attribute__((__deprecated__))
-#else
-/**
- * POLKIT_GNUC_DEPRECATED:
- *
- * Used in front of deprecated functions.
- */
-#define POLKIT_GNUC_DEPRECATED
-#endif /* __GNUC__ */
-
-POLKIT_BEGIN_DECLS
-
-/**
- * SECTION:polkit-types
- * @title: Basic types
- * @short_description: Type definitions for common primitive types.
- *
- * Type definitions for common primitive types.
- **/
-
-/**
- * polkit_bool_t:
- *
- * A boolean, valid values are #TRUE and #FALSE.
- */
-typedef int polkit_bool_t;
-
-/**
- * polkit_uint32_t:
- *
- * Type for unsigned 32 bit integer.
- */
-typedef unsigned int polkit_uint32_t;
-
-/**
- * polkit_uint64_t:
- *
- * Type for unsigned 64 bit integer.
- */
-typedef unsigned long long polkit_uint64_t;
-
-#ifndef TRUE
-# define TRUE 1
-#endif
-#ifndef FALSE
-# define FALSE 0
-#endif
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_TYPES_H */
-
-
diff --git a/polkit/polkit-utils.c b/polkit/polkit-utils.c
deleted file mode 100644
index 9b51a53..0000000
--- a/polkit/polkit-utils.c
+++ /dev/null
@@ -1,153 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-utils.c : internal utilities used in polkit
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <sys/time.h>
-#include <time.h>
-#include <glib.h>
-#include <string.h>
-
-#include "polkit-utils.h"
-#include "polkit-debug.h"
-
-/**
- * SECTION:polkit-utils
- * @short_description: Internal utility functions for polkit.
- *
- * Internal utility functions for polkit.
- **/
-
-/**
- * _pk_validate_identifier:
- * @identifier: the NUL-terminated string to validate
- *
- * Validates strings used for an identifier; PolicyKit conventions
- * state that identifiers must be NUL-terminated ASCII strings less
- * than 256 bytes and only contain the characters "[a-z][A-Z]0-9]._-:/"
- *
- * Returns: #TRUE iff the identifier validates
- **/
-polkit_bool_t
-_pk_validate_identifier (const char *identifier)
-{
- unsigned int n;
- polkit_bool_t ret;
-
- g_return_val_if_fail (identifier != NULL, FALSE);
-
- ret = FALSE;
- for (n = 0; identifier[n] != '\0'; n++) {
- char c = identifier[n];
-
- if (n >= 255) {
- _pk_debug ("identifier too long");
- goto out;
- }
-
- if ((c >= 'a' && c <= 'z') ||
- (c >= 'A' && c <= 'Z') ||
- (c >= '0' && c <= '9') ||
- c == '.' ||
- c == '_' ||
- c == '-' ||
- c == ':' ||
- c == '/')
- continue;
-
- _pk_debug ("invalid character in identifier");
- goto out;
- }
-
- ret = TRUE;
-out:
- return ret;
-}
-
-
-/* Determine wether the given character is valid as a second or later character in a bus name */
-#define VALID_BUS_NAME_CHARACTER(c) \
- ( ((c) >= '0' && (c) <= '9') || \
- ((c) >= 'A' && (c) <= 'Z') || \
- ((c) >= 'a' && (c) <= 'z') || \
- ((c) == '_') || ((c) == '-'))
-
-polkit_bool_t
-_pk_validate_unique_bus_name (const char *unique_bus_name)
-{
- int len;
- const char *s;
- const char *end;
- const char *last_dot;
- polkit_bool_t ret;
-
- ret = FALSE;
-
- if (unique_bus_name == NULL)
- goto error;
-
- len = strlen (unique_bus_name);
- if (len == 0)
- goto error;
-
- end = unique_bus_name + len;
- last_dot = NULL;
-
- s = unique_bus_name;
-
- /* check special cases of first char so it doesn't have to be done
- * in the loop. Note we know len > 0
- */
- if (*s == ':') {
- /* unique name */
- ++s;
- while (s != end) {
- if (*s == '.') {
- if (G_UNLIKELY ((s + 1) == end))
- goto error;
- if (G_UNLIKELY (!VALID_BUS_NAME_CHARACTER (*(s + 1))))
- goto error;
- ++s; /* we just validated the next char, so skip two */
- } else if (G_UNLIKELY (!VALID_BUS_NAME_CHARACTER (*s))) {
- goto error;
- }
- ++s;
- }
- } else {
- goto error;
- }
-
- ret = TRUE;
-
-error:
- if (!ret)
- _pk_debug ("name '%s' did not validate", unique_bus_name);
- return ret;
-}
diff --git a/polkit/polkit-utils.h b/polkit/polkit-utils.h
deleted file mode 100644
index 910033a..0000000
--- a/polkit/polkit-utils.h
+++ /dev/null
@@ -1,41 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-utils.h : internal utilities used in polkit
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#ifndef POLKIT_UTILS_H
-#define POLKIT_UTILS_H
-
-#include <polkit/polkit-types.h>
-
-POLKIT_BEGIN_DECLS
-
-polkit_bool_t _pk_validate_identifier (const char *identifier);
-
-polkit_bool_t _pk_validate_unique_bus_name (const char *unique_bus_name);
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_UTILS_H */
-
-
diff --git a/polkit/polkit.h b/polkit/polkit.h
deleted file mode 100644
index 0836d4c..0000000
--- a/polkit/polkit.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit.h : library for querying system-wide policy
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#ifndef POLKIT_H
-#define POLKIT_H
-
-#define _POLKIT_INSIDE_POLKIT_H 1
-#include <polkit/polkit-types.h>
-#include <polkit/polkit-memory.h>
-#include <polkit/polkit-hash.h>
-#include <polkit/polkit-sysdeps.h>
-#include <polkit/polkit-error.h>
-#include <polkit/polkit-result.h>
-#include <polkit/polkit-context.h>
-#include <polkit/polkit-action.h>
-#include <polkit/polkit-seat.h>
-#include <polkit/polkit-session.h>
-#include <polkit/polkit-caller.h>
-#include <polkit/polkit-policy-file-entry.h>
-#include <polkit/polkit-policy-file.h>
-#include <polkit/polkit-policy-cache.h>
-#include <polkit/polkit-policy-default.h>
-#include <polkit/polkit-config.h>
-#include <polkit/polkit-authorization.h>
-#include <polkit/polkit-authorization-db.h>
-#undef _POLKIT_INSIDE_POLKIT_H
-
-#endif /* POLKIT_H */
-
-
diff --git a/src/polkit-dbus/Makefile.am b/src/polkit-dbus/Makefile.am
new file mode 100644
index 0000000..3c7fac1
--- /dev/null
+++ b/src/polkit-dbus/Makefile.am
@@ -0,0 +1,47 @@
+## Process this file with automake to produce Makefile.in
+
+INCLUDES = \
+ -I$(top_builddir) -I$(top_srcdir) \
+ -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
+ -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
+ -DPACKAGE_DATA_DIR=\""$(datadir)"\" \
+ -DPACKAGE_BIN_DIR=\""$(bindir)"\" \
+ -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \
+ -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \
+ -DPACKAGE_LIB_DIR=\""$(libdir)"\" \
+ -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \
+ -DPOLKIT_COMPILATION \
+ @GLIB_CFLAGS@ @DBUS_CFLAGS@
+
+lib_LTLIBRARIES=libpolkit-dbus.la
+
+libpolkit_dbusincludedir=$(includedir)/PolicyKit/polkit-dbus
+
+libpolkit_dbusinclude_HEADERS = \
+ polkit-dbus.h
+
+libpolkit_dbus_la_SOURCES = \
+ polkit-dbus.h polkit-dbus.c
+
+libpolkit_dbus_la_LIBADD = @DBUS_LIBS@ $(top_builddir)/polkit/libpolkit.la $(SELINUX_LIBS)
+
+libpolkit_dbus_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
+
+if POLKIT_AUTHDB_DEFAULT
+libexec_PROGRAMS = polkit-read-auth-helper
+
+polkit_read_auth_helper_SOURCES = polkit-read-auth-helper.c
+polkit_read_auth_helper_CFLAGS = @DBUS_CFLAGS@
+polkit_read_auth_helper_LDADD = $(top_builddir)/polkit/libpolkit.la $(top_builddir)/polkit-dbus/libpolkit-dbus.la
+
+# polkit-read-auth-helper needs to be setgid $POLKIT_GROUP to be able
+# to read authorization files in /var/lib/PolicyKit and
+# /var/run/PolicyKit
+#
+install-exec-hook:
+ -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-read-auth-helper
+ -chmod 2755 $(DESTDIR)$(libexecdir)/polkit-read-auth-helper
+endif
+
+clean-local :
+ rm -f *~ $(BUILT_SOURCES)
diff --git a/src/polkit-dbus/polkit-dbus.c b/src/polkit-dbus/polkit-dbus.c
new file mode 100644
index 0000000..9ead04a
--- /dev/null
+++ b/src/polkit-dbus/polkit-dbus.c
@@ -0,0 +1,1492 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-dbus.h : helper library for obtaining seat, session and
+ * caller information via D-Bus and ConsoleKit
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+/**
+ * SECTION:polkit-dbus
+ * @title: Caller Determination
+ * @short_description: Obtaining seat, session and caller information
+ * via D-Bus and ConsoleKit.
+ *
+ * Helper library for obtaining seat, session and caller information
+ * via D-Bus and ConsoleKit. This library is only useful when writing
+ * a mechanism.
+ *
+ * If the mechanism itself is a daemon exposing a remote services via
+ * the system message bus it's often a better idea, to reduce
+ * roundtrips, to use the high-level #PolKitTracker class rather than
+ * the low-level functions polkit_caller_new_from_dbus_name() and
+ * polkit_caller_new_from_pid().
+ *
+ * These functions are in <literal>libpolkit-dbus</literal>.
+ **/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <errno.h>
+#include <time.h>
+#include <glib.h>
+#include <string.h>
+
+#ifdef HAVE_SELINUX
+#include <selinux/selinux.h>
+#endif
+
+#include "polkit-dbus.h"
+#include <polkit/polkit-debug.h>
+
+/**
+ * polkit_session_new_from_objpath:
+ * @con: D-Bus system bus connection
+ * @objpath: object path of ConsoleKit session object
+ * @uid: the user owning the session or -1 if unknown
+ * @error: D-Bus error
+ *
+ * This function will construct a #PolKitSession object by querying
+ * the ConsoleKit daemon for information. Note that this will do a lot
+ * of blocking IO so it is best avoided if your process already
+ * tracks/caches all the information. If you pass in @uid as a
+ * non-negative number, a round trip can be saved.
+ *
+ * This function is in <literal>libpolkit-dbus</literal>.
+ *
+ * Returns: the new object or #NULL if an error occured (in which case
+ * @error will be set)
+ **/
+PolKitSession *
+polkit_session_new_from_objpath (DBusConnection *con, const char *objpath, uid_t uid, DBusError *error)
+{
+ PolKitSeat *seat;
+ PolKitSession *session;
+ DBusMessage *message;
+ DBusMessage *reply;
+ char *str;
+ dbus_bool_t is_active;
+ dbus_bool_t is_local;
+ char *remote_host;
+ char *seat_path;
+
+ g_return_val_if_fail (con != NULL, NULL);
+ g_return_val_if_fail (objpath != NULL, NULL);
+ g_return_val_if_fail (error != NULL, NULL);
+ g_return_val_if_fail (! dbus_error_is_set (error), NULL);
+
+ session = NULL;
+ remote_host = NULL;
+ seat_path = NULL;
+
+ message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
+ objpath,
+ "org.freedesktop.ConsoleKit.Session",
+ "IsActive");
+ reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
+ if (reply == NULL || dbus_error_is_set (error)) {
+ g_warning ("Error doing Session.IsActive on ConsoleKit: %s: %s", error->name, error->message);
+ dbus_message_unref (message);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ goto out;
+ }
+ if (!dbus_message_get_args (reply, NULL,
+ DBUS_TYPE_BOOLEAN, &is_active,
+ DBUS_TYPE_INVALID)) {
+ g_warning ("Invalid IsActive reply from CK");
+ goto out;
+ }
+ dbus_message_unref (message);
+ dbus_message_unref (reply);
+
+ message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
+ objpath,
+ "org.freedesktop.ConsoleKit.Session",
+ "IsLocal");
+ reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
+ if (reply == NULL || dbus_error_is_set (error)) {
+ g_warning ("Error doing Session.IsLocal on ConsoleKit: %s: %s", error->name, error->message);
+ dbus_message_unref (message);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ goto out;
+ }
+ if (!dbus_message_get_args (reply, NULL,
+ DBUS_TYPE_BOOLEAN, &is_local,
+ DBUS_TYPE_INVALID)) {
+ g_warning ("Invalid IsLocal reply from CK");
+ goto out;
+ }
+ dbus_message_unref (message);
+ dbus_message_unref (reply);
+
+ if (!is_local) {
+ message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
+ objpath,
+ "org.freedesktop.ConsoleKit.Session",
+ "GetRemoteHostName");
+ reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
+ if (reply == NULL || dbus_error_is_set (error)) {
+ g_warning ("Error doing Session.GetRemoteHostName on ConsoleKit: %s: %s",
+ error->name, error->message);
+ dbus_message_unref (message);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ goto out;
+ }
+ if (!dbus_message_get_args (reply, NULL,
+ DBUS_TYPE_STRING, &str,
+ DBUS_TYPE_INVALID)) {
+ g_warning ("Invalid GetRemoteHostName reply from CK");
+ goto out;
+ }
+ remote_host = g_strdup (str);
+ dbus_message_unref (message);
+ dbus_message_unref (reply);
+ }
+
+ message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
+ objpath,
+ "org.freedesktop.ConsoleKit.Session",
+ "GetSeatId");
+ reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
+ if (reply == NULL || dbus_error_is_set (error)) {
+ g_warning ("Error doing Session.GetSeatId on ConsoleKit: %s: %s",
+ error->name, error->message);
+ dbus_message_unref (message);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ goto out;
+ }
+ if (!dbus_message_get_args (reply, NULL,
+ DBUS_TYPE_OBJECT_PATH, &str,
+ DBUS_TYPE_INVALID)) {
+ g_warning ("Invalid GetSeatId reply from CK");
+ goto out;
+ }
+ seat_path = g_strdup (str);
+ dbus_message_unref (message);
+ dbus_message_unref (reply);
+
+ if ((int) uid == -1) {
+ message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
+ objpath,
+ "org.freedesktop.ConsoleKit.Session",
+ "GetUnixUser");
+ reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
+ if (reply == NULL || dbus_error_is_set (error)) {
+ g_warning ("Error doing Session.GetUnixUser on ConsoleKit: %s: %s",error->name, error->message);
+ dbus_message_unref (message);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ goto out;
+ }
+ if (!dbus_message_get_args (reply, NULL,
+ DBUS_TYPE_INT32, &uid,
+ DBUS_TYPE_INVALID)) {
+ g_warning ("Invalid GetUnixUser reply from CK");
+ goto out;
+ }
+ dbus_message_unref (message);
+ dbus_message_unref (reply);
+ }
+
+ session = polkit_session_new ();
+ if (session == NULL) {
+ goto out;
+ }
+ if (!polkit_session_set_uid (session, uid)) {
+ polkit_session_unref (session);
+ session = NULL;
+ goto out;
+ }
+ if (!polkit_session_set_ck_objref (session, objpath)) {
+ polkit_session_unref (session);
+ session = NULL;
+ goto out;
+ }
+ if (!polkit_session_set_ck_is_active (session, is_active)) {
+ polkit_session_unref (session);
+ session = NULL;
+ goto out;
+ }
+ if (!polkit_session_set_ck_is_local (session, is_local)) {
+ polkit_session_unref (session);
+ session = NULL;
+ goto out;
+ }
+ if (!is_local) {
+ if (!polkit_session_set_ck_remote_host (session, remote_host)) {
+ polkit_session_unref (session);
+ session = NULL;
+ goto out;
+ }
+
+ }
+
+ seat = polkit_seat_new ();
+ if (seat == NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ goto out;
+ }
+ if (!polkit_seat_set_ck_objref (seat, seat_path)) {
+ polkit_seat_unref (seat);
+ seat = NULL;
+ polkit_session_unref (session);
+ session = NULL;
+ goto out;
+ }
+ if (!polkit_seat_validate (seat)) {
+ polkit_seat_unref (seat);
+ seat = NULL;
+ polkit_session_unref (session);
+ session = NULL;
+ goto out;
+ }
+
+ if (!polkit_session_set_seat (session, seat)) {
+ polkit_seat_unref (seat);
+ seat = NULL;
+ polkit_session_unref (session);
+ session = NULL;
+ goto out;
+ }
+ polkit_seat_unref (seat); /* session object now owns this object */
+ seat = NULL;
+
+ if (!polkit_session_validate (session)) {
+ polkit_session_unref (session);
+ session = NULL;
+ goto out;
+ }
+
+out:
+ g_free (remote_host);
+ g_free (seat_path);
+ return session;
+}
+
+/**
+ * polkit_session_new_from_cookie:
+ * @con: D-Bus system bus connection
+ * @cookie: a ConsoleKit XDG_SESSION_COOKIE
+ * @error: D-Bus error
+ *
+ * This function will construct a #PolKitSession object by querying
+ * the ConsoleKit daemon for information. Note that this will do a lot
+ * of blocking IO so it is best avoided if your process already
+ * tracks/caches all the information.
+ *
+ * This function is in <literal>libpolkit-dbus</literal>.
+ *
+ * Returns: the new object or #NULL if an error occured (in which case
+ * @error will be set)
+ **/
+PolKitSession *
+polkit_session_new_from_cookie (DBusConnection *con, const char *cookie, DBusError *error)
+{
+ PolKitSession *session;
+ DBusMessage *message;
+ DBusMessage *reply;
+ char *str;
+ char *objpath;
+
+ g_return_val_if_fail (con != NULL, NULL);
+ g_return_val_if_fail (cookie != NULL, NULL);
+ g_return_val_if_fail (error != NULL, NULL);
+ g_return_val_if_fail (! dbus_error_is_set (error), NULL);
+
+ objpath = NULL;
+ session = NULL;
+
+ message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
+ "/org/freedesktop/ConsoleKit/Manager",
+ "org.freedesktop.ConsoleKit.Manager",
+ "GetSessionForCookie");
+ dbus_message_append_args (message, DBUS_TYPE_STRING, &cookie, DBUS_TYPE_INVALID);
+ reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
+ if (reply == NULL || dbus_error_is_set (error)) {
+ //g_warning ("Error doing Manager.GetSessionForCookie on ConsoleKit: %s: %s", error->name, error->message);
+ dbus_message_unref (message);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ goto out;
+ }
+ if (!dbus_message_get_args (reply, NULL,
+ DBUS_TYPE_OBJECT_PATH, &str,
+ DBUS_TYPE_INVALID)) {
+ g_warning ("Invalid GetSessionForCookie reply from CK");
+ goto out;
+ }
+ objpath = g_strdup (str);
+ dbus_message_unref (message);
+ dbus_message_unref (reply);
+
+ session = polkit_session_new_from_objpath (con, objpath, -1, error);
+
+out:
+ g_free (objpath);
+ return session;
+}
+
+
+/**
+ * polkit_caller_new_from_dbus_name:
+ * @con: D-Bus system bus connection
+ * @dbus_name: unique system bus connection name
+ * @error: D-Bus error
+ *
+ * This function will construct a #PolKitCaller object by querying
+ * both the system bus daemon and the ConsoleKit daemon for
+ * information. Note that this will do a lot of blocking IO so it is
+ * best avoided if your process already tracks/caches all the
+ * information. You can use the #PolKitTracker class for this.
+ *
+ * This function is in <literal>libpolkit-dbus</literal>.
+ *
+ * Returns: the new object or #NULL if an error occured (in which case
+ * @error will be set)
+ **/
+PolKitCaller *
+polkit_caller_new_from_dbus_name (DBusConnection *con, const char *dbus_name, DBusError *error)
+{
+ PolKitCaller *caller;
+ pid_t pid;
+ uid_t uid;
+ char *selinux_context;
+ char *ck_session_objpath;
+ PolKitSession *session;
+ DBusMessage *message;
+ DBusMessage *reply;
+ DBusMessageIter iter;
+ DBusMessageIter sub_iter;
+ char *str;
+ int num_elems;
+
+ g_return_val_if_fail (con != NULL, NULL);
+ g_return_val_if_fail (dbus_name != NULL, NULL);
+ g_return_val_if_fail (error != NULL, NULL);
+ g_return_val_if_fail (! dbus_error_is_set (error), NULL);
+
+ selinux_context = NULL;
+ ck_session_objpath = NULL;
+
+ caller = NULL;
+ session = NULL;
+
+ uid = dbus_bus_get_unix_user (con, dbus_name, error);
+ if (dbus_error_is_set (error)) {
+ g_warning ("Could not get uid for connection: %s %s", error->name, error->message);
+ goto out;
+ }
+
+ message = dbus_message_new_method_call ("org.freedesktop.DBus",
+ "/org/freedesktop/DBus/Bus",
+ "org.freedesktop.DBus",
+ "GetConnectionUnixProcessID");
+ dbus_message_iter_init_append (message, &iter);
+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &dbus_name);
+ reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
+ if (reply == NULL || dbus_error_is_set (error)) {
+ g_warning ("Error doing GetConnectionUnixProcessID on Bus: %s: %s", error->name, error->message);
+ dbus_message_unref (message);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ goto out;
+ }
+ dbus_message_iter_init (reply, &iter);
+ dbus_message_iter_get_basic (&iter, &pid);
+ dbus_message_unref (message);
+ dbus_message_unref (reply);
+
+ message = dbus_message_new_method_call ("org.freedesktop.DBus",
+ "/org/freedesktop/DBus/Bus",
+ "org.freedesktop.DBus",
+ "GetConnectionSELinuxSecurityContext");
+ dbus_message_iter_init_append (message, &iter);
+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &dbus_name);
+ reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
+ /* SELinux might not be enabled */
+ if (dbus_error_is_set (error) &&
+ strcmp (error->name, "org.freedesktop.DBus.Error.SELinuxSecurityContextUnknown") == 0) {
+ dbus_message_unref (message);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ dbus_error_init (error);
+ } else if (reply == NULL || dbus_error_is_set (error)) {
+ g_warning ("Error doing GetConnectionSELinuxSecurityContext on Bus: %s: %s", error->name, error->message);
+ dbus_message_unref (message);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ goto out;
+ } else {
+ /* TODO: verify signature */
+ dbus_message_iter_init (reply, &iter);
+ dbus_message_iter_recurse (&iter, &sub_iter);
+ dbus_message_iter_get_fixed_array (&sub_iter, (void *) &str, &num_elems);
+ if (str != NULL && num_elems > 0)
+ selinux_context = g_strndup (str, num_elems);
+ dbus_message_unref (message);
+ dbus_message_unref (reply);
+ }
+
+ message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
+ "/org/freedesktop/ConsoleKit/Manager",
+ "org.freedesktop.ConsoleKit.Manager",
+ "GetSessionForUnixProcess");
+ dbus_message_iter_init_append (message, &iter);
+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_UINT32, &pid);
+ reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
+ if (reply == NULL || dbus_error_is_set (error)) {
+ //g_warning ("Error doing GetSessionForUnixProcess on ConsoleKit: %s: %s", error->name, error->message);
+ dbus_message_unref (message);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ /* OK, this is not a catastrophe; just means the caller is not a
+ * member of any session or that ConsoleKit is not available..
+ */
+ goto not_in_session;
+ }
+ dbus_message_iter_init (reply, &iter);
+ dbus_message_iter_get_basic (&iter, &str);
+ ck_session_objpath = g_strdup (str);
+ dbus_message_unref (message);
+ dbus_message_unref (reply);
+
+ session = polkit_session_new_from_objpath (con, ck_session_objpath, uid, error);
+ if (session == NULL) {
+ g_warning ("Got a session objpath but couldn't construct session object!");
+ goto out;
+ }
+ if (!polkit_session_validate (session)) {
+ polkit_session_unref (session);
+ session = NULL;
+ goto out;
+ }
+
+not_in_session:
+
+ caller = polkit_caller_new ();
+ if (caller == NULL) {
+ if (session != NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ }
+ goto out;
+ }
+
+ if (!polkit_caller_set_dbus_name (caller, dbus_name)) {
+ if (session != NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ }
+ polkit_caller_unref (caller);
+ caller = NULL;
+ goto out;
+ }
+ if (!polkit_caller_set_uid (caller, uid)) {
+ if (session != NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ }
+ polkit_caller_unref (caller);
+ caller = NULL;
+ goto out;
+ }
+ if (!polkit_caller_set_pid (caller, pid)) {
+ if (session != NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ }
+ polkit_caller_unref (caller);
+ caller = NULL;
+ goto out;
+ }
+ if (selinux_context != NULL) {
+ if (!polkit_caller_set_selinux_context (caller, selinux_context)) {
+ if (session != NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ }
+ polkit_caller_unref (caller);
+ caller = NULL;
+ goto out;
+ }
+ }
+ if (session != NULL) {
+ if (!polkit_caller_set_ck_session (caller, session)) {
+ if (session != NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ }
+ polkit_caller_unref (caller);
+ caller = NULL;
+ goto out;
+ }
+ polkit_session_unref (session); /* caller object now own this object */
+ session = NULL;
+ }
+
+ if (!polkit_caller_validate (caller)) {
+ polkit_caller_unref (caller);
+ caller = NULL;
+ goto out;
+ }
+
+out:
+ g_free (selinux_context);
+ g_free (ck_session_objpath);
+ return caller;
+}
+
+/**
+ * polkit_caller_new_from_pid:
+ * @con: D-Bus system bus connection
+ * @pid: process id
+ * @error: D-Bus error
+ *
+ * This function will construct a #PolKitCaller object by querying
+ * both information in /proc (on Linux) and the ConsoleKit daemon for
+ * information about a given process. Note that this will do a lot of
+ * blocking IO so it is best avoided if your process already
+ * tracks/caches all the information. You can use the #PolKitTracker
+ * class for this.
+ *
+ * This function is in <literal>libpolkit-dbus</literal>.
+ *
+ * Returns: the new object or #NULL if an error occured (in which case
+ * @error will be set)
+ **/
+PolKitCaller *
+polkit_caller_new_from_pid (DBusConnection *con, pid_t pid, DBusError *error)
+{
+ PolKitCaller *caller;
+ uid_t uid;
+ char *selinux_context;
+ char *ck_session_objpath;
+ PolKitSession *session;
+ DBusMessage *message;
+ DBusMessage *reply;
+ DBusMessageIter iter;
+ char *str;
+ char *proc_path;
+ struct stat statbuf;
+#ifdef HAVE_SELINUX
+ security_context_t secon;
+#endif
+
+ g_return_val_if_fail (con != NULL, NULL);
+ g_return_val_if_fail (error != NULL, NULL);
+ g_return_val_if_fail (! dbus_error_is_set (error), NULL);
+
+ selinux_context = NULL;
+ ck_session_objpath = NULL;
+ caller = NULL;
+ session = NULL;
+ proc_path = NULL;
+
+ proc_path = g_strdup_printf ("/proc/%d", pid);
+ if (stat (proc_path, &statbuf) != 0) {
+ g_warning ("Cannot lookup information for pid %d: %s", pid, strerror (errno));
+ goto out;
+ }
+ uid = statbuf.st_uid;
+
+#ifdef HAVE_SELINUX
+ /* only get the context if we are enabled */
+ selinux_context = NULL;
+ if (is_selinux_enabled () != 0) {
+ if (getpidcon (pid, &secon) != 0) {
+ g_warning ("Cannot lookup SELinux context for pid %d: %s", pid, strerror (errno));
+ goto out;
+ }
+ selinux_context = g_strdup (secon);
+ freecon (secon);
+ }
+#else
+ selinux_context = NULL;
+#endif
+
+ message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
+ "/org/freedesktop/ConsoleKit/Manager",
+ "org.freedesktop.ConsoleKit.Manager",
+ "GetSessionForUnixProcess");
+ dbus_message_iter_init_append (message, &iter);
+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_UINT32, &pid);
+ reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
+ if (reply == NULL || dbus_error_is_set (error)) {
+ //g_warning ("Error doing GetSessionForUnixProcess on ConsoleKit: %s: %s", error->name, error->message);
+ dbus_message_unref (message);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ /* OK, this is not a catastrophe; just means the caller is not a
+ * member of any session or that ConsoleKit is not available..
+ */
+ goto not_in_session;
+ }
+ dbus_message_iter_init (reply, &iter);
+ dbus_message_iter_get_basic (&iter, &str);
+ ck_session_objpath = g_strdup (str);
+ dbus_message_unref (message);
+ dbus_message_unref (reply);
+
+ session = polkit_session_new_from_objpath (con, ck_session_objpath, uid, error);
+ if (session == NULL) {
+ g_warning ("Got a session objpath but couldn't construct session object!");
+ goto out;
+ }
+ if (!polkit_session_validate (session)) {
+ polkit_session_unref (session);
+ session = NULL;
+ goto out;
+ }
+
+not_in_session:
+
+ caller = polkit_caller_new ();
+ if (caller == NULL) {
+ if (session != NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ }
+ goto out;
+ }
+
+ if (!polkit_caller_set_uid (caller, uid)) {
+ if (session != NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ }
+ polkit_caller_unref (caller);
+ caller = NULL;
+ goto out;
+ }
+ if (!polkit_caller_set_pid (caller, pid)) {
+ if (session != NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ }
+ polkit_caller_unref (caller);
+ caller = NULL;
+ goto out;
+ }
+ if (selinux_context != NULL) {
+ if (!polkit_caller_set_selinux_context (caller, selinux_context)) {
+ if (session != NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ }
+ polkit_caller_unref (caller);
+ caller = NULL;
+ goto out;
+ }
+ }
+ if (session != NULL) {
+ if (!polkit_caller_set_ck_session (caller, session)) {
+ if (session != NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ }
+ polkit_caller_unref (caller);
+ caller = NULL;
+ goto out;
+ }
+ polkit_session_unref (session); /* caller object now own this object */
+ session = NULL;
+ }
+
+ if (!polkit_caller_validate (caller)) {
+ polkit_caller_unref (caller);
+ caller = NULL;
+ goto out;
+ }
+
+out:
+ g_free (selinux_context);
+ g_free (ck_session_objpath);
+ g_free (proc_path);
+ return caller;
+}
+
+static GSList *
+_get_list_of_sessions (DBusConnection *con, uid_t uid, DBusError *error)
+{
+ GSList *ret;
+ DBusMessage *message;
+ DBusMessage *reply;
+ DBusMessageIter iter;
+ DBusMessageIter iter_array;
+ const char *value;
+
+ ret = NULL;
+
+ message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
+ "/org/freedesktop/ConsoleKit/Manager",
+ "org.freedesktop.ConsoleKit.Manager",
+ "GetSessionsForUnixUser");
+ dbus_message_append_args (message, DBUS_TYPE_UINT32, &uid, DBUS_TYPE_INVALID);
+ reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
+ if (reply == NULL || dbus_error_is_set (error)) {
+ goto out;
+ }
+
+ dbus_message_iter_init (reply, &iter);
+ if (dbus_message_iter_get_arg_type (&iter) != DBUS_TYPE_ARRAY) {
+ g_warning ("Wrong reply from ConsoleKit (not an array)");
+ goto out;
+ }
+
+ dbus_message_iter_recurse (&iter, &iter_array);
+ while (dbus_message_iter_get_arg_type (&iter_array) != DBUS_TYPE_INVALID) {
+
+ if (dbus_message_iter_get_arg_type (&iter_array) != DBUS_TYPE_OBJECT_PATH) {
+ g_warning ("Wrong reply from ConsoleKit (element is not a string)");
+ g_slist_foreach (ret, (GFunc) g_free, NULL);
+ g_slist_free (ret);
+ goto out;
+ }
+
+ dbus_message_iter_get_basic (&iter_array, &value);
+ ret = g_slist_append (ret, g_strdup (value));
+
+ dbus_message_iter_next (&iter_array);
+ }
+
+out:
+ if (message != NULL)
+ dbus_message_unref (message);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ return ret;
+}
+
+static polkit_bool_t
+_polkit_is_authorization_relevant_internal (DBusConnection *con,
+ PolKitAuthorization *auth,
+ GSList *sessions,
+ DBusError *error)
+{
+ pid_t pid;
+ polkit_uint64_t pid_start_time;
+ polkit_bool_t ret;
+ polkit_bool_t del_sessions;
+ GSList *i;
+ uid_t uid;
+
+ g_return_val_if_fail (con != NULL, FALSE);
+ g_return_val_if_fail (auth != NULL, FALSE);
+ g_return_val_if_fail (error != NULL, FALSE);
+ g_return_val_if_fail (! dbus_error_is_set (error), FALSE);
+
+ ret = FALSE;
+
+ uid = polkit_authorization_get_uid (auth);
+
+ switch (polkit_authorization_get_scope (auth)) {
+ case POLKIT_AUTHORIZATION_SCOPE_PROCESS_ONE_SHOT:
+ case POLKIT_AUTHORIZATION_SCOPE_PROCESS:
+ if (!polkit_authorization_scope_process_get_pid (auth,
+ &pid,
+ &pid_start_time)) {
+ /* this should never fail */
+ g_warning ("Cannot determine (pid,start_time) for authorization");
+ goto out;
+ }
+ if (polkit_sysdeps_get_start_time_for_pid (pid) == pid_start_time) {
+ ret = TRUE;
+ goto out;
+ }
+ break;
+
+ case POLKIT_AUTHORIZATION_SCOPE_SESSION:
+ del_sessions = FALSE;
+ if (sessions == NULL) {
+ sessions = _get_list_of_sessions (con, uid, error);
+ del_sessions = TRUE;
+ }
+
+ for (i = sessions; i != NULL; i = i->next) {
+ char *session_id = i->data;
+ if (strcmp (session_id, polkit_authorization_scope_session_get_ck_objref (auth)) == 0) {
+ ret = TRUE;
+ break;
+ }
+ }
+
+ if (del_sessions) {
+ g_slist_foreach (sessions, (GFunc) g_free, NULL);
+ g_slist_free (sessions);
+ }
+ break;
+
+ case POLKIT_AUTHORIZATION_SCOPE_ALWAYS:
+ ret = TRUE;
+ break;
+ }
+
+out:
+ return ret;
+}
+
+/**
+ * polkit_is_authorization_relevant:
+ * @con: D-Bus system bus connection
+ * @auth: authorization to check for
+ * @error: return location for error
+ *
+ * As explicit authorizations are scoped (process single shot,
+ * process, session or everything), they become irrelevant once the
+ * entity (process or session) ceases to exist. This function
+ * determines whether the authorization is still relevant; it's useful
+ * for reporting and graphical tools displaying authorizations.
+ *
+ * Note that this may do blocking IO to check for session
+ * authorizations so it is best avoided if your process already
+ * tracks/caches all the information. You can use the
+ * polkit_tracker_is_authorization_relevant() method on the
+ * #PolKitTracker class for this.
+ *
+ * Returns: #TRUE if the authorization still applies, #FALSE if an
+ * error occurred (then error will be set) or if the entity the
+ * authorization refers to has gone out of scope.
+ *
+ * This function is in <literal>libpolkit-dbus</literal>.
+ *
+ * Since: 0.7
+ */
+polkit_bool_t
+polkit_is_authorization_relevant (DBusConnection *con, PolKitAuthorization *auth, DBusError *error)
+{
+ return _polkit_is_authorization_relevant_internal (con, auth, NULL, error);
+}
+
+/**
+ * PolKitTracker:
+ *
+ * Instances of this class are used to cache information about
+ * callers; typically this is used in scenarios where the same caller
+ * is calling into a mechanism multiple times.
+ *
+ * Thus, an application can use this class to get the #PolKitCaller
+ * object; the class will listen to both NameOwnerChanged and
+ * ActivityChanged signals from the message bus and update / retire
+ * the #PolKitCaller objects.
+ *
+ * An example of how to use #PolKitTracker is provided here. First, build the following program
+ *
+ * <programlisting><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../examples/tracker-example/tracker-example.c" parse="text"><xi:fallback>FIXME: MISSING XINCLUDE CONTENT</xi:fallback></xi:include></programlisting>
+ *
+ * with
+ *
+ * <programlisting>gcc -o tracker-example `pkg-config --cflags --libs dbus-glib-1 polkit-dbus` tracker-example.c</programlisting>
+ *
+ * Then put the following content
+ *
+ * <programlisting><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../examples/tracker-example/dk.fubar.PolKitTestService.conf" parse="text"><xi:fallback>FIXME: MISSING XINCLUDE CONTENT</xi:fallback></xi:include></programlisting>
+ *
+ * in the file <literal>/etc/dbus-1/system.d/dk.fubar.PolKitTestService.conf</literal>. Finally,
+ * create a small Python client like this
+ *
+ * <programlisting><xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="../../examples/tracker-example/tracker-example-client.py" parse="text"><xi:fallback>FIXME: MISSING XINCLUDE CONTENT</xi:fallback></xi:include></programlisting>
+ *
+ * as <literal>tracker-example-client.py</literal>. Now, run <literal>tracker-example</literal>
+ * in one window and <literal>tracker-example-client</literal> in another. The output of
+ * the former should look like this
+ *
+ *
+ * <programlisting>
+ * 18:20:00.414: PolKitCaller: refcount=1 dbus_name=:1.473 uid=500 pid=8636 selinux_context=system_u:system_r:unconfined_t
+ * 18:20:00.414: PolKitSession: refcount=1 uid=0 objpath=/org/freedesktop/ConsoleKit/Session1 is_active=1 is_local=1 remote_host=(null)
+ * 18:20:00.414: PolKitSeat: refcount=1 objpath=/org/freedesktop/ConsoleKit/Seat1
+ *
+ * 18:20:01.424: PolKitCaller: refcount=1 dbus_name=:1.473 uid=500 pid=8636 selinux_context=system_u:system_r:unconfined_t
+ * 18:20:01.424: PolKitSession: refcount=1 uid=0 objpath=/org/freedesktop/ConsoleKit/Session1 is_active=1 is_local=1 remote_host=(null)
+ * 18:20:01.424: PolKitSeat: refcount=1 objpath=/org/freedesktop/ConsoleKit/Seat1
+ *
+ * 18:20:02.434: PolKitCaller: refcount=1 dbus_name=:1.473 uid=500 pid=8636 selinux_context=system_u:system_r:unconfined_t
+ * 18:20:02.434: PolKitSession: refcount=1 uid=0 objpath=/org/freedesktop/ConsoleKit/Session1 is_active=0 is_local=1 remote_host=(null)
+ * 18:20:02.434: PolKitSeat: refcount=1 objpath=/org/freedesktop/ConsoleKit/Seat1
+ *
+ * 18:20:03.445: PolKitCaller: refcount=1 dbus_name=:1.473 uid=500 pid=8636 selinux_context=system_u:system_r:unconfined_t
+ * 18:20:03.445: PolKitSession: refcount=1 uid=0 objpath=/org/freedesktop/ConsoleKit/Session1 is_active=1 is_local=1 remote_host=(null)
+ * 18:20:03.445: PolKitSeat: refcount=1 objpath=/org/freedesktop/ConsoleKit/Seat1
+ * </programlisting>
+ *
+ * The point of the test program is simply to gather caller
+ * information about clients (the small Python program, you may launch
+ * multiple instances of it) that repeatedly calls into the D-Bus
+ * service; if one runs <literal>strace(1)</literal> in front of the
+ * test program one will notice that there is only syscall / IPC
+ * overhead (except for printing to stdout) on the first call from the
+ * client.
+ *
+ * The careful reader will notice that, during the testing session, we
+ * did a quick VT switch away from the session (and back) which is
+ * reflected in the output.
+ *
+ * These functions are in <literal>libpolkit-dbus</literal>.
+ **/
+struct _PolKitTracker {
+ int refcount;
+ DBusConnection *con;
+
+ GHashTable *dbus_name_to_caller;
+
+ GHashTable *pid_start_time_to_caller;
+};
+
+typedef struct {
+ pid_t pid;
+ polkit_uint64_t start_time;
+} _PidStartTimePair;
+
+static _PidStartTimePair *
+_pid_start_time_new (pid_t pid, polkit_uint64_t start_time)
+{
+ _PidStartTimePair *obj;
+ obj = g_new (_PidStartTimePair, 1);
+ obj->pid = pid;
+ obj->start_time = start_time;
+ return obj;
+}
+
+static guint
+_pid_start_time_hash (gconstpointer a)
+{
+ int val;
+ _PidStartTimePair *pst = (_PidStartTimePair *) a;
+
+ val = pst->pid + ((int) pst->start_time);
+
+ return g_int_hash (&val);
+}
+
+static gboolean
+_pid_start_time_equal (gconstpointer a, gconstpointer b)
+{
+ _PidStartTimePair *_a = (_PidStartTimePair *) a;
+ _PidStartTimePair *_b = (_PidStartTimePair *) b;
+
+ return (_a->pid == _b->pid) && (_a->start_time == _b->start_time);
+}
+
+/**
+ * polkit_tracker_new:
+ *
+ * Creates a new #PolKitTracker object.
+ *
+ * This function is in <literal>libpolkit-dbus</literal>.
+ *
+ * Returns: the new object
+ *
+ * Since: 0.7
+ **/
+PolKitTracker *
+polkit_tracker_new (void)
+{
+ PolKitTracker *pk_tracker;
+ pk_tracker = g_new0 (PolKitTracker, 1);
+ pk_tracker->refcount = 1;
+ pk_tracker->dbus_name_to_caller = g_hash_table_new_full (g_str_hash,
+ g_str_equal,
+ g_free,
+ (GDestroyNotify) polkit_caller_unref);
+ pk_tracker->pid_start_time_to_caller = g_hash_table_new_full (_pid_start_time_hash,
+ _pid_start_time_equal,
+ g_free,
+ (GDestroyNotify) polkit_caller_unref);
+ return pk_tracker;
+}
+
+/**
+ * polkit_tracker_ref:
+ * @pk_tracker: the tracker object
+ *
+ * Increase reference count.
+ *
+ * This function is in <literal>libpolkit-dbus</literal>.
+ *
+ * Returns: the object
+ *
+ * Since: 0.7
+ **/
+PolKitTracker *
+polkit_tracker_ref (PolKitTracker *pk_tracker)
+{
+ g_return_val_if_fail (pk_tracker != NULL, pk_tracker);
+ pk_tracker->refcount++;
+ return pk_tracker;
+}
+
+/**
+ * polkit_tracker_unref:
+ * @pk_tracker: the tracker object
+ *
+ * Decreases the reference count of the object. If it becomes zero,
+ * the object is freed. Before freeing, reference counts on embedded
+ * objects are decresed by one.
+ *
+ * This function is in <literal>libpolkit-dbus</literal>.
+ *
+ * Since: 0.7
+ **/
+void
+polkit_tracker_unref (PolKitTracker *pk_tracker)
+{
+ g_return_if_fail (pk_tracker != NULL);
+ pk_tracker->refcount--;
+ if (pk_tracker->refcount > 0)
+ return;
+ g_hash_table_destroy (pk_tracker->dbus_name_to_caller);
+ g_hash_table_destroy (pk_tracker->pid_start_time_to_caller);
+ dbus_connection_unref (pk_tracker->con);
+ g_free (pk_tracker);
+}
+
+/**
+ * polkit_tracker_set_system_bus_connection:
+ * @pk_tracker: the tracker object
+ * @con: the connection to the system message bus
+ *
+ * Tell the #PolKitTracker object to use the given D-Bus connection
+ * when it needs to fetch information from the system message bus and
+ * ConsoleKit services. This is used for priming the cache.
+ *
+ * This function is in <literal>libpolkit-dbus</literal>.
+ *
+ * Since: 0.7
+ */
+void
+polkit_tracker_set_system_bus_connection (PolKitTracker *pk_tracker, DBusConnection *con)
+{
+ g_return_if_fail (pk_tracker != NULL);
+ pk_tracker->con = dbus_connection_ref (con);
+}
+
+/**
+ * polkit_tracker_init:
+ * @pk_tracker: the tracker object
+ *
+ * Initialize the tracker.
+ *
+ * This function is in <literal>libpolkit-dbus</literal>.
+ *
+ * Since: 0.7
+ */
+void
+polkit_tracker_init (PolKitTracker *pk_tracker)
+{
+ g_return_if_fail (pk_tracker != NULL);
+ /* This is currently a no-op */
+}
+
+/*--------------------------------------------------------------------------------------------------------------*/
+
+static void
+_set_session_inactive_iter (gpointer key, PolKitCaller *caller, const char *session_objpath)
+{
+ char *objpath;
+ PolKitSession *session;
+ if (!polkit_caller_get_ck_session (caller, &session))
+ return;
+ if (!polkit_session_get_ck_objref (session, &objpath))
+ return;
+ if (strcmp (objpath, session_objpath) != 0)
+ return;
+ polkit_session_set_ck_is_active (session, FALSE);
+}
+
+static void
+_set_session_active_iter (gpointer key, PolKitCaller *caller, const char *session_objpath)
+{
+ char *objpath;
+ PolKitSession *session;
+ if (!polkit_caller_get_ck_session (caller, &session))
+ return;
+ if (!polkit_session_get_ck_objref (session, &objpath))
+ return;
+ if (strcmp (objpath, session_objpath) != 0)
+ return;
+ polkit_session_set_ck_is_active (session, TRUE);
+}
+
+static void
+_update_session_is_active (PolKitTracker *pk_tracker, const char *session_objpath, gboolean is_active)
+{
+ g_hash_table_foreach (pk_tracker->dbus_name_to_caller,
+ (GHFunc) (is_active ? _set_session_active_iter : _set_session_inactive_iter),
+ (gpointer) session_objpath);
+}
+
+/*--------------------------------------------------------------------------------------------------------------*/
+
+static gboolean
+_remove_caller_by_session_iter (gpointer key, PolKitCaller *caller, const char *session_objpath)
+{
+ char *objpath;
+ PolKitSession *session;
+ if (!polkit_caller_get_ck_session (caller, &session))
+ return FALSE;
+ if (!polkit_session_get_ck_objref (session, &objpath))
+ return FALSE;
+ if (strcmp (objpath, session_objpath) != 0)
+ return FALSE;
+ return TRUE;
+}
+
+static void
+_remove_caller_by_session (PolKitTracker *pk_tracker, const char *session_objpath)
+{
+ g_hash_table_foreach_remove (pk_tracker->dbus_name_to_caller,
+ (GHRFunc) _remove_caller_by_session_iter,
+ (gpointer) session_objpath);
+}
+
+/*--------------------------------------------------------------------------------------------------------------*/
+
+static gboolean
+_remove_caller_by_dbus_name_iter (gpointer key, PolKitCaller *caller, const char *dbus_name)
+{
+ char *name;
+ if (!polkit_caller_get_dbus_name (caller, &name))
+ return FALSE;
+ if (strcmp (name, dbus_name) != 0)
+ return FALSE;
+ return TRUE;
+}
+
+static void
+_remove_caller_by_dbus_name (PolKitTracker *pk_tracker, const char *dbus_name)
+{
+ g_hash_table_foreach_remove (pk_tracker->dbus_name_to_caller,
+ (GHRFunc) _remove_caller_by_dbus_name_iter,
+ (gpointer) dbus_name);
+}
+
+/*--------------------------------------------------------------------------------------------------------------*/
+
+/**
+ * polkit_tracker_dbus_func:
+ * @pk_tracker: the tracker object
+ * @message: message to pass
+ *
+ * The owner of the #PolKitTracker object must pass signals from the
+ * system message bus (just NameOwnerChanged will do) and all signals
+ * from the ConsoleKit service into this function.
+ *
+ * This function is in <literal>libpolkit-dbus</literal>.
+ *
+ * Returns: #TRUE only if there was a change in the ConsoleKit database.
+ *
+ * Since: 0.7
+ */
+polkit_bool_t
+polkit_tracker_dbus_func (PolKitTracker *pk_tracker, DBusMessage *message)
+{
+ gboolean ret;
+
+ ret = FALSE;
+
+ if (dbus_message_is_signal (message, DBUS_INTERFACE_DBUS, "NameOwnerChanged")) {
+ char *name;
+ char *new_service_name;
+ char *old_service_name;
+
+ if (!dbus_message_get_args (message, NULL,
+ DBUS_TYPE_STRING, &name,
+ DBUS_TYPE_STRING, &old_service_name,
+ DBUS_TYPE_STRING, &new_service_name,
+ DBUS_TYPE_INVALID)) {
+
+ /* TODO: should be _pk_critical */
+ _pk_debug ("The NameOwnerChanged signal on the " DBUS_INTERFACE_DBUS " "
+ "interface has the wrong signature! Your system is misconfigured.");
+ goto out;
+ }
+
+ if (strlen (new_service_name) == 0) {
+ _remove_caller_by_dbus_name (pk_tracker, name);
+ }
+
+ } else if (dbus_message_is_signal (message, "org.freedesktop.ConsoleKit.Session", "ActiveChanged")) {
+ dbus_bool_t is_active;
+ DBusError error;
+ const char *session_objpath;
+
+ ret = TRUE;
+
+ dbus_error_init (&error);
+ session_objpath = dbus_message_get_path (message);
+ if (!dbus_message_get_args (message, &error,
+ DBUS_TYPE_BOOLEAN, &is_active,
+ DBUS_TYPE_INVALID)) {
+
+ /* TODO: should be _pk_critical */
+ g_warning ("The ActiveChanged signal on the org.freedesktop.ConsoleKit.Session "
+ "interface for object %s has the wrong signature! "
+ "Your system is misconfigured.", session_objpath);
+
+ /* as a security measure, remove all sessions with this path from the cache;
+ * cuz then the user of PolKitTracker probably gets to deal with a DBusError
+ * the next time he tries something...
+ */
+ _remove_caller_by_session (pk_tracker, session_objpath);
+ goto out;
+ }
+
+ /* now go through all Caller objects and update the is_active field as appropriate */
+ _update_session_is_active (pk_tracker, session_objpath, is_active);
+
+ } else if (dbus_message_is_signal (message, "org.freedesktop.ConsoleKit.Seat", "SessionAdded")) {
+ DBusError error;
+ const char *seat_objpath;
+ const char *session_objpath;
+
+ /* If a session is added, update our list of sessions.. also notify the user.. */
+
+ ret = TRUE;
+
+ dbus_error_init (&error);
+ seat_objpath = dbus_message_get_path (message);
+ if (!dbus_message_get_args (message, &error,
+ DBUS_TYPE_STRING, &session_objpath,
+ DBUS_TYPE_INVALID)) {
+
+ /* TODO: should be _pk_critical */
+ g_warning ("The SessionAdded signal on the org.freedesktop.ConsoleKit.Seat "
+ "interface for object %s has the wrong signature! "
+ "Your system is misconfigured.", seat_objpath);
+
+ goto out;
+ }
+
+ /* TODO: add to sessions - see polkit_tracker_is_authorization_relevant() */
+
+ } else if (dbus_message_is_signal (message, "org.freedesktop.ConsoleKit.Seat", "SessionRemoved")) {
+ DBusError error;
+ const char *seat_objpath;
+ const char *session_objpath;
+
+ /* If a session is removed, authorizations scoped for that session
+ * may become inactive.. so do notify the user about it..
+ */
+
+ ret = TRUE;
+
+ dbus_error_init (&error);
+ seat_objpath = dbus_message_get_path (message);
+ if (!dbus_message_get_args (message, &error,
+ DBUS_TYPE_STRING, &session_objpath,
+ DBUS_TYPE_INVALID)) {
+
+ /* TODO: should be _pk_critical */
+ g_warning ("The SessionRemoved signal on the org.freedesktop.ConsoleKit.Seat "
+ "interface for object %s has the wrong signature! "
+ "Your system is misconfigured.", seat_objpath);
+
+ goto out;
+ }
+
+ _remove_caller_by_session (pk_tracker, session_objpath);
+
+ /* TODO: remove from sessions - see polkit_tracker_is_authorization_relevant() */
+ }
+
+ /* TODO: when ConsoleKit gains the ability to attach/detach a session to a seat (think
+ * hot-desking), we want to update our local caches too
+ */
+
+out:
+ return ret;
+}
+
+/**
+ * polkit_tracker_get_caller_from_dbus_name:
+ * @pk_tracker: the tracker object
+ * @dbus_name: unique name on the system message bus
+ * @error: D-Bus error
+ *
+ * This function is similar to polkit_caller_new_from_dbus_name()
+ * except that it uses the cache in #PolKitTracker. So on the second
+ * and subsequent calls, for the same D-Bus name, there will be no
+ * syscall or IPC overhead in calling this function.
+ *
+ * Returns: A #PolKitCaller object; the caller must use
+ * polkit_caller_unref() on the object when done with it. Returns
+ * #NULL if an error occured (in which case error will be set).
+ *
+ * This function is in <literal>libpolkit-dbus</literal>.
+ *
+ * Since: 0.7
+ */
+PolKitCaller *
+polkit_tracker_get_caller_from_dbus_name (PolKitTracker *pk_tracker, const char *dbus_name, DBusError *error)
+{
+ PolKitCaller *caller;
+
+ g_return_val_if_fail (pk_tracker != NULL, NULL);
+ g_return_val_if_fail (pk_tracker->con != NULL, NULL);
+ g_return_val_if_fail (! dbus_error_is_set (error), NULL);
+
+ /* g_debug ("Looking up cache for PolKitCaller for dbus_name %s...", dbus_name); */
+
+ caller = g_hash_table_lookup (pk_tracker->dbus_name_to_caller, dbus_name);
+ if (caller != NULL)
+ return polkit_caller_ref (caller);
+
+ /* g_debug ("Have to compute PolKitCaller for dbus_name %s...", dbus_name); */
+
+ caller = polkit_caller_new_from_dbus_name (pk_tracker->con, dbus_name, error);
+ if (caller == NULL)
+ return NULL;
+
+ g_hash_table_insert (pk_tracker->dbus_name_to_caller, g_strdup (dbus_name), caller);
+ return polkit_caller_ref (caller);
+}
+
+
+/**
+ * polkit_tracker_get_caller_from_pid:
+ * @pk_tracker: the tracker object
+ * @pid: UNIX process id to look at
+ * @error: D-Bus error
+ *
+ * This function is similar to polkit_caller_new_from_pid()
+ * except that it uses the cache in #PolKitTracker. So on the second
+ * and subsequent calls, for the same D-Bus name, there will be no
+ * IPC overhead in calling this function.
+ *
+ * There will be some syscall overhead to lookup the time when the
+ * given process is started (on Linux, looking up /proc/$pid/stat);
+ * this is needed because pid's can be recycled and the cache thus
+ * needs to record this in addition to the pid.
+ *
+ * Returns: A #PolKitCaller object; the caller must use
+ * polkit_caller_unref() on the object when done with it. Returns
+ * #NULL if an error occured (in which case error will be set).
+ *
+ * This function is in <literal>libpolkit-dbus</literal>.
+ *
+ * Since: 0.7
+ */
+PolKitCaller *
+polkit_tracker_get_caller_from_pid (PolKitTracker *pk_tracker, pid_t pid, DBusError *error)
+{
+ PolKitCaller *caller;
+ polkit_uint64_t start_time;
+ _PidStartTimePair *pst;
+
+ g_return_val_if_fail (pk_tracker != NULL, NULL);
+ g_return_val_if_fail (pk_tracker->con != NULL, NULL);
+ g_return_val_if_fail (! dbus_error_is_set (error), NULL);
+
+ start_time = polkit_sysdeps_get_start_time_for_pid (pid);
+ if (start_time == 0) {
+ if (error != NULL) {
+ dbus_set_error (error,
+ "org.freedesktop.PolicyKit",
+ "Cannot look up start time for pid %d", pid);
+ }
+ return NULL;
+ }
+
+ pst = _pid_start_time_new (pid, start_time);
+
+ /* g_debug ("Looking up cache for pid %d (start_time %lld)...", pid, start_time); */
+
+ caller = g_hash_table_lookup (pk_tracker->pid_start_time_to_caller, pst);
+ if (caller != NULL) {
+ g_free (pst);
+ return polkit_caller_ref (caller);
+ }
+
+ /* g_debug ("Have to compute PolKitCaller from pid %d (start_time %lld)...", pid, start_time); */
+
+ caller = polkit_caller_new_from_pid (pk_tracker->con, pid, error);
+ if (caller == NULL) {
+ g_free (pst);
+ return NULL;
+ }
+
+ /* TODO: we need to evict old entries..
+ *
+ * Say, timestamp the entries in _PidStartTimePair and do
+ * garbage collection every hour or so (e.g. record when we
+ * last did garbage collection and check this time on the next
+ * call into this function).
+ */
+
+ g_hash_table_insert (pk_tracker->pid_start_time_to_caller, pst, caller);
+ return polkit_caller_ref (caller);
+}
+
+
+/**
+ * polkit_tracker_is_authorization_relevant:
+ * @pk_tracker: the tracker
+ * @auth: authorization to check for
+ * @error: return location for error
+ *
+ * As explicit authorizations are scoped (process single shot,
+ * process, session or everything), they become irrelevant once the
+ * entity (process or session) ceases to exist. This function
+ * determines whether the authorization is still relevant; it's useful
+ * for reporting and graphical tools displaying authorizations.
+ *
+ * This function is similar to polkit_is_authorization_relevant() only
+ * that it avoids IPC overhead on the 2nd and subsequent calls when
+ * checking authorizations scoped for a session.
+ *
+ * Returns: #TRUE if the authorization still applies, #FALSE if an
+ * error occurred (then error will be set) or if the entity the
+ * authorization refers to has gone out of scope.
+ *
+ * This function is in <literal>libpolkit-dbus</literal>.
+ *
+ * Since: 0.7
+ */
+polkit_bool_t
+polkit_tracker_is_authorization_relevant (PolKitTracker *pk_tracker, PolKitAuthorization *auth, DBusError *error)
+{
+
+ g_return_val_if_fail (pk_tracker != NULL, FALSE);
+ g_return_val_if_fail (pk_tracker->con != NULL, FALSE);
+ g_return_val_if_fail (! dbus_error_is_set (error), FALSE);
+
+ /* TODO: optimize... in order to do this sanely we need CK's Manager object to export
+ * a method GetAllSessions() - otherwise we'd need to key off every uid.
+ *
+ * It's no biggie we don't have this optimization yet.. it's only used by polkit-auth(1)
+ * and the GNOME utility for managing authorizations.
+ */
+ return _polkit_is_authorization_relevant_internal (pk_tracker->con, auth, NULL, error);
+}
diff --git a/src/polkit-dbus/polkit-dbus.h b/src/polkit-dbus/polkit-dbus.h
new file mode 100644
index 0000000..98f2353
--- /dev/null
+++ b/src/polkit-dbus/polkit-dbus.h
@@ -0,0 +1,66 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-dbus.h : helper library for obtaining seat, session and
+ * caller information via D-Bus and ConsoleKit
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#ifndef POLKIT_DBUS_H
+#define POLKIT_DBUS_H
+
+#include <polkit/polkit.h>
+#include <dbus/dbus.h>
+
+POLKIT_BEGIN_DECLS
+
+PolKitSession *polkit_session_new_from_objpath (DBusConnection *con, const char *objpath, uid_t uid, DBusError *error);
+PolKitSession *polkit_session_new_from_cookie (DBusConnection *con, const char *cookie, DBusError *error);
+
+PolKitCaller *polkit_caller_new_from_dbus_name (DBusConnection *con, const char *dbus_name, DBusError *error);
+
+PolKitCaller *polkit_caller_new_from_pid (DBusConnection *con, pid_t pid, DBusError *error);
+
+polkit_bool_t polkit_is_authorization_relevant (DBusConnection *con, PolKitAuthorization *auth, DBusError *error);
+
+
+struct _PolKitTracker;
+typedef struct _PolKitTracker PolKitTracker;
+
+PolKitTracker *polkit_tracker_new (void);
+PolKitTracker *polkit_tracker_ref (PolKitTracker *pk_tracker);
+void polkit_tracker_unref (PolKitTracker *pk_tracker);
+void polkit_tracker_set_system_bus_connection (PolKitTracker *pk_tracker, DBusConnection *con);
+void polkit_tracker_init (PolKitTracker *pk_tracker);
+
+polkit_bool_t polkit_tracker_dbus_func (PolKitTracker *pk_tracker, DBusMessage *message);
+
+PolKitCaller *polkit_tracker_get_caller_from_dbus_name (PolKitTracker *pk_tracker, const char *dbus_name, DBusError *error);
+
+PolKitCaller *polkit_tracker_get_caller_from_pid (PolKitTracker *pk_tracker, pid_t pid, DBusError *error);
+
+polkit_bool_t polkit_tracker_is_authorization_relevant (PolKitTracker *pk_tracker, PolKitAuthorization *auth, DBusError *error);
+
+POLKIT_END_DECLS
+
+#endif /* POLKIT_DBUS_H */
+
+
diff --git a/src/polkit-dbus/polkit-read-auth-helper.c b/src/polkit-dbus/polkit-read-auth-helper.c
new file mode 100644
index 0000000..3a067d9
--- /dev/null
+++ b/src/polkit-dbus/polkit-read-auth-helper.c
@@ -0,0 +1,471 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-read-auth-helper.c : setgid polkituser helper for PolicyKit
+ * to read authorizations
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#define _GNU_SOURCE
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <security/pam_appl.h>
+#include <grp.h>
+#include <pwd.h>
+#include <syslog.h>
+#include <errno.h>
+#include <string.h>
+#include <utime.h>
+#include <fcntl.h>
+#include <dirent.h>
+
+#include <polkit-dbus/polkit-dbus.h>
+
+/* This is a bit incestuous; we are, effectively, calling into
+ * ourselves.. it's safe though; this function will never get hit..
+ */
+static polkit_bool_t
+check_for_auth (uid_t caller_uid, pid_t caller_pid)
+{
+ polkit_bool_t ret;
+ DBusError error;
+ DBusConnection *bus;
+ PolKitCaller *caller;
+ PolKitAction *action;
+ PolKitContext *context;
+ PolKitError *pk_error;
+ PolKitResult pk_result;
+
+ ret = FALSE;
+
+ dbus_error_init (&error);
+ bus = dbus_bus_get (DBUS_BUS_SYSTEM, &error);
+ if (bus == NULL) {
+ fprintf (stderr, "polkit-read-auth-helper: cannot connect to system bus: %s: %s\n",
+ error.name, error.message);
+ dbus_error_free (&error);
+ goto out;
+ }
+
+ caller = polkit_caller_new_from_pid (bus, caller_pid, &error);
+ if (caller == NULL) {
+ fprintf (stderr, "polkit-read-auth-helper: cannot get caller from pid: %s: %s\n",
+ error.name, error.message);
+ goto out;
+ }
+
+ action = polkit_action_new ();
+ if (action == NULL) {
+ fprintf (stderr, "polkit-read-auth-helper: cannot allocate PolKitAction\n");
+ goto out;
+ }
+ if (!polkit_action_set_action_id (action, "org.freedesktop.policykit.read")) {
+ fprintf (stderr, "polkit-read-auth-helper: cannot set action_id\n");
+ goto out;
+ }
+
+ context = polkit_context_new ();
+ if (context == NULL) {
+ fprintf (stderr, "polkit-read-auth-helper: cannot allocate PolKitContext\n");
+ goto out;
+ }
+
+ pk_error = NULL;
+ if (!polkit_context_init (context, &pk_error)) {
+ fprintf (stderr, "polkit-read-auth-helper: cannot initialize polkit context: %s: %s\n",
+ polkit_error_get_error_name (pk_error),
+ polkit_error_get_error_message (pk_error));
+ polkit_error_free (pk_error);
+ goto out;
+ }
+
+ pk_result = polkit_context_is_caller_authorized (context, action, caller, FALSE, &pk_error);
+ if (polkit_error_is_set (pk_error)) {
+
+ if (polkit_error_get_error_code (pk_error) ==
+ POLKIT_ERROR_NOT_AUTHORIZED_TO_READ_AUTHORIZATIONS_FOR_OTHER_USERS) {
+ polkit_error_free (pk_error);
+ pk_error = NULL;
+ } else {
+ fprintf (stderr, "polkit-read-auth-helper: cannot determine if caller is authorized: %s: %s\n",
+ polkit_error_get_error_name (pk_error),
+ polkit_error_get_error_message (pk_error));
+ polkit_error_free (pk_error);
+ goto out;
+ }
+ }
+
+ if (pk_result != POLKIT_RESULT_YES) {
+ /* having 'grant' (which is a lot more powerful) is also sufficient.. this is because 'read'
+ * is required to 'grant' (to check if there's a similar authorization already)
+ */
+ if (!polkit_action_set_action_id (action, "org.freedesktop.policykit.grant")) {
+ fprintf (stderr, "polkit-read-auth-helper: cannot set action_id\n");
+ goto out;
+ }
+
+ pk_result = polkit_context_is_caller_authorized (context, action, caller, FALSE, &pk_error);
+ if (polkit_error_is_set (pk_error)) {
+ fprintf (stderr, "polkit-read-auth-helper: cannot determine if caller is authorized: %s: %s\n",
+ polkit_error_get_error_name (pk_error),
+ polkit_error_get_error_message (pk_error));
+ polkit_error_free (pk_error);
+ goto out;
+ }
+
+ if (pk_result != POLKIT_RESULT_YES) {
+ goto out;
+ }
+ }
+
+ ret = TRUE;
+out:
+
+ return ret;
+}
+
+static polkit_bool_t
+dump_auths_from_file (const char *path, uid_t uid)
+{
+ int ret;
+ int fd;
+ char buf[256];
+ struct stat statbuf;
+ ssize_t num_bytes_read;
+ ssize_t num_bytes_to_read;
+ ssize_t num_bytes_remaining_to_read;
+ ssize_t num_bytes_to_write;
+ ssize_t num_bytes_written;
+ ssize_t num_bytes_remaining_to_write;
+ polkit_bool_t have_written_uid;
+
+ ret = FALSE;
+
+ if (stat (path, &statbuf) != 0) {
+ /* this is fine; the file does not have to exist.. */
+ if (errno == ENOENT) {
+ ret = TRUE;
+ goto out;
+ }
+ fprintf (stderr, "polkit-read-auth-helper: cannot stat %s: %m\n", path);
+ goto out;
+ }
+
+ fd = open (path, O_RDONLY);
+ if (fd < 0) {
+ fprintf (stderr, "polkit-read-auth-helper: cannot open %s: %m\n", path);
+ goto out;
+ }
+
+ num_bytes_remaining_to_read = statbuf.st_size;
+
+ have_written_uid = FALSE;
+ while (num_bytes_remaining_to_read > 0) {
+
+ /* start with writing the uid - this is necessary when dumping all authorizations via uid=1 */
+ if (!have_written_uid) {
+ have_written_uid = TRUE;
+ snprintf (buf, sizeof (buf), "#uid=%d\n", uid);
+ num_bytes_read = strlen (buf);
+ } else {
+
+ if (num_bytes_remaining_to_read > (ssize_t) sizeof (buf))
+ num_bytes_to_read = (ssize_t) sizeof (buf);
+ else
+ num_bytes_to_read = num_bytes_remaining_to_read;
+
+ again:
+ num_bytes_read = read (fd, buf, num_bytes_to_read);
+ if (num_bytes_read == -1) {
+ if (errno == EAGAIN || errno == EINTR) {
+ goto again;
+ } else {
+ fprintf (stderr, "polkit-read-auth-helper: error reading file %s: %m\n", path);
+ close (fd);
+ goto out;
+ }
+ }
+
+ num_bytes_remaining_to_read -= num_bytes_read;
+ }
+
+ /* write to stdout */
+ num_bytes_to_write = num_bytes_read;
+ num_bytes_remaining_to_write = num_bytes_read;
+
+ while (num_bytes_remaining_to_write > 0) {
+ again_write:
+ num_bytes_written = write (STDOUT_FILENO,
+ buf + (num_bytes_to_write - num_bytes_remaining_to_write),
+ num_bytes_remaining_to_write);
+ if (num_bytes_written == -1) {
+ if (errno == EAGAIN || errno == EINTR) {
+ goto again_write;
+ } else {
+ fprintf (stderr, "polkit-read-auth-helper: error writing to stdout: %m\n");
+ close (fd);
+ goto out;
+ }
+ }
+
+ num_bytes_remaining_to_write -= num_bytes_written;
+ }
+
+ }
+
+
+ close (fd);
+
+ ret = TRUE;
+
+out:
+ return ret;
+}
+
+static polkit_bool_t
+dump_auths_all (const char *root)
+{
+ DIR *dir;
+ int dfd;
+ struct dirent64 *d;
+ polkit_bool_t ret;
+
+ ret = FALSE;
+
+ dir = opendir (root);
+ if (dir == NULL) {
+ fprintf (stderr, "polkit-read-auth-helper: error calling opendir on %s: %m\n", root);
+ goto out;
+ }
+
+ dfd = dirfd (dir);
+ if (dfd == -1) {
+ fprintf (stderr, "polkit-read-auth-helper: error calling dirfd(): %m\n");
+ goto out;
+ }
+
+ while ((d = readdir64(dir)) != NULL) {
+ unsigned int n, m;
+ uid_t uid;
+ size_t name_len;
+ char *filename;
+ char username[PATH_MAX];
+ char path[PATH_MAX];
+ static const char suffix[] = ".auths";
+ struct passwd *pw;
+
+ if (d->d_type != DT_REG)
+ continue;
+
+ if (d->d_name == NULL)
+ continue;
+
+ filename = d->d_name;
+ name_len = strlen (filename);
+ if (name_len < sizeof (suffix))
+ continue;
+
+ if (strcmp ((filename + name_len - sizeof (suffix) + 1), suffix) != 0)
+ continue;
+
+ /* find the user name.. */
+ for (n = 0; n < name_len; n++) {
+ if (filename[n] == '-')
+ break;
+ }
+ if (filename[n] == '\0') {
+ fprintf (stderr, "polkit-read-auth-helper: file name '%s' is malformed (1)\n", filename);
+ continue;
+ }
+ n++;
+ m = n;
+ for ( ; n < name_len; n++) {
+ if (filename[n] == '.')
+ break;
+ }
+
+ if (filename[n] == '\0') {
+ fprintf (stderr, "polkit-read-auth-helper: file name '%s' is malformed (2)\n", filename);
+ continue;
+ }
+ if (n - m > sizeof (username) - 1) {
+ fprintf (stderr, "polkit-read-auth-helper: file name '%s' is malformed (3)\n", filename);
+ continue;
+ }
+ strncpy (username, filename + m, n - m);
+ username[n - m] = '\0';
+
+ pw = getpwnam (username);
+ if (pw == NULL) {
+ fprintf (stderr, "polkit-read-auth-helper: cannot look up uid for username %s\n", username);
+ continue;
+ }
+ uid = pw->pw_uid;
+
+ if (snprintf (path, sizeof (path), "%s/%s", root, filename) >= (int) sizeof (path)) {
+ fprintf (stderr, "polkit-read-auth-helper: string was truncated (1)\n");
+ goto out;
+ }
+
+ if (!dump_auths_from_file (path, uid))
+ goto out;
+ }
+
+ ret = TRUE;
+
+out:
+ if (dir != NULL)
+ closedir(dir);
+ return ret;
+}
+
+static polkit_bool_t
+dump_auths_for_uid (const char *root, uid_t uid)
+{
+ char path[256];
+ struct passwd *pw;
+
+ pw = getpwuid (uid);
+ if (pw == NULL) {
+ fprintf (stderr, "polkit-read-auth-helper: cannot lookup user name for uid %d\n", uid);
+ return FALSE;
+ }
+
+ if (snprintf (path, sizeof (path), "%s/user-%s.auths", root, pw->pw_name) >= (int) sizeof (path)) {
+ fprintf (stderr, "polkit-read-auth-helper: string was truncated (1)\n");
+ return FALSE;
+ }
+
+ return dump_auths_from_file (path, uid);
+}
+
+
+int
+main (int argc, char *argv[])
+{
+ int ret;
+ gid_t egid;
+ struct group *group;
+ uid_t caller_uid;
+ uid_t requesting_info_for_uid;
+ char *endp;
+ struct passwd *pw;
+ uid_t uid_for_polkit_user;
+
+ ret = 1;
+ /* clear the entire environment to avoid attacks using with libraries honoring environment variables */
+ //if (clearenv () != 0)
+ // goto out;
+ /* set a minimal environment */
+ //setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
+
+ openlog ("polkit-read-auth-helper", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
+
+ /* check for correct invocation */
+ if (argc != 2) {
+ syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
+ fprintf (stderr, "polkit-read-auth-helper: wrong number of arguments. This incident has been logged.\n");
+ goto out;
+ }
+
+ caller_uid = getuid ();
+
+ /* check we're running with a non-tty stdin */
+ if (isatty (STDIN_FILENO) != 0) {
+ syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ());
+ fprintf (stderr, "polkit-read-auth-helper: inappropriate use of helper, stdin is a tty. This incident has been logged.\n");
+ goto out;
+ }
+
+ /* check that we are setgid polkituser */
+ egid = getegid ();
+ group = getgrgid (egid);
+ if (group == NULL) {
+ fprintf (stderr, "polkit-read-auth-helper: cannot lookup group info for gid %d\n", egid);
+ goto out;
+ }
+ if (strcmp (group->gr_name, POLKIT_GROUP) != 0) {
+ fprintf (stderr, "polkit-read-auth-helper: needs to be setgid " POLKIT_GROUP "\n");
+ goto out;
+ }
+
+ pw = getpwnam (POLKIT_USER);
+ if (pw == NULL) {
+ fprintf (stderr, "polkit-read-auth-helper: cannot lookup uid for " POLKIT_USER "\n");
+ goto out;
+ }
+ uid_for_polkit_user = pw->pw_uid;
+
+ /*----------------------------------------------------------------------------------------------------*/
+
+ requesting_info_for_uid = strtoul (argv[1], &endp, 10);
+ if (*endp != '\0') {
+ fprintf (stderr, "polkit-read-auth-helper: requesting_info_for_uid malformed (3)\n");
+ goto out;
+ }
+
+ /* uid 0 and user polkituser is allowed to read anything */
+ if (caller_uid != 0 && caller_uid != uid_for_polkit_user) {
+ if (caller_uid != requesting_info_for_uid) {
+
+ /* see if calling user has the
+ *
+ * org.freedesktop.policykit.read
+ *
+ * authorization
+ */
+ if (!check_for_auth (caller_uid, getppid ())) {
+ //fprintf (stderr,
+ // "polkit-read-auth-helper: uid %d cannot read authorizations for uid %d.\n",
+ // caller_uid,
+ // requesting_info_for_uid);
+ goto out;
+ }
+ }
+ }
+
+ if (requesting_info_for_uid == (uid_t) -1) {
+ if (!dump_auths_all (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit"))
+ goto out;
+
+ if (!dump_auths_all (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit"))
+ goto out;
+ } else {
+ if (!dump_auths_for_uid (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit", requesting_info_for_uid))
+ goto out;
+
+ if (!dump_auths_for_uid (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit", requesting_info_for_uid))
+ goto out;
+ }
+
+ ret = 0;
+
+out:
+ return ret;
+}
+
diff --git a/src/polkit-grant/Makefile.am b/src/polkit-grant/Makefile.am
new file mode 100644
index 0000000..05a2ee5
--- /dev/null
+++ b/src/polkit-grant/Makefile.am
@@ -0,0 +1,89 @@
+## Process this file with automake to produce Makefile.in
+
+INCLUDES = \
+ -I$(top_builddir) -I$(top_srcdir) \
+ -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
+ -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
+ -DPACKAGE_DATA_DIR=\""$(datadir)"\" \
+ -DPACKAGE_BIN_DIR=\""$(bindir)"\" \
+ -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \
+ -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \
+ -DPACKAGE_LIB_DIR=\""$(libdir)"\" \
+ -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \
+ -DPOLKIT_COMPILATION \
+ @GLIB_CFLAGS@ @DBUS_CFLAGS@
+
+lib_LTLIBRARIES=libpolkit-grant.la
+
+libpolkit_grantincludedir=$(includedir)/PolicyKit/polkit-grant
+
+libpolkit_grantinclude_HEADERS = \
+ polkit-grant.h
+
+libpolkit_grant_la_SOURCES = \
+ polkit-grant.h polkit-grant.c
+
+
+if POLKIT_AUTHDB_DUMMY
+libpolkit_grant_la_SOURCES += polkit-authorization-db-dummy-write.c
+endif
+
+if POLKIT_AUTHDB_DEFAULT
+libpolkit_grant_la_SOURCES += polkit-authorization-db-write.c
+endif
+
+libpolkit_grant_la_LIBADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/polkit/libpolkit.la
+
+libpolkit_grant_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
+
+# Only if the authdb backend has the capability POLKIT_AUTHORIZATION_DB_CAPABILITY_CAN_OBTAIN
+# then the backend must supply the /usr/libexec/polkit-grant-helper program.. also remember to
+# adjust the PAM stuff in data/Makefile.am
+#
+if POLKIT_AUTHDB_DEFAULT
+libexec_PROGRAMS = polkit-grant-helper polkit-grant-helper-pam polkit-explicit-grant-helper polkit-revoke-helper
+
+polkit_grant_helper_SOURCES = polkit-grant-helper.c
+polkit_grant_helper_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/polkit/libpolkit.la $(top_builddir)/polkit-dbus/libpolkit-dbus.la $(top_builddir)/polkit-grant/libpolkit-grant.la
+
+polkit_grant_helper_pam_SOURCES = polkit-grant-helper-pam.c
+polkit_grant_helper_pam_LDADD = @AUTH_LIBS@
+
+polkit_explicit_grant_helper_SOURCES = polkit-explicit-grant-helper.c
+polkit_explicit_grant_helper_CFLAGS = @DBUS_CFLAGS@
+polkit_explicit_grant_helper_LDADD = $(top_builddir)/polkit/libpolkit.la $(top_builddir)/polkit-dbus/libpolkit-dbus.la $(top_builddir)/polkit-grant/libpolkit-grant.la
+
+polkit_revoke_helper_SOURCES = polkit-revoke-helper.c
+polkit_revoke_helper_CFLAGS = @DBUS_CFLAGS@
+polkit_revoke_helper_LDADD = $(top_builddir)/polkit/libpolkit.la $(top_builddir)/polkit-dbus/libpolkit-dbus.la
+
+# polkit-grant-helper needs to be setgid polkituser to be able to
+# write cookies to /var/lib/PolicyKit and /var/run/PolicyKit
+#
+# polkit-grant-helper-pam need to be setuid root because it's used to
+# authenticate not only the invoking user, but possibly also root
+# and/or other users. As only polkit-grant-helper will invoke it
+# we make it owned by the polkitiuser group and non-readable /
+# non-executable to the world
+#
+# polkit-explicit-grant-helper needs to be setgid $POLKIT_GROUP to be
+# able to edit authorization files in /var/lib/PolicyKit and
+# /var/run/PolicyKit
+#
+# polkit-revoke-helper needs to be setgid $POLKIT_GROUP to be able to
+# edit authorization files in /var/lib/PolicyKit and
+# /var/run/PolicyKit
+#
+install-exec-hook:
+ -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-grant-helper
+ -chmod 2755 $(DESTDIR)$(libexecdir)/polkit-grant-helper
+ -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-grant-helper-pam
+ -chmod 4750 $(DESTDIR)$(libexecdir)/polkit-grant-helper-pam
+ -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-explicit-grant-helper
+ -chmod 2755 $(DESTDIR)$(libexecdir)/polkit-explicit-grant-helper
+ -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-revoke-helper
+ -chmod 2755 $(DESTDIR)$(libexecdir)/polkit-revoke-helper
+endif
+
+clean-local :
+ rm -f *~ $(BUILT_SOURCES)
diff --git a/src/polkit-grant/polkit-authorization-db-dummy-write.c b/src/polkit-grant/polkit-authorization-db-dummy-write.c
new file mode 100644
index 0000000..9852da1
--- /dev/null
+++ b/src/polkit-grant/polkit-authorization-db-dummy-write.c
@@ -0,0 +1,96 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-authorization-db.c : Dummy authorization database
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/wait.h>
+#include <errno.h>
+#include <string.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <pwd.h>
+
+#include <glib.h>
+
+#include <polkit/polkit-debug.h>
+#include <polkit/polkit-authorization-db.h>
+#include <polkit/polkit-utils.h>
+#include <polkit/polkit-private.h>
+
+/* PolKitAuthorizationDB structure is defined in polkit/polkit-private.h */
+
+polkit_bool_t
+polkit_authorization_db_add_entry_process_one_shot (PolKitAuthorizationDB *authdb,
+ PolKitAction *action,
+ PolKitCaller *caller,
+ uid_t user_authenticated_as)
+{
+ return FALSE;
+}
+
+polkit_bool_t
+polkit_authorization_db_add_entry_process (PolKitAuthorizationDB *authdb,
+ PolKitAction *action,
+ PolKitCaller *caller,
+ uid_t user_authenticated_as)
+{
+ return FALSE;
+}
+
+polkit_bool_t
+polkit_authorization_db_add_entry_session (PolKitAuthorizationDB *authdb,
+ PolKitAction *action,
+ PolKitCaller *caller,
+ uid_t user_authenticated_as)
+{
+ return FALSE;
+}
+
+polkit_bool_t
+polkit_authorization_db_add_entry_always (PolKitAuthorizationDB *authdb,
+ PolKitAction *action,
+ PolKitCaller *caller,
+ uid_t user_authenticated_as)
+{
+ return FALSE;
+}
+
+polkit_bool_t
+polkit_authorization_db_grant_to_uid (PolKitAuthorizationDB *authdb,
+ PolKitAction *action,
+ uid_t uid,
+ PolKitAuthorizationConstraint *constraint,
+ PolKitError **error)
+{
+ polkit_error_set_error (error, POLKIT_ERROR_NOT_SUPPORTED, "Not supported");
+ return FALSE;
+}
diff --git a/src/polkit-grant/polkit-authorization-db-write.c b/src/polkit-grant/polkit-authorization-db-write.c
new file mode 100644
index 0000000..145aed9
--- /dev/null
+++ b/src/polkit-grant/polkit-authorization-db-write.c
@@ -0,0 +1,680 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-authorization-db.c : Represents the authorization database
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/wait.h>
+#include <errno.h>
+#include <string.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <pwd.h>
+
+#include <glib.h>
+
+#include <polkit/polkit-debug.h>
+#include <polkit/polkit-authorization-db.h>
+#include <polkit/polkit-utils.h>
+#include <polkit/polkit-private.h>
+
+/**
+ * SECTION:polkit-authorization-db
+ **/
+
+
+static polkit_bool_t
+_write_to_fd (int fd, const char *str, ssize_t str_len)
+{
+ polkit_bool_t ret;
+ ssize_t written;
+
+ ret = FALSE;
+
+ written = 0;
+ while (written < str_len) {
+ ssize_t ret;
+ ret = write (fd, str + written, str_len - written);
+ if (ret < 0) {
+ if (errno == EAGAIN || errno == EINTR) {
+ continue;
+ } else {
+ goto out;
+ }
+ }
+ written += ret;
+ }
+
+ ret = TRUE;
+
+out:
+ return ret;
+}
+
+polkit_bool_t
+_polkit_authorization_db_auth_file_add (const char *root, polkit_bool_t transient, uid_t uid, char *str_to_add)
+{
+ int fd;
+ char *contents;
+ gsize contents_size;
+ char *path;
+ char *path_tmp;
+ GError *error;
+ polkit_bool_t ret;
+ struct stat statbuf;
+ struct passwd *pw;
+
+ ret = FALSE;
+ path = NULL;
+ path_tmp = NULL;
+ contents = NULL;
+
+ pw = getpwuid (uid);
+ if (pw == NULL) {
+ g_warning ("cannot lookup user name for uid %d\n", uid);
+ goto out;
+ }
+
+ path = g_strdup_printf ("%s/user-%s.auths", root, pw->pw_name);
+ path_tmp = g_strdup_printf ("%s.XXXXXX", path);
+
+ if (stat (path, &statbuf) != 0 && errno == ENOENT) {
+ //fprintf (stderr, "path=%s does not exist (egid=%d): %m!\n", path, getegid ());
+
+ g_free (path_tmp);
+ path_tmp = path;
+ path = NULL;
+
+ /* Write a nice blurb if we're creating the file for the first time */
+
+ contents = g_strdup_printf (
+ "# This file lists authorizations for user %s\n"
+ "%s"
+ "# \n"
+ "# File format may change at any time; do not rely on it. To manage\n"
+ "# authorizations use polkit-auth(1) instead.\n"
+ "\n",
+ pw->pw_name,
+ transient ? "# (these are temporary and will be removed on the next system boot)\n" : "");
+ contents_size = strlen (contents);
+ } else {
+ error = NULL;
+ if (!g_file_get_contents (path, &contents, &contents_size, &error)) {
+ g_warning ("Cannot read authorizations file %s: %s", path, error->message);
+ g_error_free (error);
+ goto out;
+ }
+ }
+
+ if (path != NULL) {
+ fd = mkstemp (path_tmp);
+ if (fd < 0) {
+ fprintf (stderr, "Cannot create file '%s': %m\n", path_tmp);
+ goto out;
+ }
+ if (fchmod (fd, 0464) != 0) {
+ fprintf (stderr, "Cannot change mode for '%s' to 0460: %m\n", path_tmp);
+ close (fd);
+ unlink (path_tmp);
+ goto out;
+ }
+ } else {
+ fd = open (path_tmp, O_RDWR|O_CREAT, 0464);
+ if (fd < 0) {
+ fprintf (stderr, "Cannot create file '%s': %m\n", path_tmp);
+ goto out;
+ }
+ }
+
+ if (!_write_to_fd (fd, contents, contents_size)) {
+ g_warning ("Cannot write to temporary authorizations file %s: %m", path_tmp);
+ close (fd);
+ if (unlink (path_tmp) != 0) {
+ g_warning ("Cannot unlink %s: %m", path_tmp);
+ }
+ goto out;
+ }
+ if (!_write_to_fd (fd, str_to_add, strlen (str_to_add))) {
+ g_warning ("Cannot write to temporary authorizations file %s: %m", path_tmp);
+ close (fd);
+ if (unlink (path_tmp) != 0) {
+ g_warning ("Cannot unlink %s: %m", path_tmp);
+ }
+ goto out;
+ }
+ close (fd);
+
+ if (path != NULL) {
+ if (rename (path_tmp, path) != 0) {
+ g_warning ("Cannot rename %s to %s: %m", path_tmp, path);
+ if (unlink (path_tmp) != 0) {
+ g_warning ("Cannot unlink %s: %m", path_tmp);
+ }
+ goto out;
+ }
+ }
+
+ /* trigger a reload */
+ if (utimes (PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload", NULL) != 0) {
+ g_warning ("Error updating access+modification time on file '%s': %m\n",
+ PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload");
+ }
+
+ ret = TRUE;
+
+out:
+ if (contents != NULL)
+ g_free (contents);
+ if (path != NULL)
+ g_free (path);
+ if (path_tmp != NULL)
+ g_free (path_tmp);
+ return ret;
+}
+
+
+/**
+ * polkit_authorization_db_add_entry_process_one_shot:
+ * @authdb: the authorization database
+ * @action: the action
+ * @caller: the caller
+ * @user_authenticated_as: the user that was authenticated
+ *
+ * Write an entry to the authorization database to indicate that the
+ * given caller is authorized for the given action a single time.
+ *
+ * Note that this function should only be used by
+ * <literal>libpolkit-grant</literal> or other sufficiently privileged
+ * processes that deals with managing authorizations. It should never
+ * be used by mechanisms or applications. The caller must have
+ * egid=polkituser and umask set so creating files with mode 0460 will
+ * work.
+ *
+ * This function is in <literal>libpolkit-grant</literal>.
+ *
+ * Returns: #TRUE if an entry was written to the authorization
+ * database, #FALSE if the caller of this function is not sufficiently
+ * privileged.
+ *
+ * Since: 0.7
+ */
+polkit_bool_t
+polkit_authorization_db_add_entry_process_one_shot (PolKitAuthorizationDB *authdb,
+ PolKitAction *action,
+ PolKitCaller *caller,
+ uid_t user_authenticated_as)
+{
+ char *action_id;
+ uid_t caller_uid;
+ pid_t caller_pid;
+ char *grant_line;
+ polkit_bool_t ret;
+ polkit_uint64_t pid_start_time;
+ struct timeval now;
+ PolKitAuthorizationConstraint *constraint;
+ char cbuf[256];
+
+ g_return_val_if_fail (authdb != NULL, FALSE);
+ g_return_val_if_fail (action != NULL, FALSE);
+ g_return_val_if_fail (caller != NULL, FALSE);
+
+ if (!polkit_action_get_action_id (action, &action_id))
+ return FALSE;
+
+ if (!polkit_caller_get_pid (caller, &caller_pid))
+ return FALSE;
+
+ if (!polkit_caller_get_uid (caller, &caller_uid))
+ return FALSE;
+
+ pid_start_time = polkit_sysdeps_get_start_time_for_pid (caller_pid);
+ if (pid_start_time == 0)
+ return FALSE;
+
+ if (gettimeofday (&now, NULL) != 0) {
+ g_warning ("Error calling gettimeofday: %m");
+ return FALSE;
+ }
+
+ constraint = polkit_authorization_constraint_get_from_caller (caller);
+ if (polkit_authorization_constraint_to_string (constraint, cbuf, sizeof (cbuf)) >= sizeof (cbuf)) {
+ g_warning ("buffer for auth constraint is too small");
+ return FALSE;
+ }
+
+ grant_line = g_strdup_printf ("process-one-shot:%d:%Lu:%s:%Lu:%d:%s\n",
+ caller_pid,
+ pid_start_time,
+ action_id,
+ (polkit_uint64_t) now.tv_sec,
+ user_authenticated_as,
+ cbuf);
+
+ ret = _polkit_authorization_db_auth_file_add (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit",
+ TRUE,
+ caller_uid,
+ grant_line);
+ g_free (grant_line);
+ return ret;
+}
+
+/**
+ * polkit_authorization_db_add_entry_process:
+ * @authdb: the authorization database
+ * @action: the action
+ * @caller: the caller
+ * @user_authenticated_as: the user that was authenticated
+ *
+ * Write an entry to the authorization database to indicate that the
+ * given caller is authorized for the given action.
+ *
+ * Note that this function should only be used by
+ * <literal>libpolkit-grant</literal> or other sufficiently privileged
+ * processes that deals with managing authorizations. It should never
+ * be used by mechanisms or applications. The caller must have
+ * egid=polkituser and umask set so creating files with mode 0460 will
+ * work.
+ *
+ * This function is in <literal>libpolkit-grant</literal>.
+ *
+ * Returns: #TRUE if an entry was written to the authorization
+ * database, #FALSE if the caller of this function is not sufficiently
+ * privileged.
+ *
+ * Since: 0.7
+ */
+polkit_bool_t
+polkit_authorization_db_add_entry_process (PolKitAuthorizationDB *authdb,
+ PolKitAction *action,
+ PolKitCaller *caller,
+ uid_t user_authenticated_as)
+{
+ char *action_id;
+ uid_t caller_uid;
+ pid_t caller_pid;
+ char *grant_line;
+ polkit_bool_t ret;
+ polkit_uint64_t pid_start_time;
+ struct timeval now;
+ PolKitAuthorizationConstraint *constraint;
+ char cbuf[256];
+
+ g_return_val_if_fail (authdb != NULL, FALSE);
+ g_return_val_if_fail (action != NULL, FALSE);
+ g_return_val_if_fail (caller != NULL, FALSE);
+
+ if (!polkit_action_get_action_id (action, &action_id))
+ return FALSE;
+
+ if (!polkit_caller_get_pid (caller, &caller_pid))
+ return FALSE;
+
+ if (!polkit_caller_get_uid (caller, &caller_uid))
+ return FALSE;
+
+ pid_start_time = polkit_sysdeps_get_start_time_for_pid (caller_pid);
+ if (pid_start_time == 0)
+ return FALSE;
+
+ if (gettimeofday (&now, NULL) != 0) {
+ g_warning ("Error calling gettimeofday: %m");
+ return FALSE;
+ }
+
+ constraint = polkit_authorization_constraint_get_from_caller (caller);
+ if (polkit_authorization_constraint_to_string (constraint, cbuf, sizeof (cbuf)) >= sizeof (cbuf)) {
+ g_warning ("buffer for auth constraint is too small");
+ return FALSE;
+ }
+
+ grant_line = g_strdup_printf ("process:%d:%Lu:%s:%Lu:%d:%s\n",
+ caller_pid,
+ pid_start_time,
+ action_id,
+ (polkit_uint64_t) now.tv_sec,
+ user_authenticated_as,
+ cbuf);
+
+ ret = _polkit_authorization_db_auth_file_add (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit",
+ TRUE,
+ caller_uid,
+ grant_line);
+ g_free (grant_line);
+ return ret;
+}
+
+/**
+ * polkit_authorization_db_add_entry_session:
+ * @authdb: the authorization database
+ * @action: the action
+ * @caller: the caller
+ * @user_authenticated_as: the user that was authenticated
+ *
+ * Write an entry to the authorization database to indicate that the
+ * session for the given caller is authorized for the given action for
+ * the remainer of the session.
+ *
+ * Note that this function should only be used by
+ * <literal>libpolkit-grant</literal> or other sufficiently privileged
+ * processes that deals with managing authorizations. It should never
+ * be used by mechanisms or applications. The caller must have
+ * egid=polkituser and umask set so creating files with mode 0460 will
+ * work.
+ *
+ * This function is in <literal>libpolkit-grant</literal>.
+ *
+ * Returns: #TRUE if an entry was written to the authorization
+ * database, #FALSE if the caller of this function is not sufficiently
+ * privileged.
+ *
+ * Since: 0.7
+ */
+polkit_bool_t
+polkit_authorization_db_add_entry_session (PolKitAuthorizationDB *authdb,
+ PolKitAction *action,
+ PolKitCaller *caller,
+ uid_t user_authenticated_as)
+{
+ uid_t session_uid;
+ char *action_id;
+ char *grant_line;
+ PolKitSession *session;
+ char *session_objpath;
+ polkit_bool_t ret;
+ struct timeval now;
+ PolKitAuthorizationConstraint *constraint;
+ char cbuf[256];
+
+ g_return_val_if_fail (authdb != NULL, FALSE);
+ g_return_val_if_fail (action != NULL, FALSE);
+ g_return_val_if_fail (caller != NULL, FALSE);
+
+ if (!polkit_action_get_action_id (action, &action_id))
+ return FALSE;
+
+ if (!polkit_caller_get_ck_session (caller, &session))
+ return FALSE;
+
+ if (!polkit_session_get_ck_objref (session, &session_objpath))
+ return FALSE;
+
+ if (!polkit_session_get_uid (session, &session_uid))
+ return FALSE;
+
+ constraint = polkit_authorization_constraint_get_from_caller (caller);
+ if (polkit_authorization_constraint_to_string (constraint, cbuf, sizeof (cbuf)) >= sizeof (cbuf)) {
+ g_warning ("buffer for auth constraint is too small");
+ return FALSE;
+ }
+
+ if (gettimeofday (&now, NULL) != 0) {
+ g_warning ("Error calling gettimeofday: %m");
+ return FALSE;
+ }
+
+ grant_line = g_strdup_printf ("session:%s:%s:%Lu:%d:%s\n",
+ session_objpath,
+ action_id,
+ (polkit_uint64_t) now.tv_sec,
+ user_authenticated_as,
+ cbuf);
+
+ ret = _polkit_authorization_db_auth_file_add (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit",
+ TRUE,
+ session_uid,
+ grant_line);
+ g_free (grant_line);
+ return ret;
+}
+
+/**
+ * polkit_authorization_db_add_entry_always:
+ * @authdb: the authorization database
+ * @action: the action
+ * @caller: the caller
+ * @user_authenticated_as: the user that was authenticated
+ *
+ * Write an entry to the authorization database to indicate that the
+ * given user is authorized for the given action.
+ *
+ * Note that this function should only be used by
+ * <literal>libpolkit-grant</literal> or other sufficiently privileged
+ * processes that deals with managing authorizations. It should never
+ * be used by mechanisms or applications. The caller must have
+ * egid=polkituser and umask set so creating files with mode 0460 will
+ * work.
+ *
+ * This function is in <literal>libpolkit-grant</literal>.
+ *
+ * Returns: #TRUE if an entry was written to the authorization
+ * database, #FALSE if the caller of this function is not sufficiently
+ * privileged.
+ *
+ * Since: 0.7
+ */
+polkit_bool_t
+polkit_authorization_db_add_entry_always (PolKitAuthorizationDB *authdb,
+ PolKitAction *action,
+ PolKitCaller *caller,
+ uid_t user_authenticated_as)
+{
+ uid_t uid;
+ char *action_id;
+ char *grant_line;
+ polkit_bool_t ret;
+ struct timeval now;
+ PolKitAuthorizationConstraint *constraint;
+ char cbuf[256];
+
+ g_return_val_if_fail (authdb != NULL, FALSE);
+ g_return_val_if_fail (action != NULL, FALSE);
+ g_return_val_if_fail (caller != NULL, FALSE);
+
+ if (!polkit_caller_get_uid (caller, &uid))
+ return FALSE;
+
+ if (!polkit_action_get_action_id (action, &action_id))
+ return FALSE;
+
+ if (gettimeofday (&now, NULL) != 0) {
+ g_warning ("Error calling gettimeofday: %m");
+ return FALSE;
+ }
+
+ constraint = polkit_authorization_constraint_get_from_caller (caller);
+ if (polkit_authorization_constraint_to_string (constraint, cbuf, sizeof (cbuf)) >= sizeof (cbuf)) {
+ g_warning ("buffer for auth constraint is too small");
+ return FALSE;
+ }
+
+ grant_line = g_strdup_printf ("always:%s:%Lu:%d:%s\n",
+ action_id,
+ (polkit_uint64_t) now.tv_sec,
+ user_authenticated_as,
+ cbuf);
+
+ ret = _polkit_authorization_db_auth_file_add (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit",
+ FALSE,
+ uid,
+ grant_line);
+ g_free (grant_line);
+ return ret;
+}
+
+
+typedef struct {
+ char *action_id;
+ PolKitAuthorizationConstraint *constraint;
+} CheckDataGrant;
+
+static polkit_bool_t
+_check_auth_for_grant (PolKitAuthorizationDB *authdb, PolKitAuthorization *auth, void *user_data)
+{
+ uid_t pimp;
+ polkit_bool_t ret;
+ CheckDataGrant *cd = (CheckDataGrant *) user_data;
+
+ ret = FALSE;
+
+ if (strcmp (polkit_authorization_get_action_id (auth), cd->action_id) != 0)
+ goto no_match;
+
+ if (!polkit_authorization_was_granted_explicitly (auth, &pimp))
+ goto no_match;
+
+ if (!polkit_authorization_constraint_equal (polkit_authorization_get_constraint (auth), cd->constraint))
+ goto no_match;
+
+ ret = TRUE;
+
+no_match:
+ return ret;
+}
+
+/**
+ * polkit_authorization_db_grant_to_uid:
+ * @authdb: authorization database
+ * @action: action
+ * @uid: uid to grant to
+ * @constraint: what constraint to put on the authorization
+ * @error: return location for error
+ *
+ * Grants an authorization to a user for a specific action. This
+ * requires the org.freedesktop.policykit.grant authorization.
+ *
+ * This function is in <literal>libpolkit-grant</literal>.
+ *
+ * Returns: #TRUE if the authorization was granted, #FALSE otherwise
+ * and error will be set
+ *
+ * Since: 0.7
+ */
+polkit_bool_t
+polkit_authorization_db_grant_to_uid (PolKitAuthorizationDB *authdb,
+ PolKitAction *action,
+ uid_t uid,
+ PolKitAuthorizationConstraint *constraint,
+ PolKitError **error)
+{
+ GError *g_error;
+ char *helper_argv[6] = {PACKAGE_LIBEXEC_DIR "/polkit-explicit-grant-helper", NULL, NULL, NULL, NULL, NULL};
+ gboolean ret;
+ gint exit_status;
+ char cbuf[256];
+ CheckDataGrant cd;
+
+ ret = FALSE;
+
+ g_return_val_if_fail (authdb != NULL, FALSE);
+ g_return_val_if_fail (action != NULL, FALSE);
+ g_return_val_if_fail (constraint != NULL, FALSE);
+
+ if (!polkit_action_get_action_id (action, &(cd.action_id))) {
+ polkit_error_set_error (error,
+ POLKIT_ERROR_GENERAL_ERROR,
+ "Given action does not have action_id set");
+ goto out;
+ }
+
+ if (polkit_authorization_constraint_to_string (constraint, cbuf, sizeof (cbuf)) >= sizeof (cbuf)) {
+ g_warning ("buffer for auth constraint is too small");
+ polkit_error_set_error (error,
+ POLKIT_ERROR_GENERAL_ERROR,
+ "buffer for auth constraint is too small");
+ goto out;
+ }
+
+ /* check if we have the auth already */
+ cd.constraint = constraint;
+ if (!polkit_authorization_db_foreach_for_uid (authdb,
+ uid,
+ _check_auth_for_grant,
+ &cd,
+ error)) {
+ /* happens if caller can't read auths of target user */
+ if (error != NULL && polkit_error_is_set (*error)) {
+ goto out;
+ }
+ } else {
+ /* so it did exist.. */
+ polkit_error_set_error (error,
+ POLKIT_ERROR_AUTHORIZATION_ALREADY_EXISTS,
+ "An authorization for uid %d for the action %s with constraint '%s' already exists",
+ uid, cd.action_id, cbuf);
+ goto out;
+ }
+
+
+ helper_argv[1] = cd.action_id;
+ helper_argv[2] = cbuf;
+ helper_argv[3] = "uid";
+ helper_argv[4] = g_strdup_printf ("%d", uid);
+ helper_argv[5] = NULL;
+
+ g_error = NULL;
+ if (!g_spawn_sync (NULL, /* const gchar *working_directory */
+ helper_argv, /* gchar **argv */
+ NULL, /* gchar **envp */
+ 0, /* GSpawnFlags flags */
+ NULL, /* GSpawnChildSetupFunc child_setup */
+ NULL, /* gpointer user_data */
+ NULL, /* gchar **standard_output */
+ NULL, /* gchar **standard_error */
+ &exit_status, /* gint *exit_status */
+ &g_error)) { /* GError **error */
+ polkit_error_set_error (error,
+ POLKIT_ERROR_GENERAL_ERROR,
+ "Error spawning explicit grant helper: %s",
+ g_error->message);
+ g_error_free (g_error);
+ goto out;
+ }
+
+ if (!WIFEXITED (exit_status)) {
+ g_warning ("Explicit grant helper crashed!");
+ polkit_error_set_error (error,
+ POLKIT_ERROR_GENERAL_ERROR,
+ "Explicit grant helper crashed!");
+ goto out;
+ } else if (WEXITSTATUS(exit_status) != 0) {
+ polkit_error_set_error (error,
+ POLKIT_ERROR_NOT_AUTHORIZED_TO_GRANT_AUTHORIZATION,
+ "uid %d is not authorized to grant authorization for action %s to uid %d (requires org.freedesktop.policykit.grant)",
+ getuid (), cd.action_id, uid);
+ } else {
+ ret = TRUE;
+ }
+
+out:
+ g_free (helper_argv[4]);
+ return ret;
+
+}
diff --git a/src/polkit-grant/polkit-explicit-grant-helper.c b/src/polkit-grant/polkit-explicit-grant-helper.c
new file mode 100644
index 0000000..3f5d2ef
--- /dev/null
+++ b/src/polkit-grant/polkit-explicit-grant-helper.c
@@ -0,0 +1,268 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-explicit-grant-helper.c : setgid polkituser explicit grant
+ * helper for PolicyKit
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#define _GNU_SOURCE
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <security/pam_appl.h>
+#include <grp.h>
+#include <pwd.h>
+#include <syslog.h>
+#include <errno.h>
+#include <string.h>
+#include <utime.h>
+#include <fcntl.h>
+
+#include <polkit-dbus/polkit-dbus.h>
+#include <polkit/polkit-private.h>
+
+static polkit_bool_t
+check_pid_for_authorization (pid_t caller_pid, const char *action_id)
+{
+ polkit_bool_t ret;
+ DBusError error;
+ DBusConnection *bus;
+ PolKitCaller *caller;
+ PolKitAction *action;
+ PolKitContext *context;
+ PolKitError *pk_error;
+ PolKitResult pk_result;
+
+ ret = FALSE;
+
+ dbus_error_init (&error);
+ bus = dbus_bus_get (DBUS_BUS_SYSTEM, &error);
+ if (bus == NULL) {
+ fprintf (stderr, "polkit-explicit-grant-helper: cannot connect to system bus: %s: %s\n",
+ error.name, error.message);
+ dbus_error_free (&error);
+ goto out;
+ }
+
+ caller = polkit_caller_new_from_pid (bus, caller_pid, &error);
+ if (caller == NULL) {
+ fprintf (stderr, "polkit-explicit-grant-helper: cannot get caller from pid: %s: %s\n",
+ error.name, error.message);
+ goto out;
+ }
+
+ action = polkit_action_new ();
+ if (action == NULL) {
+ fprintf (stderr, "polkit-explicit-grant-helper: cannot allocate PolKitAction\n");
+ goto out;
+ }
+ if (!polkit_action_set_action_id (action, action_id)) {
+ fprintf (stderr, "polkit-explicit-grant-helper: cannot set action_id\n");
+ goto out;
+ }
+
+ context = polkit_context_new ();
+ if (context == NULL) {
+ fprintf (stderr, "polkit-explicit-grant-helper: cannot allocate PolKitContext\n");
+ goto out;
+ }
+
+ pk_error = NULL;
+ if (!polkit_context_init (context, &pk_error)) {
+ fprintf (stderr, "polkit-explicit-grant-helper: cannot initialize polkit context: %s: %s\n",
+ polkit_error_get_error_name (pk_error),
+ polkit_error_get_error_message (pk_error));
+ polkit_error_free (pk_error);
+ goto out;
+ }
+
+ pk_result = polkit_context_is_caller_authorized (context, action, caller, FALSE, &pk_error);
+ if (polkit_error_is_set (pk_error)) {
+ fprintf (stderr, "polkit-explicit-grant-helper: cannot determine if caller is authorized: %s: %s\n",
+ polkit_error_get_error_name (pk_error),
+ polkit_error_get_error_message (pk_error));
+ polkit_error_free (pk_error);
+ goto out;
+ }
+
+ if (pk_result != POLKIT_RESULT_YES) {
+ //fprintf (stderr,
+ // "polkit-explicit-grant-helper: uid %d (pid %d) does not have the "
+ // "org.freedesktop.policykit.read-other-authorizations authorization\n",
+ // caller_uid, caller_pid);
+ goto out;
+ }
+
+ ret = TRUE;
+out:
+
+ return ret;
+}
+
+int
+main (int argc, char *argv[])
+{
+ int ret;
+ gid_t egid;
+ struct group *group;
+ uid_t invoking_uid;
+ char *action_id;
+ char *endp;
+ char grant_line[512];
+ struct timeval now;
+
+ ret = 1;
+
+ /* clear the entire environment to avoid attacks using with libraries honoring environment variables */
+ if (clearenv () != 0)
+ goto out;
+ /* set a minimal environment */
+ setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
+
+ openlog ("polkit-explicit-grant-helper", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
+
+ /* check for correct invocation */
+ if (argc != 5) {
+ syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
+ fprintf (stderr, "polkit-explicit-grant-helper: wrong number of arguments. This incident has been logged.\n");
+ goto out;
+ }
+
+ /* check we're running with a non-tty stdin */
+ if (isatty (STDIN_FILENO) != 0) {
+ syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ());
+ fprintf (stderr, "polkit-explicit-grant-helper: inappropriate use of helper, stdin is a tty. This incident has been logged.\n");
+ goto out;
+ }
+
+ invoking_uid = getuid ();
+
+ /* check that we are setgid polkituser */
+ egid = getegid ();
+ group = getgrgid (egid);
+ if (group == NULL) {
+ fprintf (stderr, "polkit-explicit-grant-helper: cannot lookup group info for gid %d\n", egid);
+ goto out;
+ }
+ if (strcmp (group->gr_name, POLKIT_GROUP) != 0) {
+ fprintf (stderr, "polkit-explicit-grant-helper: needs to be setgid " POLKIT_GROUP "\n");
+ goto out;
+ }
+
+ /*----------------------------------------------------------------------------------------------------*/
+
+ /* check and validate incoming parameters */
+
+ /* first one is action_id */
+ action_id = argv[1];
+ if (!polkit_action_validate_id (action_id)) {
+ syslog (LOG_NOTICE, "action_id is malformed [uid=%d]", getuid ());
+ fprintf (stderr, "polkit-explicit-grant-helper: action_id is malformed. This incident has been logged.\n");
+ goto out;
+ }
+
+ char *authc_str;
+ PolKitAuthorizationConstraint *authc;
+
+ /* second is the auth constraint */
+ authc_str = argv[2];
+ authc = polkit_authorization_constraint_from_string (authc_str);
+ if (authc == NULL) {
+ syslog (LOG_NOTICE, "auth constraint is malformed [uid=%d]", getuid ());
+ fprintf (stderr, "polkit-explicit-grant-helper: auth constraint is malformed. This incident has been logged.\n");
+ goto out;
+ }
+
+#define TARGET_UID 0
+ int target;
+ uid_t target_uid = -1;
+
+ /* (third, fourth) is one of: ("uid", uid) */
+ if (strcmp (argv[3], "uid") == 0) {
+
+ target = TARGET_UID;
+ target_uid = strtol (argv[4], &endp, 10);
+ if (*endp != '\0') {
+ syslog (LOG_NOTICE, "target uid is malformed [uid=%d]", getuid ());
+ fprintf (stderr, "polkit-explicit-grant-helper: target uid is malformed. This incident has been logged.\n");
+ goto out;
+ }
+ } else {
+ syslog (LOG_NOTICE, "target type is malformed [uid=%d]", getuid ());
+ fprintf (stderr, "polkit-explicit-grant-helper: target type is malformed. This incident has been logged.\n");
+ goto out;
+ }
+
+
+ //fprintf (stderr, "action_id=%s constraint=%s uid=%d\n", action_id, authc_str, target_uid);
+
+ /* OK, we're done parsing ... check if the user is authorized */
+
+ if (invoking_uid != 0) {
+ /* see if calling user is authorized for
+ *
+ * org.freedesktop.policykit.grant
+ */
+ if (!check_pid_for_authorization (getppid (), "org.freedesktop.policykit.grant")) {
+ goto out;
+ }
+ }
+
+ /* he is.. proceed to add the grant */
+
+ umask (002);
+
+ if (gettimeofday (&now, NULL) != 0) {
+ fprintf (stderr, "polkit-explicit-grant-helper: error calling gettimeofday: %m");
+ return FALSE;
+ }
+
+ if (snprintf (grant_line,
+ sizeof (grant_line),
+ "grant:%s:%Lu:%d:%s\n",
+ action_id,
+ (polkit_uint64_t) now.tv_sec,
+ invoking_uid,
+ authc_str) >= (int) sizeof (grant_line)) {
+ fprintf (stderr, "polkit-explicit-grant-helper: str to add is too long!\n");
+ goto out;
+ }
+
+ if (_polkit_authorization_db_auth_file_add (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit",
+ FALSE,
+ target_uid,
+ grant_line)) {
+ ret = 0;
+ }
+
+out:
+
+ return ret;
+}
+
diff --git a/src/polkit-grant/polkit-grant-helper-pam.c b/src/polkit-grant/polkit-grant-helper-pam.c
new file mode 100644
index 0000000..7c9c35a
--- /dev/null
+++ b/src/polkit-grant/polkit-grant-helper-pam.c
@@ -0,0 +1,232 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-grant-helper-pam.c : setuid root pam grant helper for PolicyKit
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+/* TODO: FIXME: XXX: this code needs security review before it can be released! */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <syslog.h>
+#include <security/pam_appl.h>
+
+/* Development aid: define PGH_DEBUG to get debugging output. Do _NOT_
+ * enable this in production builds; it may leak passwords and other
+ * sensitive information.
+ */
+#undef PGH_DEBUG
+/* #define PGH_DEBUG */
+
+static int conversation_function (int n, const struct pam_message **msg, struct pam_response **resp, void *data);
+
+int
+main (int argc, char *argv[])
+{
+ int rc;
+ char user_to_auth[256];
+ struct pam_conv pam_conversation;
+ pam_handle_t *pam_h;
+ const void *authed_user;
+
+ rc = 0;
+ pam_h = NULL;
+
+ /* clear the entire environment to avoid attacks using with libraries honoring environment variables */
+ if (clearenv () != 0)
+ goto error;
+ /* set a minimal environment */
+ setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
+
+ /* check that we are setuid root */
+ if (geteuid () != 0) {
+ fprintf (stderr, "polkit-grant-helper-pam: needs to be setuid root\n");
+ goto error;
+ }
+
+ openlog ("polkit-grant-helper-pam", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
+
+ /* check for correct invocation */
+ if (argc != 1) {
+ syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
+ fprintf (stderr, "polkit-grant-helper-pam: wrong number of arguments. This incident has been logged.\n");
+ goto error;
+ }
+
+ if (getuid () != 0) {
+ /* check we're running with a non-tty stdin */
+ if (isatty (STDIN_FILENO) != 0) {
+ syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ());
+ fprintf (stderr, "polkit-grant-helper-pam: inappropriate use of helper, stdin is a tty. This incident has been logged.\n");
+ goto error;
+ }
+ }
+
+ /* get user to auth */
+ if (fgets (user_to_auth, sizeof user_to_auth, stdin) == NULL)
+ goto error;
+ if (strlen (user_to_auth) > 0 && user_to_auth[strlen (user_to_auth) - 1] == '\n')
+ user_to_auth[strlen (user_to_auth) - 1] = '\0';
+
+#ifdef PGH_DEBUG
+ fprintf (stderr, "polkit-grant-helper-pam: user to auth is '%s'.\n", user_to_auth);
+#endif /* PGH_DEBUG */
+
+ pam_conversation.conv = conversation_function;
+ pam_conversation.appdata_ptr = NULL;
+
+ /* start the pam stack */
+ rc = pam_start ("polkit",
+ user_to_auth,
+ &pam_conversation,
+ &pam_h);
+ if (rc != PAM_SUCCESS) {
+ fprintf (stderr, "polkit-grant-helper-pam: pam_start failed: %s\n", pam_strerror (pam_h, rc));
+ goto error;
+ }
+
+ /* set the requesting user */
+ rc = pam_set_item (pam_h, PAM_RUSER, user_to_auth);
+ if (rc != PAM_SUCCESS) {
+ fprintf (stderr, "polkit-grant-helper-pam: pam_set_item failed: %s\n", pam_strerror (pam_h, rc));
+ goto error;
+ }
+
+ /* is user really user? */
+ rc = pam_authenticate (pam_h, 0);
+ if (rc != PAM_SUCCESS) {
+ fprintf (stderr, "polkit-grant-helper-pam: pam_authenticated failed: %s\n", pam_strerror (pam_h, rc));
+ goto error;
+ }
+
+ /* permitted access? */
+ rc = pam_acct_mgmt (pam_h, 0);
+ if (rc != PAM_SUCCESS) {
+ fprintf (stderr, "polkit-grant-helper-pam: pam_acct_mgmt failed: %s\n", pam_strerror (pam_h, rc));
+ goto error;
+ }
+
+ /* did we auth the right user? */
+ rc = pam_get_item (pam_h, PAM_USER, &authed_user);
+ if (rc != PAM_SUCCESS) {
+ fprintf (stderr, "polkit-grant-helper-pam: pam_get_item failed: %s\n", pam_strerror (pam_h, rc));
+ goto error;
+ }
+
+ if (strcmp (authed_user, user_to_auth) != 0) {
+ fprintf (stderr, "polkit-grant-helper-pam: Tried to auth user '%s' but we got auth for user '%s' instead",
+ user_to_auth, (const char *) authed_user);
+ goto error;
+ }
+
+#ifdef PGH_DEBUG
+ fprintf (stderr, "polkit-grant-helper-pam: successfully authenticated user '%s'.\n", user_to_auth);
+#endif /* PGH_DEBUG */
+
+ fprintf (stdout, "SUCCESS\n");
+ fflush (stdout);
+
+ pam_end (pam_h, rc);
+ return 0;
+error:
+ if (pam_h != NULL)
+ pam_end (pam_h, rc);
+
+ fprintf (stdout, "FAILURE\n");
+ fflush (stdout);
+ return 1;
+}
+
+static int
+conversation_function (int n, const struct pam_message **msg, struct pam_response **resp, void *data)
+{
+ struct pam_response *aresp;
+ char buf[PAM_MAX_RESP_SIZE];
+ int i;
+
+ data = data;
+ if (n <= 0 || n > PAM_MAX_NUM_MSG)
+ return PAM_CONV_ERR;
+
+ if ((aresp = calloc(n, sizeof *aresp)) == NULL)
+ return PAM_BUF_ERR;
+
+ for (i = 0; i < n; ++i) {
+ aresp[i].resp_retcode = 0;
+ aresp[i].resp = NULL;
+ switch (msg[i]->msg_style) {
+ case PAM_PROMPT_ECHO_OFF:
+ fprintf (stdout, "PAM_PROMPT_ECHO_OFF ");
+ goto conv1;
+ case PAM_PROMPT_ECHO_ON:
+ fprintf (stdout, "PAM_PROMPT_ECHO_ON ");
+ conv1:
+ fputs (msg[i]->msg, stdout);
+ if (strlen (msg[i]->msg) > 0 &&
+ msg[i]->msg[strlen (msg[i]->msg) - 1] != '\n')
+ fputc ('\n', stdout);
+ fflush (stdout);
+
+ if (fgets (buf, sizeof buf, stdin) == NULL)
+ goto error;
+ if (strlen (buf) > 0 &&
+ buf[strlen (buf) - 1] == '\n')
+ buf[strlen (buf) - 1] = '\0';
+
+ aresp[i].resp = strdup (buf);
+ if (aresp[i].resp == NULL)
+ goto error;
+ break;
+
+ case PAM_ERROR_MSG:
+ fprintf (stdout, "PAM_ERROR_MSG ");
+ goto conv2;
+
+ case PAM_TEXT_INFO:
+ fprintf (stdout, "PAM_TEXT_INFO ");
+ conv2:
+ fputs (msg[i]->msg, stdout);
+ if (strlen (msg[i]->msg) > 0 &&
+ msg[i]->msg[strlen (msg[i]->msg) - 1] != '\n')
+ fputc ('\n', stdout);
+ fflush (stdout);
+ break;
+ default:
+ goto error;
+ }
+ }
+ *resp = aresp;
+ return PAM_SUCCESS;
+
+error:
+ for (i = 0; i < n; ++i) {
+ if (aresp[i].resp != NULL) {
+ memset (aresp[i].resp, 0, strlen(aresp[i].resp));
+ free (aresp[i].resp);
+ }
+ }
+ memset (aresp, 0, n * sizeof *aresp);
+ *resp = NULL;
+ return PAM_CONV_ERR;
+}
diff --git a/src/polkit-grant/polkit-grant-helper.c b/src/polkit-grant/polkit-grant-helper.c
new file mode 100644
index 0000000..d1694b1
--- /dev/null
+++ b/src/polkit-grant/polkit-grant-helper.c
@@ -0,0 +1,842 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-grant-helper.c : setgid polkituser grant helper for PolicyKit
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+/* TODO: FIXME: XXX: this code needs security review before it can be released! */
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <security/pam_appl.h>
+#include <grp.h>
+#include <pwd.h>
+#include <syslog.h>
+#include <errno.h>
+#include <string.h>
+#include <utime.h>
+
+#include <glib.h>
+
+#include <polkit-dbus/polkit-dbus.h>
+// #include <polkit/polkit-grant-database.h>
+
+/* Development aid: define PGH_DEBUG to get debugging output. Do _NOT_
+ * enable this in production builds; it may leak passwords and other
+ * sensitive information.
+ */
+#undef PGH_DEBUG
+/* #define PGH_DEBUG */
+#define PGH_DEBUG
+
+/* synopsis: polkit-grant-helper <pid> <action-name>
+ *
+ * <pid> : process id of caller to grant privilege to
+ * <action-name> : the PolicyKit action
+ *
+ * Error/debug messages goes to stderr. Interaction with the program
+ * launching this helper happens via stdin/stdout. A rough high-level
+ * interaction diagram looks like this (120 character width):
+ *
+ * Program using
+ * libpolkit-grant polkit-grant-helper polkit-grant-helper-pam
+ * ------------- ------------------- -----------------------
+ *
+ * Spawn polkit-grant-helper
+ * with args <pid>, <action-name> -->
+ *
+ * Create PolKitCaller object
+ * from <pid>. Involves querying
+ * ConsoleKit over the system
+ * message-bus. Verify that
+ * the caller qualifies for
+ * for authentication to gain
+ * the right to do the Action.
+ *
+ * <-- Tell libpolkit-grant about grant details, e.g.
+ * {self,admin}_{,keep_session,keep_always} +
+ * what users can authenticate using stdout
+ *
+ * Receive grant details on stdin.
+ * Caller prepares UI dialog depending
+ * on grant details.
+ *
+ * if admin_users is not empty, wait for
+ * user name of admin user to auth on stdin
+ *
+ * if admin_users is not empty, write
+ * user name of admin user to auth on stdout -->
+ *
+ *
+ * verify that given username is
+ * in admin_users
+ *
+ *
+ * Spawn polkit-grant-helper-pam
+ * with no args -->
+ *
+ * Write username to auth as
+ * on stdout -->
+ *
+ * Receive username on stdin.
+ * Start the PAM stack
+ * auth_in_progess:
+ * Write a PAM request on stdout, one off
+ * - PAM_PROMPT_ECHO_OFF
+ * - PAM_PROMPT_ECHO_ON
+ * - PAM_ERROR_MSG
+ * - PAM_TEXT_INFO
+ *
+ * Receive PAM request on stdin.
+ * Send it to libpolkit-grant on stdout
+ *
+ * Receive PAM request on stdin.
+ * Program deals with it.
+ * Write reply on stdout
+ *
+ * Receive PAM reply on stdin
+ * Send PAM reply on stdout
+ *
+ * Deal with PAM reply on stdin.
+ * Now either
+ * - GOTO auth_in_progress; or
+ * - Write SUCCESS|FAILURE on stdout and then
+ * die
+ *
+ * Receive either SUCCESS or
+ * FAILURE on stdin. If FAILURE
+ * is received, then die with exit
+ * code 1. If SUCCESS, leave a cookie
+ * in /var/{lib,run}/PolicyKit indicating
+ * the grant was successful and die with
+ * exit code 0
+ *
+ *
+ * If auth fails, we exit with code 1.
+ * If input is not valid we exit with code 2.
+ * If any other error occur we exit with code 3
+ * If privilege was granted, we exit code 0.
+ */
+
+
+/**
+ * do_auth:
+ *
+ * the authentication itself is done via a setuid root helper; this is
+ * to make the code running as uid 0 easier to audit.
+ *
+ */
+static polkit_bool_t
+do_auth (const char *user_to_auth)
+{
+ int helper_pid;
+ int helper_stdin;
+ int helper_stdout;
+ GError *g_error;
+ char *helper_argv[2] = {PACKAGE_LIBEXEC_DIR "/polkit-grant-helper-pam", NULL};
+ char buf[256];
+ FILE *child_stdin;
+ FILE *child_stdout;
+ gboolean ret;
+
+ child_stdin = NULL;
+ child_stdout = NULL;
+ ret = FALSE;
+
+ g_error = NULL;
+ if (!g_spawn_async_with_pipes (NULL,
+ (char **) helper_argv,
+ NULL,
+ 0,
+ NULL,
+ NULL,
+ &helper_pid,
+ &helper_stdin,
+ &helper_stdout,
+ NULL,
+ &g_error)) {
+ fprintf (stderr, "polkit-grant-helper: cannot spawn helper: %s\n", g_error->message);
+ g_error_free (g_error);
+ g_free (helper_argv[1]);
+ goto out;
+ }
+
+ child_stdin = fdopen (helper_stdin, "w");
+ if (child_stdin == NULL) {
+ fprintf (stderr, "polkit-grant-helper: fdopen (helper_stdin) failed: %s\n", strerror (errno));
+ goto out;
+ }
+ child_stdout = fdopen (helper_stdout, "r");
+ if (child_stdout == NULL) {
+ fprintf (stderr, "polkit-grant-helper: fdopen (helper_stdout) failed: %s\n", strerror (errno));
+ goto out;
+ }
+
+ /* First, tell the pam helper what user we wish to auth */
+ fprintf (child_stdin, "%s\n", user_to_auth);
+ fflush (child_stdin);
+
+ /* now act as middle man between our parent and our child */
+
+ while (TRUE) {
+ /* read from child */
+ if (fgets (buf, sizeof buf, child_stdout) == NULL)
+ goto out;
+#ifdef PGH_DEBUG
+ fprintf (stderr, "received: '%s' from child; sending to parent\n", buf);
+#endif /* PGH_DEBUG */
+ /* see if we're done? */
+ if (strcmp (buf, "SUCCESS\n") == 0) {
+ ret = TRUE;
+ goto out;
+ }
+ if (strcmp (buf, "FAILURE\n") == 0) {
+ goto out;
+ }
+ /* send to parent */
+ fprintf (stdout, buf);
+ fflush (stdout);
+
+ /* read from parent */
+ if (fgets (buf, sizeof buf, stdin) == NULL)
+ goto out;
+
+#ifdef PGH_DEBUG
+ fprintf (stderr, "received: '%s' from parent; sending to child\n", buf);
+#endif /* PGH_DEBUG */
+ /* send to child */
+ fprintf (child_stdin, buf);
+ fflush (child_stdin);
+ }
+
+out:
+ if (child_stdin != NULL)
+ fclose (child_stdin);
+ if (child_stdout != NULL)
+ fclose (child_stdout);
+ return ret;
+}
+
+/**
+ * verify_with_polkit:
+ * @caller: the caller
+ * @action: the action
+ * @out_result: return location for result AKA how the user can auth
+ * @out_admin_users: return location for a NULL-terminated array of
+ * strings that can be user to auth as admin. Is set to NULL if the
+ * super user (e.g. uid 0) should be user to auth as admin.
+ *
+ * Verify that the given caller can authenticate to gain a privilege
+ * to do the given action. If the authentication requires
+ * administrator privileges, also return a list of users that can be
+ * used to do this cf. the <define_admin_auth/> element in the
+ * configuration file; see the PolicyKit.conf(5) manual page for
+ * details.
+ *
+ * Returns: #TRUE if, and only if, the given caller can authenticate to
+ * gain a privilege to do the given action.
+ */
+static polkit_bool_t
+verify_with_polkit (PolKitContext *pol_ctx,
+ PolKitCaller *caller,
+ PolKitAction *action,
+ PolKitResult *out_result,
+ char ***out_admin_users)
+{
+ PolKitError *pk_error;
+
+ pk_error = NULL;
+ *out_result = polkit_context_is_caller_authorized (pol_ctx, action, caller, FALSE, &pk_error);
+ if (polkit_error_is_set (pk_error)) {
+ fprintf (stderr, "polkit-grant-helper: cannot determine if caller is authorized: %s: %s\n",
+ polkit_error_get_error_name (pk_error),
+ polkit_error_get_error_message (pk_error));
+ polkit_error_free (pk_error);
+ goto error;
+ }
+
+ if (*out_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT &&
+ *out_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH &&
+ *out_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION &&
+ *out_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS &&
+ *out_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT &&
+ *out_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH &&
+ *out_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION &&
+ *out_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS) {
+ fprintf (stderr, "polkit-grant-helper: given auth type (%d -> %s) is bogus\n",
+ *out_result, polkit_result_to_string_representation (*out_result));
+ goto error;
+ }
+
+ *out_admin_users = NULL;
+
+ /* for admin auth, get a list of users that can be used - this is basically evaluating the
+ * <define_admin_auth/> directives in the config file...
+ */
+ if (*out_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT ||
+ *out_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH ||
+ *out_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION ||
+ *out_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS) {
+ PolKitConfig *pk_config;
+ PolKitConfigAdminAuthType admin_auth_type;
+ const char *admin_auth_data;
+
+ pk_config = polkit_context_get_config (pol_ctx, NULL);
+ /* if the configuration file is malformed, bail out */
+ if (pk_config == NULL)
+ goto error;
+
+ if (polkit_config_determine_admin_auth_type (pk_config,
+ action,
+ caller,
+ &admin_auth_type,
+ &admin_auth_data)) {
+#ifdef PGH_DEBUG
+ fprintf (stderr, "polkit-grant-helper: admin_auth_type=%d data='%s'\n", admin_auth_type, admin_auth_data);
+#endif /* PGH_DEBUG */
+ switch (admin_auth_type) {
+ case POLKIT_CONFIG_ADMIN_AUTH_TYPE_USER:
+ if (admin_auth_data != NULL)
+ *out_admin_users = g_strsplit (admin_auth_data, "|", 0);
+ break;
+ case POLKIT_CONFIG_ADMIN_AUTH_TYPE_GROUP:
+ if (admin_auth_data != NULL) {
+ int n;
+ char **groups;
+ GSList *i;
+ GSList *users;
+
+
+ users = NULL;
+ groups = g_strsplit (admin_auth_data, "|", 0);
+ for (n = 0; groups[n] != NULL; n++) {
+ int m;
+ struct group *group;
+
+ /* This is fine; we're a single-threaded app */
+ if ((group = getgrnam (groups[n])) == NULL)
+ continue;
+
+ for (m = 0; group->gr_mem[m] != NULL; m++) {
+ const char *user;
+ gboolean found;
+
+ user = group->gr_mem[m];
+ found = FALSE;
+
+#ifdef PGH_DEBUG
+ fprintf (stderr, "polkit-grant-helper: examining member '%s' of group '%s'\n", user, groups[n]);
+#endif /* PGH_DEBUG */
+
+ /* skip user 'root' since he is often member of 'wheel' etc. */
+ if (strcmp (user, "root") == 0)
+ continue;
+ /* TODO: we should probably only consider users with an uid
+ * in a given "safe" range, e.g. between 500 and 32000 or
+ * something like that...
+ */
+
+ for (i = users; i != NULL; i = g_slist_next (i)) {
+ if (strcmp (user, (const char *) i->data) == 0) {
+ found = TRUE;
+ break;
+ }
+ }
+ if (found)
+ continue;
+
+#ifdef PGH_DEBUG
+ fprintf (stderr, "polkit-grant-helper: added user '%s'\n", user);
+#endif /* PGH_DEBUG */
+
+ users = g_slist_prepend (users, g_strdup (user));
+ }
+
+ }
+ g_strfreev (groups);
+
+ users = g_slist_sort (users, (GCompareFunc) strcmp);
+
+ *out_admin_users = g_new0 (char *, g_slist_length (users) + 1);
+ for (i = users, n = 0; i != NULL; i = g_slist_next (i)) {
+ (*out_admin_users)[n++] = i->data;
+ }
+
+ g_slist_free (users);
+ }
+ break;
+ }
+ }
+ }
+
+
+ /* TODO: we should probably clean up */
+
+ return TRUE;
+error:
+ return FALSE;
+}
+
+static polkit_bool_t
+get_and_validate_override_details (PolKitResult *result)
+{
+ char buf[256];
+ char *textual_result;
+ PolKitResult desired_result;
+
+ if (fgets (buf, sizeof buf, stdin) == NULL)
+ goto error;
+ if (strlen (buf) > 0 &&
+ buf[strlen (buf) - 1] == '\n')
+ buf[strlen (buf) - 1] = '\0';
+
+ if (strncmp (buf,
+ "POLKIT_GRANT_CALLER_PASS_OVERRIDE_GRANT_TYPE ",
+ sizeof "POLKIT_GRANT_CALLER_PASS_OVERRIDE_GRANT_TYPE " - 1) != 0) {
+ goto error;
+ }
+ textual_result = buf + sizeof "POLKIT_GRANT_CALLER_PASS_OVERRIDE_GRANT_TYPE " - 1;
+
+#ifdef PGH_DEBUG
+ fprintf (stderr, "polkit-grant-helper: caller said '%s'\n", textual_result);
+#endif /* PGH_DEBUG */
+
+ if (!polkit_result_from_string_representation (textual_result, &desired_result))
+ goto error;
+
+#ifdef PGH_DEBUG
+ fprintf (stderr, "polkit-grant-helper: testing for voluntarily downgrade from '%s' to '%s'\n",
+ polkit_result_to_string_representation (*result),
+ polkit_result_to_string_representation (desired_result));
+#endif /* PGH_DEBUG */
+
+ /* See the huge comment in main() below...
+ *
+ * it comes down to this... users can only choose a more restricted granting type...
+ */
+ switch (*result) {
+ case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT:
+ if (desired_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT)
+ goto error;
+ break;
+ case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH:
+ if (desired_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT &&
+ desired_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH)
+ goto error;
+ break;
+ case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION:
+ if (desired_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT &&
+ desired_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH &&
+ desired_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION)
+ goto error;
+ break;
+ case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS:
+ if (desired_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT &&
+ desired_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH &&
+ desired_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION &&
+ desired_result != POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS)
+ goto error;
+ break;
+
+ case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT:
+ if (desired_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT)
+ goto error;
+ break;
+ case POLKIT_RESULT_ONLY_VIA_SELF_AUTH:
+ if (desired_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT &&
+ desired_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH)
+ goto error;
+ break;
+ case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION:
+ if (desired_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT &&
+ desired_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH &&
+ desired_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION)
+ goto error;
+ break;
+ case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS:
+ if (desired_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT &&
+ desired_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH &&
+ desired_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION &&
+ desired_result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS)
+ goto error;
+ break;
+
+ default:
+ /* we should never reach this */
+ goto error;
+ }
+
+#ifdef PGH_DEBUG
+ if (*result != desired_result) {
+ fprintf (stderr, "polkit-grant-helper: voluntarily downgrading from '%s' to '%s'\n",
+ polkit_result_to_string_representation (*result),
+ polkit_result_to_string_representation (desired_result));
+ }
+#endif /* PGH_DEBUG */
+
+ *result = desired_result;
+
+ return TRUE;
+error:
+ return FALSE;
+}
+
+int
+main (int argc, char *argv[])
+{
+ int ret;
+ uid_t invoking_user_id;
+ pid_t caller_pid;
+ gid_t egid;
+ struct group *group;
+ char *endp;
+ const char *invoking_user_name;
+ const char *action_name;
+ PolKitResult result;
+ const char *user_to_auth;
+ uid_t uid_of_user_to_auth;
+ char *session_objpath;
+ struct passwd *pw;
+ polkit_bool_t dbres;
+ char **admin_users;
+ DBusError error;
+ DBusConnection *bus;
+ PolKitContext *context;
+ PolKitAction *action;
+ PolKitCaller *caller;
+ uid_t caller_uid;
+ PolKitSession *session;
+
+ ret = 3;
+
+ /* clear the entire environment to avoid attacks using with libraries honoring environment variables */
+ if (clearenv () != 0)
+ goto out;
+ /* set a minimal environment */
+ setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
+
+ openlog ("polkit-grant-helper", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
+
+ /* check for correct invocation */
+ if (argc != 3) {
+ syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
+ fprintf (stderr, "polkit-grant-helper: wrong number of arguments. This incident has been logged.\n");
+ goto out;
+ }
+
+ /* check we're running with a non-tty stdin */
+ if (isatty (STDIN_FILENO) != 0) {
+ syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ());
+ fprintf (stderr, "polkit-grant-helper: inappropriate use of helper, stdin is a tty. This incident has been logged.\n");
+ goto out;
+ }
+
+ /* check user */
+ invoking_user_id = getuid ();
+ if (invoking_user_id == 0) {
+ fprintf (stderr, "polkit-grant-helper: it only makes sense to run polkit-grant-helper as non-root\n");
+ goto out;
+ }
+
+ /* check that we are setgid polkituser */
+ egid = getegid ();
+ group = getgrgid (egid);
+ if (group == NULL) {
+ fprintf (stderr, "polkit-grant-helper: cannot lookup group info for gid %d\n", egid);
+ goto out;
+ }
+ if (strcmp (group->gr_name, POLKIT_GROUP) != 0) {
+ fprintf (stderr, "polkit-grant-helper: needs to be setgid " POLKIT_GROUP "\n");
+ goto out;
+ }
+
+ pw = getpwuid (invoking_user_id);
+ if (pw == NULL) {
+ fprintf (stderr, "polkit-grant-helper: cannot lookup passwd info for uid %d\n", invoking_user_id);
+ goto out;
+ }
+ invoking_user_name = strdup (pw->pw_name);
+ if (invoking_user_name == NULL) {
+ fprintf (stderr, "polkit-grant-helper: OOM allocating memory for invoking user name\n");
+ goto out;
+ }
+
+ caller_pid = strtol (argv[1], &endp, 10);
+ if (endp == NULL || endp == argv[1] || *endp != '\0') {
+ fprintf (stderr, "polkit-grant-helper: cannot parse pid\n");
+ goto out;
+ }
+ action_name = argv[2];
+
+#ifdef PGH_DEBUG
+ fprintf (stderr, "polkit-grant-helper: invoking user = %d ('%s')\n", invoking_user_id, invoking_user_name);
+ fprintf (stderr, "polkit-grant-helper: caller_pid = %d\n", caller_pid);
+ fprintf (stderr, "polkit-grant-helper: action_name = '%s'\n", action_name);
+#endif /* PGH_DEBUG */
+
+ ret = 2;
+
+ context = polkit_context_new ();
+ if (!polkit_context_init (context, NULL)) {
+ fprintf (stderr, "polkit-grant-helper: cannot initialize polkit\n");
+ goto out;
+ }
+
+ action = polkit_action_new ();
+ polkit_action_set_action_id (action, action_name);
+
+ dbus_error_init (&error);
+ bus = dbus_bus_get (DBUS_BUS_SYSTEM, &error);
+ if (bus == NULL) {
+ fprintf (stderr, "polkit-grant-helper: cannot connect to system bus: %s: %s\n",
+ error.name, error.message);
+ dbus_error_free (&error);
+ goto out;
+ }
+
+ caller = polkit_caller_new_from_pid (bus, caller_pid, &error);
+ if (caller == NULL) {
+ fprintf (stderr, "polkit-grant-helper: cannot get caller from pid: %s: %s\n",
+ error.name, error.message);
+ goto out;
+ }
+ if (!polkit_caller_get_uid (caller, &caller_uid)) {
+ fprintf (stderr, "polkit-grant-helper: no uid for caller\n");
+ goto out;
+ }
+ if (!polkit_caller_get_ck_session (caller, &session)) {
+ fprintf (stderr, "polkit-grant-helper: caller is not in a session\n");
+ goto out;
+ }
+ if (!polkit_session_get_ck_objref (session, &session_objpath)) {
+ fprintf (stderr, "polkit-grant-helper: caller is not in a session\n");
+ goto out;
+ }
+
+ /* Use libpolkit to
+ *
+ * - figure out if the caller can really auth to do the action
+ * - learn what ConsoleKit session the caller belongs to
+ */
+ if (!verify_with_polkit (context, caller, action, &result, &admin_users))
+ goto out;
+
+#ifdef PGH_DEBUG
+ if (admin_users != NULL) {
+ int n;
+ fprintf (stderr, "polkit-grant-helper: admin_users: ");
+ for (n = 0; admin_users[n] != NULL; n++)
+ fprintf (stderr, "'%s' ", admin_users[n]);
+ fprintf (stderr, "\n");
+ }
+#endif /* PGH_DEBUG */
+
+#ifdef PGH_DEBUG
+ fprintf (stderr, "polkit-grant-helper: polkit result = '%s'\n",
+ polkit_result_to_string_representation (result));
+ fprintf (stderr, "polkit-grant-helper: session_objpath = '%s'\n", session_objpath);
+#endif /* PGH_DEBUG */
+
+ /* tell the caller about the grant details; e.g. whether
+ * it's auth_self_keep_always or auth_self etc.
+ */
+ fprintf (stdout, "POLKIT_GRANT_HELPER_TELL_TYPE %s\n",
+ polkit_result_to_string_representation (result));
+ fflush (stdout);
+
+ /* if admin auth is required, tell caller about possible users */
+ if (admin_users != NULL) {
+ int n;
+ fprintf (stdout, "POLKIT_GRANT_HELPER_TELL_ADMIN_USERS");
+ for (n = 0; admin_users[n] != NULL; n++)
+ fprintf (stdout, " %s", admin_users[n]);
+ fprintf (stdout, "\n");
+ fflush (stdout);
+ }
+
+
+ /* wait for libpolkit-grant to tell us what user to use */
+ if (admin_users != NULL) {
+ int n;
+ char buf[256];
+
+#ifdef PGH_DEBUG
+ fprintf (stderr, "waiting for admin user name...\n");
+#endif /* PGH_DEBUG */
+
+ /* read from parent */
+ if (fgets (buf, sizeof buf, stdin) == NULL)
+ goto out;
+ if (strlen (buf) > 0 && buf[strlen (buf) - 1] == '\n')
+ buf[strlen (buf) - 1] = '\0';
+
+ if (strncmp (buf,
+ "POLKIT_GRANT_CALLER_SELECT_ADMIN_USER ",
+ sizeof "POLKIT_GRANT_CALLER_SELECT_ADMIN_USER " - 1) != 0) {
+ goto out;
+ }
+
+ user_to_auth = strdup (buf) + sizeof "POLKIT_GRANT_CALLER_SELECT_ADMIN_USER " - 1;
+#ifdef PGH_DEBUG
+ fprintf (stderr, "libpolkit-grant wants to auth as '%s'\n", user_to_auth);
+#endif /* PGH_DEBUG */
+
+ /* now sanity check that returned user is actually in admin_users */
+ for (n = 0; admin_users[n] != NULL; n++) {
+ if (strcmp (admin_users[n], user_to_auth) == 0)
+ break;
+ }
+ if (admin_users[n] == NULL) {
+ ret = 2;
+ goto out;
+ }
+
+ } else {
+ /* figure out what user to auth */
+ if (result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT ||
+ result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH ||
+ result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION ||
+ result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS) {
+ user_to_auth = "root";
+ } else {
+ user_to_auth = invoking_user_name;
+ }
+ }
+
+ if (strcmp (user_to_auth, "root") == 0) {
+ uid_of_user_to_auth = 0;
+ } else {
+ struct passwd *passwd;
+
+ passwd = getpwnam (user_to_auth);
+ if (passwd == NULL) {
+ fprintf (stderr, "polkit-grant-helper: can not look up uid for user '%s'\n", user_to_auth);
+ goto out;
+ }
+ uid_of_user_to_auth = passwd->pw_uid;
+ }
+
+ ret = 1;
+
+ /* Start authentication */
+ if (!do_auth (user_to_auth)) {
+ goto out;
+ }
+
+ /* Ask caller if he want to slim down grant type... e.g. he
+ * might want to go from auth_self_keep_always to
+ * auth_self_keep_session..
+ *
+ * See docs for the PolKitGrantOverrideGrantType callback type
+ * for use cases; it's in polkit-grant/polkit-grant.h
+ */
+ fprintf (stdout, "POLKIT_GRANT_HELPER_ASK_OVERRIDE_GRANT_TYPE %s\n",
+ polkit_result_to_string_representation (result));
+ fflush (stdout);
+
+ if (!get_and_validate_override_details (&result)) {
+ /* if this fails it means bogus input from user */
+ ret = 2;
+ goto out;
+ }
+
+#ifdef PGH_DEBUG
+ fprintf (stderr, "polkit-grant-helper: adding grant: action_id=%s session_id=%s pid=%d result='%s'\n",
+ action_name, session_objpath, caller_pid, polkit_result_to_string_representation (result));
+#endif /* PGH_DEBUG */
+
+ /* make sure write permissions for group is honored */
+ umask (002);
+
+ switch (result) {
+ case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT:
+ case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT:
+ dbres = polkit_authorization_db_add_entry_process_one_shot (polkit_context_get_authorization_db (context),
+ action,
+ caller,
+ uid_of_user_to_auth);
+ if (dbres) {
+ syslog (LOG_INFO, "granted one shot authorization for %s to pid %d [uid=%d] [auth=%s]",
+ action_name, caller_pid, invoking_user_id, user_to_auth);
+ }
+ break;
+
+ case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH:
+ case POLKIT_RESULT_ONLY_VIA_SELF_AUTH:
+ dbres = polkit_authorization_db_add_entry_process (polkit_context_get_authorization_db (context),
+ action,
+ caller,
+ uid_of_user_to_auth);
+ if (dbres) {
+ syslog (LOG_INFO, "granted authorization for %s to pid %d [uid=%d] [auth=%s]",
+ action_name, caller_pid, invoking_user_id, user_to_auth);
+ }
+ break;
+
+ case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION:
+ case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION:
+ dbres = polkit_authorization_db_add_entry_session (polkit_context_get_authorization_db (context),
+ action,
+ caller,
+ uid_of_user_to_auth);
+
+ if (dbres) {
+ syslog (LOG_INFO, "granted authorization for %s to session %s [uid=%d] [auth=%s]",
+ action_name, session_objpath, invoking_user_id, user_to_auth);
+ }
+ break;
+
+ case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS:
+ case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS:
+ dbres = polkit_authorization_db_add_entry_always (polkit_context_get_authorization_db (context),
+ action,
+ caller,
+ uid_of_user_to_auth);
+ if (dbres) {
+ syslog (LOG_INFO, "granted authorization for %s to uid %d [auth=%s]",
+ action_name, caller_uid, user_to_auth);
+ }
+ break;
+
+ default:
+ /* should never happen */
+ goto out;
+ }
+
+ if (!dbres) {
+ fprintf (stderr, "polkit-grant-helper: failed to write to grantdb\n");
+ goto out;
+ }
+
+ ret = 0;
+out:
+#ifdef PGH_DEBUG
+ fprintf (stderr, "polkit-grant-helper: exiting with code %d\n", ret);
+#endif /* PGH_DEBUG */
+ return ret;
+}
diff --git a/src/polkit-grant/polkit-grant.c b/src/polkit-grant/polkit-grant.c
new file mode 100644
index 0000000..0e7a43d
--- /dev/null
+++ b/src/polkit-grant/polkit-grant.c
@@ -0,0 +1,538 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-grant.c : library for obtaining privileges
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include <sys/wait.h>
+
+#include <glib.h>
+#include "polkit-grant.h"
+
+/**
+ * SECTION:polkit-grant
+ * @title: Authorizations and Authentication
+ * @short_description: Obtain authorizations through
+ * authentication.
+ *
+ * These functions are used to obtain authorizations for a user that
+ * is able to successfully authenticate. It is only useful for people
+ * writing user interfaces that interfaces with the end user.
+ *
+ * All of these functions are in the
+ * <literal>libpolkit-grant</literal> library.
+ **/
+
+/**
+ * PolKitGrant:
+ *
+ * Objects of this class are used to obtain authorizations for a user
+ * that is able to successfully authenticate. It is only useful for
+ * people writing user interfaces that interfaces with the end user.
+ *
+ * All of these functions are in the
+ * <literal>libpolkit-grant</literal> library.
+ **/
+struct _PolKitGrant
+{
+ int refcount;
+
+ PolKitGrantAddIOWatch func_add_io_watch;
+ PolKitGrantAddChildWatch func_add_child_watch;
+ PolKitGrantRemoveWatch func_remove_watch;
+ PolKitGrantType func_type;
+ PolKitGrantSelectAdminUser func_select_admin_user;
+ PolKitGrantConversationPromptEchoOff func_prompt_echo_off;
+ PolKitGrantConversationPromptEchoOn func_prompt_echo_on;
+ PolKitGrantConversationErrorMessage func_error_message;
+ PolKitGrantConversationTextInfo func_text_info;
+ PolKitGrantOverrideGrantType func_override_grant_type;
+ PolKitGrantDone func_done;
+ void *user_data;
+
+ int child_stdin;
+ int child_stdout;
+ GPid child_pid;
+ FILE *child_stdout_f;
+
+ int child_watch_id;
+ int io_watch_id;
+
+ gboolean success;
+ gboolean helper_is_running;
+};
+
+/**
+ * polkit_grant_new:
+ *
+ * Creates a #PolKitGrant object.
+ *
+ * This function is in <literal>libpolkit-grant</literal>.
+ *
+ * Returns: the new object or #NULL if the authorization backend
+ * doesn't support obtaining authorizations through authentication.
+ **/
+PolKitGrant *
+polkit_grant_new (void)
+{
+ PolKitGrant *polkit_grant;
+
+ if (! (polkit_authorization_db_get_capabilities () & POLKIT_AUTHORIZATION_DB_CAPABILITY_CAN_OBTAIN))
+ return NULL;
+
+ polkit_grant = g_new0 (PolKitGrant, 1);
+ polkit_grant->refcount = 1;
+ return polkit_grant;
+}
+
+/**
+ * polkit_grant_ref:
+ * @polkit_grant: the object
+ *
+ * Increase reference count.
+ *
+ * This function is in <literal>libpolkit-grant</literal>.
+ *
+ * Returns: the object.
+ **/
+PolKitGrant *
+polkit_grant_ref (PolKitGrant *polkit_grant)
+{
+ g_return_val_if_fail (polkit_grant != NULL, NULL);
+
+ polkit_grant->refcount++;
+ return polkit_grant;
+}
+
+/**
+ * polkit_grant_unref:
+ * @polkit_grant: the object
+ *
+ * Decreases the reference count of the object. If it becomes zero,
+ * the object is freed. Before freeing, reference counts on embedded
+ * objects are decresed by one.
+ *
+ * This function is in <literal>libpolkit-grant</literal>.
+ **/
+void
+polkit_grant_unref (PolKitGrant *polkit_grant)
+{
+ g_return_if_fail (polkit_grant != NULL);
+
+ polkit_grant->refcount--;
+ if (polkit_grant->refcount > 0)
+ return;
+
+ if (polkit_grant->io_watch_id > 0) {
+ polkit_grant->func_remove_watch (polkit_grant, polkit_grant->io_watch_id);
+ }
+ if (polkit_grant->child_watch_id > 0) {
+ polkit_grant->func_remove_watch (polkit_grant, polkit_grant->child_watch_id);
+ }
+ if (polkit_grant->child_pid > 0) {
+ int status;
+ kill (polkit_grant->child_pid, SIGTERM);
+ waitpid (polkit_grant->child_pid, &status, 0);
+ }
+ if (polkit_grant->child_stdout_f != NULL) {
+ fclose (polkit_grant->child_stdout_f);
+ }
+ if (polkit_grant->child_stdout >= 0) {
+ close (polkit_grant->child_stdout);
+ }
+ if (polkit_grant->child_stdin >= 0) {
+ close (polkit_grant->child_stdin);
+ }
+
+ g_free (polkit_grant);
+}
+
+/**
+ * polkit_grant_set_functions:
+ * @polkit_grant: the object
+ * @func_add_io_watch: Callback function
+ * @func_add_child_watch: Callback function
+ * @func_remove_watch: Callback function
+ * @func_type: Callback function
+ * @func_select_admin_user: Callback function
+ * @func_prompt_echo_off: Callback function
+ * @func_prompt_echo_on: Callback function
+ * @func_error_message: Callback function
+ * @func_text_info: Callback function
+ * @func_override_grant_type: Callback function
+ * @func_done: Callback function
+ * @user_data: User data that will be passed to the callback functions.
+ *
+ * Set callback functions used for authentication.
+ *
+ * This function is in <literal>libpolkit-grant</literal>.
+ **/
+void
+polkit_grant_set_functions (PolKitGrant *polkit_grant,
+ PolKitGrantAddIOWatch func_add_io_watch,
+ PolKitGrantAddChildWatch func_add_child_watch,
+ PolKitGrantRemoveWatch func_remove_watch,
+ PolKitGrantType func_type,
+ PolKitGrantSelectAdminUser func_select_admin_user,
+ PolKitGrantConversationPromptEchoOff func_prompt_echo_off,
+ PolKitGrantConversationPromptEchoOn func_prompt_echo_on,
+ PolKitGrantConversationErrorMessage func_error_message,
+ PolKitGrantConversationTextInfo func_text_info,
+ PolKitGrantOverrideGrantType func_override_grant_type,
+ PolKitGrantDone func_done,
+ void *user_data)
+{
+ g_return_if_fail (polkit_grant != NULL);
+ g_return_if_fail (func_add_io_watch != NULL);
+ g_return_if_fail (func_add_child_watch != NULL);
+ g_return_if_fail (func_remove_watch != NULL);
+ g_return_if_fail (func_type != NULL);
+ g_return_if_fail (func_select_admin_user != NULL);
+ g_return_if_fail (func_prompt_echo_off != NULL);
+ g_return_if_fail (func_prompt_echo_on != NULL);
+ g_return_if_fail (func_error_message != NULL);
+ g_return_if_fail (func_text_info != NULL);
+ g_return_if_fail (func_override_grant_type != NULL);
+ polkit_grant->func_add_io_watch = func_add_io_watch;
+ polkit_grant->func_add_child_watch = func_add_child_watch;
+ polkit_grant->func_remove_watch = func_remove_watch;
+ polkit_grant->func_type = func_type;
+ polkit_grant->func_select_admin_user = func_select_admin_user;
+ polkit_grant->func_prompt_echo_off = func_prompt_echo_off;
+ polkit_grant->func_prompt_echo_on = func_prompt_echo_on;
+ polkit_grant->func_error_message = func_error_message;
+ polkit_grant->func_text_info = func_text_info;
+ polkit_grant->func_override_grant_type = func_override_grant_type;
+ polkit_grant->func_done = func_done;
+ polkit_grant->user_data = user_data;
+}
+
+
+/**
+ * polkit_grant_child_func:
+ * @polkit_grant: the object
+ * @pid: pid of the child
+ * @exit_code: exit code of the child
+ *
+ * Method that the application must call when a child process
+ * registered with the supplied function of type
+ * #PolKitGrantAddChildWatch terminates.
+ *
+ * This function is in <literal>libpolkit-grant</literal>.
+ **/
+void
+polkit_grant_child_func (PolKitGrant *polkit_grant, pid_t pid, int exit_code)
+{
+ int status;
+ polkit_bool_t input_was_bogus;
+
+ g_return_if_fail (polkit_grant != NULL);
+ g_return_if_fail (polkit_grant->helper_is_running);
+
+ /* g_debug ("pid %d terminated", pid); */
+ waitpid (pid, &status, 0);
+
+ if (exit_code >= 2)
+ input_was_bogus = TRUE;
+ else
+ input_was_bogus = FALSE;
+
+ polkit_grant->success = (exit_code == 0);
+ polkit_grant->helper_is_running = FALSE;
+ polkit_grant->func_done (polkit_grant, polkit_grant->success, input_was_bogus, polkit_grant->user_data);
+}
+
+
+/**
+ * polkit_grant_io_func:
+ * @polkit_grant: the object
+ * @fd: the file descriptor passed to the supplied function of type #PolKitGrantAddIOWatch.
+ *
+ * Method that the application must call when there is data to read
+ * from a file descriptor registered with the supplied function of
+ * type #PolKitGrantAddIOWatch.
+ *
+ * This function is in <literal>libpolkit-grant</literal>.
+ **/
+void
+polkit_grant_io_func (PolKitGrant *polkit_grant, int fd)
+{
+ char *line = NULL;
+ size_t line_len = 0;
+ char *id;
+ size_t id_len;
+ char *response;
+ char *response_prefix;
+
+ g_return_if_fail (polkit_grant != NULL);
+ g_return_if_fail (polkit_grant->helper_is_running);
+
+ while (getline (&line, &line_len, polkit_grant->child_stdout_f) != -1) {
+ if (strlen (line) > 0 &&
+ line[strlen (line) - 1] == '\n')
+ line[strlen (line) - 1] = '\0';
+
+ response = NULL;
+ response_prefix = NULL;
+
+ id = "PAM_PROMPT_ECHO_OFF ";
+ if (g_str_has_prefix (line, id)) {
+ id_len = strlen (id);
+ response_prefix = "";
+ response = polkit_grant->func_prompt_echo_off (polkit_grant,
+ line + id_len,
+ polkit_grant->user_data);
+ goto processed;
+ }
+
+ id = "PAM_PROMPT_ECHO_ON ";
+ if (g_str_has_prefix (line, id)) {
+ id_len = strlen (id);
+ response_prefix = "";
+ response = polkit_grant->func_prompt_echo_on (polkit_grant,
+ line + id_len,
+ polkit_grant->user_data);
+ goto processed;
+ }
+
+ id = "PAM_ERROR_MSG ";
+ if (g_str_has_prefix (line, id)) {
+ id_len = strlen (id);
+ polkit_grant->func_error_message (polkit_grant,
+ line + id_len,
+ polkit_grant->user_data);
+ goto processed;
+ }
+
+ id = "PAM_TEXT_INFO ";
+ if (g_str_has_prefix (line, id)) {
+ id_len = strlen (id);
+ polkit_grant->func_text_info (polkit_grant,
+ line + id_len,
+ polkit_grant->user_data);
+ goto processed;
+ }
+
+ id = "POLKIT_GRANT_HELPER_TELL_TYPE ";
+ if (g_str_has_prefix (line, id)) {
+ PolKitResult result;
+ char *result_textual;
+
+ id_len = strlen (id);
+ result_textual = line + id_len;
+ if (!polkit_result_from_string_representation (result_textual, &result)) {
+ /* TODO: danger will robinson */
+ }
+
+ polkit_grant->func_type (polkit_grant,
+ result,
+ polkit_grant->user_data);
+ goto processed;
+ }
+
+ id = "POLKIT_GRANT_HELPER_TELL_ADMIN_USERS ";
+ if (g_str_has_prefix (line, id)) {
+ char **admin_users;
+
+ id_len = strlen (id);
+ admin_users = g_strsplit (line + id_len, " ", 0);
+
+ response_prefix = "POLKIT_GRANT_CALLER_SELECT_ADMIN_USER ";
+ response = polkit_grant->func_select_admin_user (polkit_grant,
+ admin_users,
+ polkit_grant->user_data);
+ g_strfreev (admin_users);
+
+ goto processed;
+ }
+
+ id = "POLKIT_GRANT_HELPER_ASK_OVERRIDE_GRANT_TYPE ";
+ if (g_str_has_prefix (line, id)) {
+ PolKitResult override;
+ PolKitResult result;
+ id_len = strlen (id);
+ if (!polkit_result_from_string_representation (line + id_len, &result)) {
+ /* TODO: danger will robinson */
+ }
+ override = polkit_grant->func_override_grant_type (polkit_grant,
+ result,
+ polkit_grant->user_data);
+ response_prefix = "POLKIT_GRANT_CALLER_PASS_OVERRIDE_GRANT_TYPE ";
+ response = g_strdup (polkit_result_to_string_representation (override));
+ goto processed;
+ }
+
+ processed:
+ if (response != NULL && response_prefix != NULL) {
+ char *buf;
+ gboolean add_newline;
+
+ /* add a newline if there isn't one already... */
+ add_newline = FALSE;
+ if (response[strlen (response) - 1] != '\n') {
+ add_newline = TRUE;
+ }
+ buf = g_strdup_printf ("%s%s%c",
+ response_prefix,
+ response,
+ add_newline ? '\n' : '\0');
+ write (polkit_grant->child_stdin, buf, strlen (buf));
+ g_free (buf);
+ free (response);
+ }
+ }
+
+ if (line != NULL)
+ free (line);
+}
+
+/**
+ * polkit_grant_cancel_auth:
+ * @polkit_grant: the object
+ *
+ * Cancel an authentication in progress
+ *
+ * This function is in <literal>libpolkit-grant</literal>.
+ **/
+void
+polkit_grant_cancel_auth (PolKitGrant *polkit_grant)
+{
+ GPid pid;
+ g_return_if_fail (polkit_grant != NULL);
+ g_return_if_fail (polkit_grant->helper_is_running);
+
+ pid = polkit_grant->child_pid;
+ polkit_grant->child_pid = 0;
+ if (pid > 0) {
+ int status;
+ kill (pid, SIGTERM);
+ waitpid (pid, &status, 0);
+ polkit_grant->helper_is_running = FALSE;
+ }
+ polkit_grant->func_done (polkit_grant, FALSE, FALSE, polkit_grant->user_data);
+}
+
+/**
+ * polkit_grant_initiate_auth:
+ * @polkit_grant: the object
+ * @action: Action requested by caller
+ * @caller: Caller in question
+ *
+ * Initiate authentication to obtain the privilege for the given
+ * @caller to perform the specified @action. The caller of this method
+ * must have setup callback functions using the method
+ * polkit_grant_set_functions() prior to calling this method.
+ *
+ * Implementation-wise, this class uses a secure (e.g. as in that it
+ * checks all information and fundamenally don't trust the caller;
+ * e.g. the #PolKitGrant class) setgid helper that does all the heavy
+ * lifting.
+ *
+ * The caller of this method must iterate the mainloop context in
+ * order for authentication to make progress.
+ *
+ * This function is in <literal>libpolkit-grant</literal>.
+ *
+ * Returns: #TRUE only if authentication have been initiated.
+ **/
+polkit_bool_t
+polkit_grant_initiate_auth (PolKitGrant *polkit_grant,
+ PolKitAction *action,
+ PolKitCaller *caller)
+{
+ pid_t pid;
+ char *action_id;
+ GError *g_error;
+ char *helper_argv[4];
+
+ g_return_val_if_fail (polkit_grant != NULL, FALSE);
+ /* check that callback functions have been properly set up */
+ g_return_val_if_fail (polkit_grant->func_done != NULL, FALSE);
+
+ if (!polkit_caller_get_pid (caller, &pid))
+ goto error;
+
+ if (!polkit_action_get_action_id (action, &action_id))
+ goto error;
+
+ /* TODO: verify incoming args */
+
+ /* helper_argv[0] = "/home/davidz/Hacking/PolicyKit/polkit-grant/.libs/polkit-grant-helper"; */
+ helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-grant-helper";
+ helper_argv[1] = g_strdup_printf ("%d", pid);
+ helper_argv[2] = action_id;
+ helper_argv[3] = NULL;
+
+ polkit_grant->child_stdin = -1;
+ polkit_grant->child_stdout = -1;
+
+ g_error = NULL;
+ if (!g_spawn_async_with_pipes (NULL,
+ (char **) helper_argv,
+ NULL,
+ G_SPAWN_DO_NOT_REAP_CHILD |
+ 0,//G_SPAWN_STDERR_TO_DEV_NULL,
+ NULL,
+ NULL,
+ &polkit_grant->child_pid,
+ &polkit_grant->child_stdin,
+ &polkit_grant->child_stdout,
+ NULL,
+ &g_error)) {
+ fprintf (stderr, "Cannot spawn helper: %s.\n", g_error->message);
+ g_error_free (g_error);
+ g_free (helper_argv[1]);
+ goto error;
+ }
+ g_free (helper_argv[1]);
+
+ polkit_grant->child_watch_id = polkit_grant->func_add_child_watch (polkit_grant, polkit_grant->child_pid);
+ if (polkit_grant->child_watch_id == 0)
+ goto error;
+
+ polkit_grant->io_watch_id = polkit_grant->func_add_io_watch (polkit_grant, polkit_grant->child_stdout);
+ if (polkit_grant->io_watch_id == 0)
+ goto error;
+
+ /* so we can use getline... */
+ polkit_grant->child_stdout_f = fdopen (polkit_grant->child_stdout, "r");
+ if (polkit_grant->child_stdout_f == NULL)
+ goto error;
+
+ polkit_grant->success = FALSE;
+
+ polkit_grant->helper_is_running = TRUE;
+
+ return TRUE;
+error:
+ return FALSE;
+}
diff --git a/src/polkit-grant/polkit-grant.h b/src/polkit-grant/polkit-grant.h
new file mode 100644
index 0000000..2fdf6a4
--- /dev/null
+++ b/src/polkit-grant/polkit-grant.h
@@ -0,0 +1,369 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-grant.h : library for obtaining privileges
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#ifndef POLKIT_GRANT_H
+#define POLKIT_GRANT_H
+
+#include <polkit/polkit.h>
+
+POLKIT_BEGIN_DECLS
+
+struct _PolKitGrant;
+typedef struct _PolKitGrant PolKitGrant;
+
+/**
+ * PolKitGrantType:
+ * @polkit_grant: the grant object
+ * @grant_type: the current type of what privilege to obtain
+ * @user_data: user data pointed as passed into polkit_grant_set_functions()
+ *
+ * Type for callback function that describes to what extent the
+ * privilege can be obtained; e.g. whether the user can keep it
+ * (e.g. forever, for the session or not keep it at all).
+ *
+ * See also #PolKitGrantOverrideGrantType for discussion on the type
+ * of user interfaces one should put up depending on the value of
+ * @grant_type.
+ **/
+typedef void (*PolKitGrantType) (PolKitGrant *polkit_grant,
+ PolKitResult grant_type,
+ void *user_data);
+
+/**
+ * PolKitGrantSelectAdminUser:
+ * @polkit_grant: the grant object
+ * @admin_users: a NULL-terminated array of users that can be used for
+ * authentication for admin grants.
+ * @user_data: user data pointed as passed into polkit_grant_set_functions()
+ *
+ * Type for callback function that describes the possible users that
+ * can be chosen for authentication when administrator privileges are
+ * required.
+ *
+ * Returns: the chosen user; must be allocated with malloc(3) and will
+ * be freed by the #PolKitGrant class.
+ **/
+typedef char* (*PolKitGrantSelectAdminUser) (PolKitGrant *polkit_grant,
+ char **admin_users,
+ void *user_data);
+
+
+/**
+ * PolKitGrantConversationPromptEchoOff:
+ * @polkit_grant: the grant object
+ * @prompt: prompt passed by the authentication layer; do not free this string
+ * @user_data: user data pointed as passed into polkit_grant_set_functions()
+ *
+ * Type for callback function that is invoked when the authentication
+ * layer needs to ask the user a secret and the UI should NOT echo what
+ * the user types on the screen.
+ *
+ * Returns: the answer obtained from the user; must be allocated with
+ * malloc(3) and will be freed by the #PolKitGrant class.
+ **/
+typedef char* (*PolKitGrantConversationPromptEchoOff) (PolKitGrant *polkit_grant,
+ const char *prompt,
+ void *user_data);
+
+/**
+ * PolKitGrantConversationPromptEchoOn:
+ * @polkit_grant: the grant object
+ * @prompt: prompt passed by the authentication layer; do not free this string
+ * @user_data: user data pointed as passed into polkit_grant_set_functions()
+ *
+ * Type for callback function that is invoked when the authentication
+ * layer needs to ask the user a secret and the UI should echo what
+ * the user types on the screen.
+ *
+ * Returns: the answer obtained from the user; must be allocated with
+ * malloc(3) and will be freed by the #PolKitGrant class.
+ **/
+typedef char* (*PolKitGrantConversationPromptEchoOn) (PolKitGrant *polkit_grant,
+ const char *prompt,
+ void *user_data);
+
+/**
+ * PolKitGrantConversationErrorMessage:
+ * @polkit_grant: the grant object
+ * @error_message: error message passed by the authentication layer; do not free this string
+ * @user_data: user data pointed as passed into polkit_grant_set_functions()
+ *
+ * Type for callback function that is invoked when the authentication
+ * layer produces an error message that should be displayed in the UI.
+ **/
+typedef void (*PolKitGrantConversationErrorMessage) (PolKitGrant *polkit_grant,
+ const char *error_message,
+ void *user_data);
+
+/**
+ * PolKitGrantConversationTextInfo:
+ * @polkit_grant: the grant object
+ * @text_info: information passed by the authentication layer; do not free this string
+ * @user_data: user data pointed as passed into polkit_grant_set_functions()
+ *
+ * Type for callback function that is invoked when the authentication
+ * layer produces an informational message that should be displayed in
+ * the UI.
+ **/
+typedef void (*PolKitGrantConversationTextInfo) (PolKitGrant *polkit_grant,
+ const char *text_info,
+ void *user_data);
+
+/**
+ * PolKitGrantOverrideGrantType:
+ * @polkit_grant: the grant object
+ * @grant_type: the current type of what privilege to obtain; this is
+ * the same value as passed to the callback of type #PolKitGrantType.
+ * @user_data: user data pointed as passed into polkit_grant_set_functions()
+ *
+ * Type for callback function that enables the UI to request a lesser
+ * privilege than is obtainable. This callback is invoked when the
+ * user have successfully authenticated but before the privilege is
+ * granted.
+ *
+ * Basically, this callback enables a program to provide an user
+ * interface like this:
+ *
+ * <programlisting>
+ * +------------------------------------------------------------+
+ * | You need to authenticate to access the volume 'Frobnicator |
+ * | Adventures Vol 2' |
+ * | |
+ * | Password: [_________________] |
+ * | |
+ * [ [x] Remember this decision |
+ * | [ ] for this session |
+ * | [*] for this and future sessions |
+ * | |
+ * | [Cancel] [Authenticate] |
+ * +------------------------------------------------------------+
+ * </programlisting>
+ *
+ * This dialog assumes that @grant_type passed was
+ * #POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS. By ticking the
+ * check boxes in the dialog, the user can override this to either
+ * #POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION or
+ * #POLKIT_RESULT_ONLY_VIA_SELF_AUTH. Thus, the user can
+ * voluntarily choose to obtain a lesser privilege.
+ *
+ * Another example, would be that the @grant_type passed was
+ * #POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION. Then the dialog
+ * should look like this:
+ *
+ * <programlisting>
+ * +------------------------------------------------------------+
+ * | You need to authenticate to access the volume 'Frobnicator |
+ * | Adventures Vol 2' |
+ * | |
+ * | Password: [_________________] |
+ * | |
+ * [ [x] Remember this decision for the rest of the session |
+ * | |
+ * | [Cancel] [Authenticate] |
+ * +------------------------------------------------------------+
+ * </programlisting>
+ *
+ * Finally, if the @grant_type value passed is
+ * e.g. #POLKIT_RESULT_ONLY_VIA_SELF_AUTH, there are no options to
+ * click.:
+ *
+ * <programlisting>
+ * +------------------------------------------------------------+
+ * | You need to authenticate to access the volume 'Frobnicator |
+ * | Adventures Vol 2' |
+ * | |
+ * | Password: [_________________] |
+ * | |
+ * | [Cancel] [Authenticate] |
+ * +------------------------------------------------------------+
+ * </programlisting>
+ *
+ * Of course, these examples also applies to
+ * #POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH and friends.
+ *
+ * Returns: the desired type of what privilege to obtain; note that it
+ * won't work asking for more privileges than what @grant_type
+ * specifies; the passed value is properly checked in the secure
+ * setgid granting helper mentioned in
+ * polkit_grant_initiate_auth().
+ **/
+typedef PolKitResult (*PolKitGrantOverrideGrantType) (PolKitGrant *polkit_grant,
+ PolKitResult grant_type,
+ void *user_data);
+
+/**
+ * PolKitGrantDone:
+ * @polkit_grant: the grant object
+ * @gained_privilege: whether the privilege was obtained
+ * @invalid_data: whether the input data was bogus (not including bad passwords)
+ * @user_data: user data pointed as passed into polkit_grant_set_functions()
+ *
+ * This function is called when the granting process ends; either if
+ * successful or if it was canceled using
+ * e.g. polkit_grant_cancel_auth().
+ **/
+typedef void (*PolKitGrantDone) (PolKitGrant *polkit_grant,
+ polkit_bool_t gained_privilege,
+ polkit_bool_t invalid_data,
+ void *user_data);
+
+/**
+ * PolKitGrantAddChildWatch:
+ * @polkit_grant: the grant object
+ * @pid: the child pid to watch
+ *
+ * Type for function supplied by the application to integrate a watch
+ * on a child process into the applications main loop. The
+ * application must call polkit_grant_child_func() when the
+ * child dies
+ *
+ * For glib mainloop, the function will typically look like this:
+ *
+ * <programlisting>
+ * static void
+ * child_watch_func (GPid pid,
+ * gint status,
+ * gpointer user_data)
+ * {
+ * PolKitGrant *polkit_grant = user_data;
+ * polkit_grant_child_func (polkit_grant, pid, WEXITSTATUS (status));
+ * }
+ *
+ * static int
+ * add_child_watch (PolKitGrant *polkit_grant, pid_t pid)
+ * {
+ * return g_child_watch_add (pid, child_watch_func, polkit_grant);
+ * }
+ * </programlisting>
+ *
+ * Returns: 0 if the watch couldn't be set up; otherwise an unique
+ * identifier for the watch.
+ **/
+typedef int (*PolKitGrantAddChildWatch) (PolKitGrant *polkit_grant,
+ pid_t pid);
+
+/**
+ * PolKitGrantAddIOWatch:
+ * @polkit_grant: the grant object
+ * @fd: the file descriptor to watch
+ *
+ * Type for function supplied by the application to integrate a watch
+ * on a file descriptor into the applications main loop. The
+ * application must call polkit_grant_io_func() when there is data
+ * to read from the file descriptor.
+ *
+ * For glib mainloop, the function will typically look like this:
+ *
+ * <programlisting>
+ * static gboolean
+ * io_watch_have_data (GIOChannel *channel, GIOCondition condition, gpointer user_data)
+ * {
+ * int fd;
+ * PolKitGrant *polkit_grant = user_data;
+ * fd = g_io_channel_unix_get_fd (channel);
+ * polkit_grant_io_func (polkit_grant, fd);
+ * return TRUE;
+ * }
+ *
+ * static int
+ * add_io_watch (PolKitGrant *polkit_grant, int fd)
+ * {
+ * guint id = 0;
+ * GIOChannel *channel;
+ * channel = g_io_channel_unix_new (fd);
+ * if (channel == NULL)
+ * goto out;
+ * id = g_io_add_watch (channel, G_IO_IN, io_watch_have_data, polkit_grant);
+ * if (id == 0) {
+ * g_io_channel_unref (channel);
+ * goto out;
+ * }
+ * g_io_channel_unref (channel);
+ * out:
+ * return id;
+ * }
+ * </programlisting>
+ *
+ * Returns: 0 if the watch couldn't be set up; otherwise an unique
+ * identifier for the watch.
+ **/
+typedef int (*PolKitGrantAddIOWatch) (PolKitGrant *polkit_grant,
+ int fd);
+
+/**
+ * PolKitGrantRemoveWatch:
+ * @polkit_grant: the grant object
+ * @watch_id: the id obtained from using the supplied function
+ * of type #PolKitGrantAddIOWatch or #PolKitGrantAddChildWatch.
+ *
+ * Type for function supplied by the application to remove a watch set
+ * up via the supplied function of type #PolKitGrantAddIOWatch or type
+ * #PolKitGrantAddChildWatch.
+ *
+ * For glib mainloop, the function will typically look like this:
+ *
+ * <programlisting>
+ * static void
+ * remove_watch (PolKitGrant *polkit_auth, int watch_id)
+ * {
+ * g_source_remove (watch_id);
+ * }
+ * </programlisting>
+ *
+ **/
+typedef void (*PolKitGrantRemoveWatch) (PolKitGrant *polkit_grant,
+ int watch_id);
+
+PolKitGrant *polkit_grant_new (void);
+PolKitGrant *polkit_grant_ref (PolKitGrant *polkit_grant);
+void polkit_grant_unref (PolKitGrant *polkit_grant);
+void polkit_grant_set_functions (PolKitGrant *polkit_grant,
+ PolKitGrantAddIOWatch func_add_io_watch,
+ PolKitGrantAddChildWatch func_add_child_watch,
+ PolKitGrantRemoveWatch func_remove_watch,
+ PolKitGrantType func_type,
+ PolKitGrantSelectAdminUser func_select_admin_user,
+ PolKitGrantConversationPromptEchoOff func_prompt_echo_off,
+ PolKitGrantConversationPromptEchoOn func_prompt_echo_on,
+ PolKitGrantConversationErrorMessage func_error_message,
+ PolKitGrantConversationTextInfo func_text_info,
+ PolKitGrantOverrideGrantType func_override_grant_type,
+ PolKitGrantDone func_done,
+ void *user_data);
+
+polkit_bool_t polkit_grant_initiate_auth (PolKitGrant *polkit_grant,
+ PolKitAction *action,
+ PolKitCaller *caller);
+
+void polkit_grant_cancel_auth (PolKitGrant *polkit_grant);
+
+void polkit_grant_io_func (PolKitGrant *polkit_grant, int fd);
+void polkit_grant_child_func (PolKitGrant *polkit_grant, pid_t pid, int exit_code);
+
+POLKIT_END_DECLS
+
+#endif /* POLKIT_GRANT_H */
+
+
diff --git a/src/polkit-grant/polkit-revoke-helper.c b/src/polkit-grant/polkit-revoke-helper.c
new file mode 100644
index 0000000..f588afc
--- /dev/null
+++ b/src/polkit-grant/polkit-revoke-helper.c
@@ -0,0 +1,379 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-revoke-helper.c : setgid polkituser revoke helper for PolicyKit
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#define _GNU_SOURCE
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <security/pam_appl.h>
+#include <grp.h>
+#include <pwd.h>
+#include <syslog.h>
+#include <errno.h>
+#include <string.h>
+#include <utime.h>
+#include <fcntl.h>
+
+#include <polkit-dbus/polkit-dbus.h>
+
+static polkit_bool_t
+check_for_authorization (const char *action_id, pid_t caller_pid)
+{
+ polkit_bool_t ret;
+ DBusError error;
+ DBusConnection *bus;
+ PolKitCaller *caller;
+ PolKitAction *action;
+ PolKitContext *context;
+ PolKitError *pk_error;
+ PolKitResult pk_result;
+
+ ret = FALSE;
+
+ dbus_error_init (&error);
+ bus = dbus_bus_get (DBUS_BUS_SYSTEM, &error);
+ if (bus == NULL) {
+ fprintf (stderr, "polkit-revoke-helper: cannot connect to system bus: %s: %s\n",
+ error.name, error.message);
+ dbus_error_free (&error);
+ goto out;
+ }
+
+ caller = polkit_caller_new_from_pid (bus, caller_pid, &error);
+ if (caller == NULL) {
+ fprintf (stderr, "polkit-revoke-helper: cannot get caller from pid: %s: %s\n",
+ error.name, error.message);
+ goto out;
+ }
+
+ action = polkit_action_new ();
+ if (action == NULL) {
+ fprintf (stderr, "polkit-revoke-helper: cannot allocate PolKitAction\n");
+ goto out;
+ }
+ if (!polkit_action_set_action_id (action, action_id)) {
+ fprintf (stderr, "polkit-revoke-helper: cannot set action_id\n");
+ goto out;
+ }
+
+ context = polkit_context_new ();
+ if (context == NULL) {
+ fprintf (stderr, "polkit-revoke-helper: cannot allocate PolKitContext\n");
+ goto out;
+ }
+
+ pk_error = NULL;
+ if (!polkit_context_init (context, &pk_error)) {
+ fprintf (stderr, "polkit-revoke-helper: cannot initialize polkit context: %s: %s\n",
+ polkit_error_get_error_name (pk_error),
+ polkit_error_get_error_message (pk_error));
+ polkit_error_free (pk_error);
+ goto out;
+ }
+
+ pk_result = polkit_context_is_caller_authorized (context, action, caller, FALSE, &pk_error);
+ if (polkit_error_is_set (pk_error)) {
+ fprintf (stderr, "polkit-revoke-helper: cannot determine if caller is authorized: %s: %s\n",
+ polkit_error_get_error_name (pk_error),
+ polkit_error_get_error_message (pk_error));
+ polkit_error_free (pk_error);
+ goto out;
+ }
+
+ if (pk_result != POLKIT_RESULT_YES) {
+ goto out;
+ }
+
+ ret = TRUE;
+out:
+
+ return ret;
+}
+
+
+static int
+_write_to_fd (int fd, const char *str, ssize_t str_len)
+{
+ int ret;
+ ssize_t written;
+
+ ret = 0;
+
+ written = 0;
+ while (written < str_len) {
+ ssize_t ret;
+ ret = write (fd, str + written, str_len - written);
+ if (ret < 0) {
+ if (errno == EAGAIN || errno == EINTR) {
+ continue;
+ } else {
+ goto out;
+ }
+ }
+ written += ret;
+ }
+
+ ret = 1;
+
+out:
+ return ret;
+}
+
+int
+main (int argc, char *argv[])
+{
+ int ret;
+ gid_t egid;
+ struct group *group;
+ uid_t invoking_uid;
+ char *entry_to_remove;
+ int n;
+ int len;
+ char *p;
+ char *scope;
+ uid_t uid_to_revoke;
+ char *endp;
+ FILE *f;
+ int fd;
+ char path[256];
+ char path_tmp[256];
+ char line[512];
+ char *root;
+ char *target_type;
+ char *target_value;
+ struct passwd *pw;
+ polkit_bool_t is_one_shot;
+
+ ret = 1;
+
+ /* clear the entire environment to avoid attacks using with libraries honoring environment variables */
+ if (clearenv () != 0)
+ goto out;
+ /* set a minimal environment */
+ setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
+
+ openlog ("polkit-revoke-helper", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
+
+ /* check for correct invocation */
+ if (argc != 4) {
+ syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
+ fprintf (stderr, "polkit-revoke-helper: wrong number of arguments. This incident has been logged.\n");
+ goto out;
+ }
+
+ /* check we're running with a non-tty stdin */
+ if (isatty (STDIN_FILENO) != 0) {
+ syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ());
+ fprintf (stderr, "polkit-revoke-helper: inappropriate use of helper, stdin is a tty. This incident has been logged.\n");
+ goto out;
+ }
+
+ invoking_uid = getuid ();
+
+ /* check that we are setgid polkituser */
+ egid = getegid ();
+ group = getgrgid (egid);
+ if (group == NULL) {
+ fprintf (stderr, "polkit-revoke-helper: cannot lookup group info for gid %d\n", egid);
+ goto out;
+ }
+ if (strcmp (group->gr_name, POLKIT_GROUP) != 0) {
+ fprintf (stderr, "polkit-revoke-helper: needs to be setgid " POLKIT_GROUP "\n");
+ goto out;
+ }
+
+ entry_to_remove = argv[1];
+ target_type = argv[2];
+ target_value = argv[3];
+
+ /*----------------------------------------------------------------------------------------------------*/
+
+ /* paranoia: we have to validate the entry_to_remove argument
+ * and determine if the process who invoked us is sufficiently
+ * privileged.
+ *
+ * As we're setuid root we don't want to pull in libpolkit and
+ * as we only need to parse the first two entries... we do it
+ * right here
+ */
+ p = entry_to_remove;
+ len = strlen (entry_to_remove);
+ for (n = 0; n < len; n++) {
+ if (p[n] == ':')
+ goto found;
+ }
+ fprintf (stderr, "polkit-revoke-helper: entry_to_remove malformed\n");
+ goto out;
+found:
+ scope = strndup (entry_to_remove, n);
+ if (scope == NULL) {
+ fprintf (stderr, "polkit-revoke-helper: OOM\n");
+ goto out;
+ }
+
+ if (strcmp (target_type, "uid") == 0) {
+ uid_to_revoke = strtol (target_value, &endp, 10);
+ if (*endp != '\0') {
+ fprintf (stderr, "polkit-revoke-helper: cannot parse uid\n");
+ goto out;
+ }
+ } else {
+ fprintf (stderr, "polkit-revoke-helper: unknown target type\n");
+ goto out;
+ }
+
+ /* OK, we're done parsing ... */
+
+ is_one_shot = FALSE;
+ if (strcmp (scope, "process") == 0) {
+ root = PACKAGE_LOCALSTATE_DIR "/run/PolicyKit";
+ } else if (strcmp (scope, "process-one-shot") == 0) {
+ root = PACKAGE_LOCALSTATE_DIR "/run/PolicyKit";
+ is_one_shot = TRUE;
+ } else if (strcmp (scope, "session") == 0) {
+ root = PACKAGE_LOCALSTATE_DIR "/run/PolicyKit";
+ } else if (strcmp (scope, "always") == 0) {
+ root = PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit";
+ } else if (strcmp (scope, "grant") == 0) {
+ root = PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit";
+ } else {
+ fprintf (stderr, "polkit-revoke-helper: unknown scope '%s'\n", scope);
+ goto out;
+ }
+
+ if (invoking_uid != 0) {
+ /* Check that the caller is privileged to do this... */
+ if (invoking_uid != uid_to_revoke) {
+
+ /* see if calling user has the
+ *
+ * org.freedesktop.policykit.revoke
+ *
+ * authorization
+ */
+ if (!check_for_authorization ("org.freedesktop.policykit.revoke", getppid ())) {
+
+ /* if it's about revoking a one-shot authorization, it's sufficient to have
+ * org.freedesktop.policykit.read - see polkit_context_is_caller_authorized()
+ * for why...
+ */
+ if (is_one_shot) {
+ if (!check_for_authorization ("org.freedesktop.policykit.read", getppid ())) {
+ goto out;
+ }
+ } else {
+ goto out;
+ }
+ }
+ }
+ }
+
+ pw = getpwuid (uid_to_revoke);
+ if (pw == NULL) {
+ fprintf (stderr, "polkit-revoke-helper: cannot lookup user name for uid %d\n", uid_to_revoke);
+ goto out;
+ }
+
+ if (snprintf (path, sizeof (path), "%s/user-%s.auths", root, pw->pw_name) >= (int) sizeof (path)) {
+ fprintf (stderr, "polkit-revoke-helper: string was truncated (1)\n");
+ goto out;
+ }
+ if (snprintf (path_tmp, sizeof (path_tmp), "%s/user-%s.auths.XXXXXX", root, pw->pw_name) >= (int) sizeof (path)) {
+ fprintf (stderr, "polkit-revoke-helper: string was truncated (2)\n");
+ goto out;
+ }
+
+ f = fopen (path, "r");
+ if (f == NULL) {
+ fprintf (stderr, "Cannot open file '%s': %m\n", path);
+ goto out;
+ }
+
+ fd = mkstemp (path_tmp);
+ if (fd < 0) {
+ fprintf (stderr, "Cannot create file '%s': %m\n", path_tmp);
+ goto out;
+ }
+ if (fchmod (fd, 0464) != 0) {
+ fprintf (stderr, "Cannot change mode for '%s' to 0460: %m\n", path_tmp);
+ close (fd);
+ unlink (path_tmp);
+ goto out;
+ }
+
+
+ /* read one line at a time */
+ while (fgets (line, sizeof (line), f) != NULL) {
+ size_t line_len;
+
+ line_len = strlen (line);
+ if (line_len > 1 && line[line_len - 1] == '\n') {
+ if (strncmp (line, entry_to_remove, line_len - 1) == 0) {
+ /* woho, found it */
+ continue;
+ }
+ }
+
+ /* otherwise, just write the line to the temporary file */
+ if (!_write_to_fd (fd, line, line_len)) {
+ fprintf (stderr, "Error write to file '%s': %m\n", path_tmp);
+ close (fd);
+ unlink (path_tmp);
+ goto out;
+ }
+ }
+
+ fclose (f);
+ close (fd);
+
+ if (rename (path_tmp, path) != 0) {
+ fprintf (stderr, "Error renaming %s to %s: %m\n", path_tmp, path);
+ unlink (path_tmp);
+ goto out;
+ }
+
+ /* we're good now (if triggering a reload fails, so be it, we
+ * still did what the caller asked...)
+ */
+ ret = 0;
+
+ /* trigger a reload */
+ if (utimes (PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload", NULL) != 0) {
+ fprintf (stderr, "Error updating access+modification time on file '%s': %m\n",
+ PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload");
+ }
+
+out:
+
+ return ret;
+}
+
diff --git a/src/polkit/.gitignore b/src/polkit/.gitignore
new file mode 100644
index 0000000..764d994
--- /dev/null
+++ b/src/polkit/.gitignore
@@ -0,0 +1,9 @@
+.deps
+.libs
+*.la
+*.lo
+*.o
+Makefile
+Makefile.in
+polkit-interface-manager-glue.h
+polkit-interface-session-glue.h
diff --git a/src/polkit/Makefile.am b/src/polkit/Makefile.am
new file mode 100644
index 0000000..c15017f
--- /dev/null
+++ b/src/polkit/Makefile.am
@@ -0,0 +1,149 @@
+## Process this file with automake to produce Makefile.in
+
+INCLUDES = \
+ -I$(top_builddir) -I$(top_srcdir) \
+ -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
+ -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
+ -DPACKAGE_DATA_DIR=\""$(datadir)"\" \
+ -DPACKAGE_BIN_DIR=\""$(bindir)"\" \
+ -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \
+ -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \
+ -DPACKAGE_LIB_DIR=\""$(libdir)"\" \
+ -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \
+ -DPOLKIT_COMPILATION \
+ -DTEST_DATA_DIR=\"$(top_srcdir)/test/\" \
+ @GLIB_CFLAGS@
+
+lib_LTLIBRARIES=libpolkit.la
+
+libpolkitincludedir=$(includedir)/PolicyKit/polkit
+
+libpolkitinclude_HEADERS = \
+ polkit.h \
+ polkit-sysdeps.h \
+ polkit-memory.h \
+ polkit-hash.h \
+ polkit-list.h \
+ polkit-types.h \
+ polkit-error.h \
+ polkit-result.h \
+ polkit-context.h \
+ polkit-action.h \
+ polkit-seat.h \
+ polkit-session.h \
+ polkit-caller.h \
+ polkit-policy-file-entry.h \
+ polkit-policy-file.h \
+ polkit-policy-cache.h \
+ polkit-policy-default.h \
+ polkit-config.h \
+ polkit-authorization.h \
+ polkit-authorization-constraint.h \
+ polkit-authorization-db.h
+
+libpolkit_la_SOURCES = \
+ polkit.h \
+ polkit-private.h \
+ polkit-types.h \
+ polkit-memory.h polkit-memory.c \
+ polkit-hash.h polkit-hash.c \
+ polkit-list.h polkit-list.c \
+ polkit-sysdeps.h polkit-sysdeps.c \
+ polkit-error.h polkit-error.c \
+ polkit-result.h polkit-result.c \
+ polkit-context.h polkit-context.c \
+ polkit-action.h polkit-action.c \
+ polkit-seat.h polkit-seat.c \
+ polkit-session.h polkit-session.c \
+ polkit-caller.h polkit-caller.c \
+ polkit-policy-file-entry.h polkit-policy-file-entry.c \
+ polkit-policy-file.h polkit-policy-file.c \
+ polkit-policy-cache.h polkit-policy-cache.c \
+ polkit-policy-default.h polkit-policy-default.c \
+ polkit-debug.h polkit-debug.c \
+ polkit-utils.h polkit-utils.c \
+ polkit-config.h polkit-config.c \
+ polkit-authorization.h polkit-authorization.c \
+ polkit-authorization-constraint.h polkit-authorization-constraint.c \
+ polkit-authorization-db.h
+
+if POLKIT_AUTHDB_DUMMY
+libpolkit_la_SOURCES += \
+ polkit-authorization-db-dummy.c
+endif
+
+if POLKIT_AUTHDB_DEFAULT
+libpolkit_la_SOURCES += \
+ polkit-authorization-db.c
+endif
+
+libpolkit_la_LIBADD = @GLIB_LIBS@ @EXPAT_LIBS@
+
+libpolkit_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
+
+## note that TESTS has special meaning (stuff to use in make check)
+## so if adding tests not to be run in make check, don't add them to
+## TESTS
+if POLKIT_BUILD_TESTS
+TESTS_ENVIRONMENT=
+TESTS=polkit-test
+
+if POLKIT_GCOV_ENABLED
+clean-gcov:
+ rm -f *.gcov .libs/*.gcda
+
+.PHONY: coverage-report.txt
+coverage-report.txt :
+ $(top_srcdir)/test/create-coverage-report.sh polkit $(filter %.c,$(libpolkit_la_SOURCES)) > coverage-report.txt
+
+check-coverage : clean-gcov all check coverage-report.txt
+ cat coverage-report.txt
+else
+coverage-report.txt:
+ @echo "Need to reconfigure with --enable-gcov"
+
+check-coverage:
+ @echo "Need to reconfigure with --enable-gcov"
+endif
+
+else
+TESTS=
+endif
+
+## we use noinst_PROGRAMS not check_PROGRAMS so that we build
+## even when not doing "make check"
+noinst_PROGRAMS=$(TESTS)
+
+polkit_test_SOURCES= \
+ polkit-test.h polkit-test.c
+
+polkit_test_LDADD=$(top_builddir)/polkit/libpolkit.la
+polkit_test_LDFLAGS=
+#@R_DYNAMIC_LDFLAG@
+
+
+clean-local :
+ rm -f *~ $(BUILT_SOURCES) *.bb *.bbg *.da *.gcov .libs/*.da .libs/*.bbg
+
+if POLKIT_AUTHDB_DEFAULT
+# The directories /var/lib/PolicyKit and /var/run/PolicyKit is where
+# authorizations are stored. They must not be world readable (the
+# polkit-auth-read-helper is used to read it) and the $POLKIT_GROUP
+# group needs to be able to write files there.
+#
+# The /var/lib/misc/PolicyKit.reload file is used for triggering that
+# authorizations have changed; it needs to be world readable and
+# writeable for the $POLKIT_GROUP group (FHS 2.3 suggests that
+# location)
+#
+install-data-local:
+ -touch $(DESTDIR)$(localstatedir)/lib/misc/PolicyKit.reload
+ -chgrp $(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/lib/misc/PolicyKit.reload
+ -chmod 775 $(DESTDIR)$(localstatedir)/lib/misc/PolicyKit.reload
+ -mkdir -p $(DESTDIR)$(localstatedir)/lib/PolicyKit
+ -mkdir -p $(DESTDIR)$(localstatedir)/run/PolicyKit
+ -chgrp $(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/lib/PolicyKit
+ -chgrp $(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/run/PolicyKit
+ -chmod 770 $(DESTDIR)$(localstatedir)/lib/PolicyKit
+ -chmod 770 $(DESTDIR)$(localstatedir)/run/PolicyKit
+endif
diff --git a/src/polkit/polkit-action.c b/src/polkit/polkit-action.c
new file mode 100644
index 0000000..ac7fea6
--- /dev/null
+++ b/src/polkit/polkit-action.c
@@ -0,0 +1,304 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-action.c : action
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <glib.h>
+#include "polkit-debug.h"
+#include "polkit-action.h"
+#include "polkit-utils.h"
+#include "polkit-utils.h"
+#include "polkit-memory.h"
+#include "polkit-test.h"
+
+/**
+ * SECTION:polkit-action
+ * @title: Actions
+ * @short_description: Models what a caller is attempting to do.
+ *
+ * This class is used to represent a PolicyKit action.
+ **/
+
+/**
+ * PolKitAction:
+ *
+ * Objects of this class are used to record information about an action.
+ **/
+struct _PolKitAction
+{
+ int refcount;
+ char *id;
+};
+
+/**
+ * polkit_action_new:
+ *
+ * Create a new #PolKitAction object.
+ *
+ * Returns: the new object
+ **/
+PolKitAction *
+polkit_action_new (void)
+{
+ PolKitAction *action;
+ action = p_new0 (PolKitAction, 1);
+ if (action == NULL)
+ goto out;
+ action->refcount = 1;
+out:
+ return action;
+}
+
+/**
+ * polkit_action_ref:
+ * @action: the action object
+ *
+ * Increase reference count.
+ *
+ * Returns: the object
+ **/
+PolKitAction *
+polkit_action_ref (PolKitAction *action)
+{
+ g_return_val_if_fail (action != NULL, action);
+ action->refcount++;
+ return action;
+}
+
+/**
+ * polkit_action_unref:
+ * @action: the action object
+ *
+ * Decreases the reference count of the object. If it becomes zero,
+ * the object is freed. Before freeing, reference counts on embedded
+ * objects are decresed by one.
+ **/
+void
+polkit_action_unref (PolKitAction *action)
+{
+ g_return_if_fail (action != NULL);
+ action->refcount--;
+ if (action->refcount > 0)
+ return;
+ p_free (action->id);
+ p_free (action);
+}
+
+/**
+ * polkit_action_set_action_id:
+ * @action: the action object
+ * @action_id: action identifier
+ *
+ * Set the action identifier
+ *
+ * Returns: #TRUE only if the value validated and was set
+ **/
+polkit_bool_t
+polkit_action_set_action_id (PolKitAction *action, const char *action_id)
+{
+ g_return_val_if_fail (action != NULL, FALSE);
+ g_return_val_if_fail (polkit_action_validate_id (action_id), FALSE);
+ if (action->id != NULL)
+ p_free (action->id);
+ action->id = p_strdup (action_id);
+ if (action->id == NULL)
+ return FALSE;
+
+ return TRUE;
+}
+
+/**
+ * polkit_action_get_action_id:
+ * @action: the action object
+ * @out_action_id: Returns the action identifier. The caller shall not free this string.
+ *
+ * Get the action identifier.
+ *
+ * Returns: TRUE iff the value was returned.
+ **/
+polkit_bool_t
+polkit_action_get_action_id (PolKitAction *action, char **out_action_id)
+{
+ g_return_val_if_fail (action != NULL, FALSE);
+ g_return_val_if_fail (out_action_id != NULL, FALSE);
+ if (action->id == NULL)
+ return FALSE;
+ *out_action_id = action->id;
+ return TRUE;
+}
+
+/**
+ * polkit_action_debug:
+ * @action: the object
+ *
+ * Print debug details
+ **/
+void
+polkit_action_debug (PolKitAction *action)
+{
+ g_return_if_fail (action != NULL);
+ _pk_debug ("PolKitAction: refcount=%d id=%s", action->refcount, action->id);
+}
+
+/**
+ * polkit_action_validate_id:
+ * @action_id: the action identifier to validate
+ *
+ * Validate whether an action identifier is well formed. To be well
+ * formed, an action identifier needs to start with a lower case ASCII
+ * character and can only contain the characters "[a-z][0-9].-". It
+ * must be less than or equal 256 bytes in length including the
+ * terminating NUL character.
+ *
+ * Returns: #TRUE iff the action identifier is well formed
+ **/
+polkit_bool_t
+polkit_action_validate_id (const char *action_id)
+{
+ int n;
+
+ g_return_val_if_fail (action_id != NULL, FALSE);
+
+ /* validate that the form of the action identifier is correct */
+ if (!g_ascii_islower (action_id[0]))
+ goto malformed;
+
+ for (n = 1; action_id[n] != '\0'; n++) {
+ if (n >= 255)
+ goto malformed;
+
+ if (! (g_ascii_islower (action_id[n]) ||
+ g_ascii_isdigit (action_id[n]) ||
+ action_id[n] == '.' ||
+ action_id[n] == '-'))
+ goto malformed;
+ }
+
+ return TRUE;
+
+malformed:
+ return FALSE;
+}
+
+/**
+ * polkit_action_validate:
+ * @action: the object
+ *
+ * Validate the object
+ *
+ * Returns: #TRUE iff the object is valid.
+ **/
+polkit_bool_t
+polkit_action_validate (PolKitAction *action)
+{
+ g_return_val_if_fail (action != NULL, FALSE);
+ g_return_val_if_fail (action->id != NULL, FALSE);
+
+ return polkit_action_validate_id (action->id);
+}
+
+
+
+#ifdef POLKIT_BUILD_TESTS
+
+static polkit_bool_t
+_run_test (void)
+{
+ int n;
+ char *valid_action_ids[] = {"org.example.action",
+ "org.example.action-foo",
+ "org.example.action-foo.42",
+ "org.example.42-.foo",
+ "t0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcd",
+ NULL};
+ char *invalid_action_ids[] = {"1org.example.action",
+ ".org.example.action",
+ "-org.example.action",
+ "org.example.action_foo",
+ "org.example.something.that.is.too.long.0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
+ NULL};
+
+ for (n = 0; valid_action_ids[n] != NULL; n++) {
+ g_assert (polkit_action_validate_id (valid_action_ids[n]));
+ }
+
+ for (n = 0; invalid_action_ids[n] != NULL; n++) {
+ g_assert (! polkit_action_validate_id (invalid_action_ids[n]));
+ }
+
+ PolKitAction *a;
+ char *s;
+ a = polkit_action_new ();
+ if (a == NULL) {
+ /* OOM */
+ } else {
+
+ g_assert (! polkit_action_get_action_id (a, &s));
+
+ if (!polkit_action_set_action_id (a, "org.example.action")) {
+ /* OOM */
+ } else {
+ g_assert (polkit_action_validate (a));
+ polkit_action_ref (a);
+ g_assert (polkit_action_validate (a));
+ polkit_action_unref (a);
+ g_assert (polkit_action_validate (a));
+
+ if (!polkit_action_set_action_id (a, "org.example.action2")) {
+ /* OOM */
+ } else {
+ g_assert (polkit_action_validate (a));
+ g_assert (polkit_action_get_action_id (a, &s));
+ g_assert (strcmp (s, "org.example.action2") == 0);
+ polkit_action_debug (a);
+ }
+ }
+
+ polkit_action_unref (a);
+ }
+
+
+ return TRUE;
+}
+
+PolKitTest _test_action = {
+ "polkit_action",
+ NULL,
+ NULL,
+ _run_test
+};
+
+#endif /* POLKIT_BUILD_TESTS */
diff --git a/src/polkit/polkit-action.h b/src/polkit/polkit-action.h
new file mode 100644
index 0000000..d062124
--- /dev/null
+++ b/src/polkit/polkit-action.h
@@ -0,0 +1,55 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-action.h : actions
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_ACTION_H
+#define POLKIT_ACTION_H
+
+#include <polkit/polkit-types.h>
+
+POLKIT_BEGIN_DECLS
+
+struct _PolKitAction;
+typedef struct _PolKitAction PolKitAction;
+
+PolKitAction *polkit_action_new (void);
+PolKitAction *polkit_action_ref (PolKitAction *action);
+void polkit_action_unref (PolKitAction *action);
+polkit_bool_t polkit_action_set_action_id (PolKitAction *action, const char *action_id);
+polkit_bool_t polkit_action_get_action_id (PolKitAction *action, char **out_action_id);
+
+void polkit_action_debug (PolKitAction *action);
+polkit_bool_t polkit_action_validate (PolKitAction *action);
+
+polkit_bool_t polkit_action_validate_id (const char *action_id);
+
+POLKIT_END_DECLS
+
+#endif /* POLKIT_ACTION_H */
+
+
diff --git a/src/polkit/polkit-authorization-constraint.c b/src/polkit/polkit-authorization-constraint.c
new file mode 100644
index 0000000..633ac48
--- /dev/null
+++ b/src/polkit/polkit-authorization-constraint.c
@@ -0,0 +1,491 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-authorization-constraint.c : Conditions that must be
+ * satisfied in order for an authorization to apply
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <glib.h>
+#include "polkit-debug.h"
+#include "polkit-authorization-constraint.h"
+#include "polkit-utils.h"
+#include "polkit-private.h"
+
+/**
+ * SECTION:polkit-authorization-constraint
+ * @title: Authorization Constraints
+ * @short_description: Conditions that must be satisfied in
+ * order for an authorization to apply
+ *
+ * This class is used to represent conditions that must be satisfied
+ * in order for an authorization to apply
+ *
+ * Since: 0.7
+ **/
+
+/**
+ * PolKitAuthorizationConstraint:
+ *
+ * Instances of this class are used to represent conditions that must
+ * be satisfied in order for an authorization to apply.
+ *
+ * Since: 0.7
+ **/
+struct _PolKitAuthorizationConstraint
+{
+ int refcount;
+ PolKitAuthorizationConstraintFlags flags;
+};
+
+static PolKitAuthorizationConstraint _null_constraint = {-1, 0};
+
+static PolKitAuthorizationConstraint _local_constraint = {-1,
+ POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_LOCAL};
+
+static PolKitAuthorizationConstraint _active_constraint = {-1,
+ POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_ACTIVE};
+
+static PolKitAuthorizationConstraint _local_active_constraint = {-1,
+ POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_LOCAL |
+ POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_ACTIVE};
+
+PolKitAuthorizationConstraint *
+_polkit_authorization_constraint_new (const char *entry_in_auth_file)
+{
+ PolKitAuthorizationConstraint *authc;
+ authc = g_new0 (PolKitAuthorizationConstraint, 1);
+ authc->refcount = 0;
+ return authc;
+}
+
+/**
+ * polkit_authorization_constraint_ref:
+ * @authc: the object
+ *
+ * Increase reference count.
+ *
+ * Returns: the object
+ *
+ * Since: 0.7
+ **/
+PolKitAuthorizationConstraint *
+polkit_authorization_constraint_ref (PolKitAuthorizationConstraint *authc)
+{
+ g_return_val_if_fail (authc != NULL, authc);
+ if (authc->refcount == -1)
+ return authc;
+ authc->refcount++;
+ return authc;
+}
+
+/**
+ * polkit_authorization_constraint_unref:
+ * @authc: the authorization_constraint object
+ *
+ * Decreases the reference count of the object. If it becomes zero,
+ * the object is freed. Before freeing, reference counts on embedded
+ * objects are decresed by one.
+ *
+ * Since: 0.7
+ **/
+void
+polkit_authorization_constraint_unref (PolKitAuthorizationConstraint *authc)
+{
+ g_return_if_fail (authc != NULL);
+ if (authc->refcount == -1)
+ return;
+ authc->refcount--;
+ if (authc->refcount > 0)
+ return;
+
+ g_free (authc);
+}
+
+/**
+ * polkit_authorization_constraint_debug:
+ * @authc: the object
+ *
+ * Print debug details
+ *
+ * Since: 0.7
+ **/
+void
+polkit_authorization_constraint_debug (PolKitAuthorizationConstraint *authc)
+{
+ g_return_if_fail (authc != NULL);
+ _pk_debug ("PolKitAuthorizationConstraint: refcount=%d", authc->refcount);
+}
+
+/**
+ * polkit_authorization_constraint_validate:
+ * @authc: the object
+ *
+ * Validate the object
+ *
+ * Returns: #TRUE iff the object is valid.
+ *
+ * Since: 0.7
+ **/
+polkit_bool_t
+polkit_authorization_constraint_validate (PolKitAuthorizationConstraint *authc)
+{
+ g_return_val_if_fail (authc != NULL, FALSE);
+
+ return TRUE;
+}
+
+/**
+ * polkit_authorization_constraint_check_session:
+ * @authc: the object
+ * @session: the session
+ *
+ * Determine if the given session satisfies the conditions imposed by
+ * the given constraint
+ *
+ * Returns: #TRUE if, and only if, the given session satisfies the
+ * conditions imposed by the given constraint.
+ *
+ * Since: 0.7
+ */
+polkit_bool_t
+polkit_authorization_constraint_check_session (PolKitAuthorizationConstraint *authc,
+ PolKitSession *session)
+{
+ polkit_bool_t ret;
+ polkit_bool_t is_active;
+ polkit_bool_t is_local;
+
+ g_return_val_if_fail (authc != NULL, FALSE);
+ g_return_val_if_fail (session != NULL, FALSE);
+
+ ret = FALSE;
+
+ if (!polkit_session_get_ck_is_local (session, &is_local))
+ is_local = FALSE;
+
+ if (!polkit_session_get_ck_is_active (session, &is_active))
+ is_active = FALSE;
+
+ if (authc->flags & POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_LOCAL) {
+ if (!is_local)
+ goto out;
+ }
+
+ if (authc->flags & POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_ACTIVE) {
+ if (!is_active)
+ goto out;
+ }
+
+ ret = TRUE;
+out:
+ return ret;
+}
+
+/**
+ * polkit_authorization_constraint_check_caller:
+ * @authc: the object
+ * @caller: the caller
+ *
+ * Determine if the given caller satisfies the conditions imposed by
+ * the given constraint
+ *
+ * Returns: #TRUE if, and only if, the given caller satisfies the
+ * conditions imposed by the given constraint.
+ *
+ * Since: 0.7
+ */
+polkit_bool_t
+polkit_authorization_constraint_check_caller (PolKitAuthorizationConstraint *authc,
+ PolKitCaller *caller)
+{
+ polkit_bool_t ret;
+ PolKitSession *session;
+
+ g_return_val_if_fail (authc != NULL, FALSE);
+ g_return_val_if_fail (caller != NULL, FALSE);
+
+ ret = FALSE;
+
+ /* caller may not be in a session */
+ if (polkit_caller_get_ck_session (caller, &session) && session != NULL) {
+ ret = polkit_authorization_constraint_check_session (authc, session);
+ } else {
+ if (authc->flags == 0) {
+ ret = TRUE;
+ }
+ }
+
+ return ret;
+}
+
+/**
+ * polkit_authorization_constraint_get_flags:
+ * @authc: the object
+ *
+ * Describe the constraint; this is only useful when inspecting an
+ * authorization to present information to the user (e.g. as
+ * polkit-auth(1) does).
+ *
+ * Note that the flags returned may not fully describe the constraint
+ * and shouldn't be used to perform checking against #PolKitCaller or
+ * #PolKitSession objects. Use the
+ * polkit_authorization_constraint_check_caller() and
+ * polkit_authorization_constraint_check_session() methods for that
+ * instead.
+ *
+ * Returns: flags from #PolKitAuthorizationConstraintFlags
+ *
+ * Since: 0.7
+ */
+PolKitAuthorizationConstraintFlags
+polkit_authorization_constraint_get_flags (PolKitAuthorizationConstraint *authc)
+{
+ g_return_val_if_fail (authc != NULL, FALSE);
+ return authc->flags;
+}
+
+/**
+ * polkit_authorization_constraint_get_null:
+ *
+ * Get a #PolKitAuthorizationConstraint object that represents no constraints.
+ *
+ * Returns: the constraint; the caller shall not unref this object
+ *
+ * Since: 0.7
+ */
+PolKitAuthorizationConstraint *
+polkit_authorization_constraint_get_null (void)
+{
+ return &_null_constraint;
+}
+
+/**
+ * polkit_authorization_constraint_get_require_local:
+ *
+ * Get a #PolKitAuthorizationConstraint object that represents the
+ * constraint that the session or caller must be local.
+ *
+ * Returns: the constraint; the caller shall not unref this object
+ *
+ * Since: 0.7
+ */
+PolKitAuthorizationConstraint *
+polkit_authorization_constraint_get_require_local (void)
+{
+ return &_local_constraint;
+}
+
+/**
+ * polkit_authorization_constraint_get_require_active:
+ *
+ * Get a #PolKitAuthorizationConstraint object that represents the
+ * constraint that the session or caller must be active.
+ *
+ * Returns: the constraint; the caller shall not unref this object
+ *
+ * Since: 0.7
+ */
+PolKitAuthorizationConstraint *
+polkit_authorization_constraint_get_require_active (void)
+{
+ return &_active_constraint;
+}
+
+/**
+ * polkit_authorization_constraint_get_require_local_active:
+ *
+ * Get a #PolKitAuthorizationConstraint object that represents the
+ * constraint that the session or caller must be local and in an
+ * active session.
+ *
+ * Returns: the constraint; the caller shall not unref this object
+ *
+ * Since: 0.7
+ */
+PolKitAuthorizationConstraint *
+polkit_authorization_constraint_get_require_local_active (void)
+{
+ return &_local_active_constraint;
+}
+
+/**
+ * polkit_authorization_constraint_to_string:
+ * @authc: the object
+ * @out_buf: buffer to store the string representation in
+ * @buf_size: size of buffer
+ *
+ * Get a textual representation of the constraint; this is only useful
+ * for serializing; it's a machine, not human, readable string.
+ *
+ * Returns: Number of characters written (not including trailing
+ * '\0'). If the output was truncated due to the buffer being too
+ * small, buf_size will be returned. Thus, a return value of buf_size
+ * or more indicates that the output was truncated (see snprintf(3))
+ * or an error occured.
+ *
+ * Since: 0.7
+ */
+size_t
+polkit_authorization_constraint_to_string (PolKitAuthorizationConstraint *authc, char *out_buf, size_t buf_size)
+{
+ g_return_val_if_fail (authc != NULL, buf_size);
+
+ switch (authc->flags) {
+ case 0:
+ return snprintf (out_buf, buf_size, "none");
+
+ case POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_LOCAL:
+ return snprintf (out_buf, buf_size, "local");
+
+ case POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_ACTIVE:
+ return snprintf (out_buf, buf_size, "active");
+
+ case POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_LOCAL|POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_ACTIVE:
+ return snprintf (out_buf, buf_size, "local+active");
+
+ default:
+ return buf_size;
+ }
+}
+
+/**
+ * polkit_authorization_constraint_from_string:
+ * @str: textual representation of constraint
+ *
+ * Construct a constraint from a textual representation as returned by
+ * polkit_authorization_constraint_to_string().
+ *
+ * Returns: the constraint or #NULL if the string coulnd't be parsed.
+ */
+PolKitAuthorizationConstraint *
+polkit_authorization_constraint_from_string (const char *str)
+{
+ PolKitAuthorizationConstraint *ret;
+
+ g_return_val_if_fail (str != NULL, NULL);
+
+ ret = NULL;
+
+ if (strcmp (str, "none") == 0) {
+ ret = polkit_authorization_constraint_get_null ();
+ goto out;
+ } else if (strcmp (str, "local") == 0) {
+ ret = polkit_authorization_constraint_get_require_local ();
+ goto out;
+ } else if (strcmp (str, "active") == 0) {
+ ret = polkit_authorization_constraint_get_require_active ();
+ goto out;
+ } else if (strcmp (str, "local+active") == 0) {
+ ret = polkit_authorization_constraint_get_require_local_active ();
+ goto out;
+ }
+
+out:
+ return ret;
+}
+
+/**
+ * polkit_authorization_constraint_get_from_caller:
+ * @caller: caller
+ *
+ * Given a caller, return the most restrictive constraint
+ * possible. For example, if the caller is local and active, a
+ * constraint requiring this will be returned.
+ *
+ * This function is typically used when the caller obtains an
+ * authorization through authentication; the goal is to put a
+ * constraints on the authorization such that it's only valid when the
+ * caller is in the context as where she obtained it.
+ *
+ * Returns: a #PolKitConstraint object; this function will never return #NULL.
+ */
+PolKitAuthorizationConstraint *
+polkit_authorization_constraint_get_from_caller (PolKitCaller *caller)
+{
+ polkit_bool_t is_local;
+ polkit_bool_t is_active;
+ PolKitSession *session;
+ PolKitAuthorizationConstraint *ret;
+
+ /* caller is not in a session so use the null constraint */
+ if (!polkit_caller_get_ck_session (caller, &session)) {
+ ret = polkit_authorization_constraint_get_null ();
+ goto out;
+ }
+
+ /* if we, for some reason, don't know if the user is local or active, prefer maximal constraint */
+ if (!polkit_session_get_ck_is_local (session, &is_local))
+ is_local = TRUE;
+ if (!polkit_session_get_ck_is_active (session, &is_active))
+ is_active = TRUE;
+
+ if (is_local) {
+ if (is_active) {
+ ret = polkit_authorization_constraint_get_require_local_active ();
+ } else {
+ ret = polkit_authorization_constraint_get_require_local ();
+ }
+ } else {
+ if (is_active) {
+ ret = polkit_authorization_constraint_get_require_active ();
+ } else {
+ ret = polkit_authorization_constraint_get_null ();
+ }
+ }
+
+out:
+ return ret;
+}
+
+
+/**
+ * polkit_authorization_constraint_equal:
+ * @a: first constraint
+ * @b: first constraint
+ *
+ * Determines if two constraints are equal
+ *
+ * Returns: #TRUE only if the given constraints are equal
+ *
+ * Since: 0.7
+ */
+polkit_bool_t
+polkit_authorization_constraint_equal (PolKitAuthorizationConstraint *a, PolKitAuthorizationConstraint *b)
+{
+ g_return_val_if_fail (a != NULL, FALSE);
+ g_return_val_if_fail (b != NULL, FALSE);
+
+ return a->flags == b->flags;
+}
diff --git a/src/polkit/polkit-authorization-constraint.h b/src/polkit/polkit-authorization-constraint.h
new file mode 100644
index 0000000..30c5219
--- /dev/null
+++ b/src/polkit/polkit-authorization-constraint.h
@@ -0,0 +1,94 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-authorization-constraint.h : Conditions that must be
+ * satisfied in order for an authorization to apply
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_AUTHORIZATION_CONSTRAINT_H
+#define POLKIT_AUTHORIZATION_CONSTRAINT_H
+
+#include <polkit/polkit-types.h>
+#include <polkit/polkit-action.h>
+#include <polkit/polkit-result.h>
+#include <polkit/polkit-session.h>
+#include <polkit/polkit-caller.h>
+
+POLKIT_BEGIN_DECLS
+
+/**
+ * PolKitAuthorizationConstraintFlags:
+ * @POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_LOCAL: the session or
+ * caller must be local
+ * @POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_ACTIVE: the session or
+ * caller must be in an active session
+ * @POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_LOCAL_ACTIVE: short
+ * hand for the flags POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_LOCAL
+ * and POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_ACTIVE.
+ *
+ * This enumeration describes different conditions, not mutually
+ * exclusive, to help describe an authorization constraint.
+ */
+typedef enum {
+ POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_LOCAL = 1 << 0,
+ POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_ACTIVE = 1 << 1,
+ POLKIT_AUTHORIZATION_CONSTRAINT_REQUIRE_LOCAL_ACTIVE = (1 << 0) | (1 << 1)
+} PolKitAuthorizationConstraintFlags;
+
+struct _PolKitAuthorizationConstraint;
+typedef struct _PolKitAuthorizationConstraint PolKitAuthorizationConstraint;
+
+PolKitAuthorizationConstraint *polkit_authorization_constraint_get_null (void);
+PolKitAuthorizationConstraint *polkit_authorization_constraint_get_require_local (void);
+PolKitAuthorizationConstraint *polkit_authorization_constraint_get_require_active (void);
+PolKitAuthorizationConstraint *polkit_authorization_constraint_get_require_local_active (void);
+
+PolKitAuthorizationConstraint *polkit_authorization_constraint_ref (PolKitAuthorizationConstraint *authc);
+void polkit_authorization_constraint_unref (PolKitAuthorizationConstraint *authc);
+void polkit_authorization_constraint_debug (PolKitAuthorizationConstraint *authc);
+polkit_bool_t polkit_authorization_constraint_validate (PolKitAuthorizationConstraint *authc);
+
+PolKitAuthorizationConstraintFlags polkit_authorization_constraint_get_flags (PolKitAuthorizationConstraint *authc);
+
+polkit_bool_t polkit_authorization_constraint_check_session (PolKitAuthorizationConstraint *authc,
+ PolKitSession *session);
+
+polkit_bool_t polkit_authorization_constraint_check_caller (PolKitAuthorizationConstraint *authc,
+ PolKitCaller *caller);
+
+size_t polkit_authorization_constraint_to_string (PolKitAuthorizationConstraint *authc, char *out_buf, size_t buf_size);
+PolKitAuthorizationConstraint *polkit_authorization_constraint_from_string (const char *str);
+
+PolKitAuthorizationConstraint *polkit_authorization_constraint_get_from_caller (PolKitCaller *caller);
+
+polkit_bool_t polkit_authorization_constraint_equal (PolKitAuthorizationConstraint *a,
+ PolKitAuthorizationConstraint *b);
+
+POLKIT_END_DECLS
+
+#endif /* POLKIT_AUTHORIZATION_CONSTRAINT_H */
+
+
diff --git a/src/polkit/polkit-authorization-db-dummy.c b/src/polkit/polkit-authorization-db-dummy.c
new file mode 100644
index 0000000..64eecb0
--- /dev/null
+++ b/src/polkit/polkit-authorization-db-dummy.c
@@ -0,0 +1,191 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-authorization-db.c : Dummy authorization database
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/wait.h>
+#include <errno.h>
+#include <string.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <pwd.h>
+
+#include <glib.h>
+
+#include "polkit-debug.h"
+#include "polkit-authorization-db.h"
+#include "polkit-utils.h"
+#include "polkit-private.h"
+
+/* PolKitAuthorizationDB structure is defined in polkit/polkit-private.h */
+
+PolKitAuthorizationDBCapability
+polkit_authorization_db_get_capabilities (void)
+{
+ return 0;
+}
+
+PolKitAuthorizationDB *
+_polkit_authorization_db_new (void)
+{
+ PolKitAuthorizationDB *authdb;
+
+ authdb = g_new0 (PolKitAuthorizationDB, 1);
+ authdb->refcount = 1;
+
+ return authdb;
+}
+
+void
+_polkit_authorization_db_pfe_foreach (PolKitPolicyCache *policy_cache,
+ PolKitPolicyCacheForeachFunc callback,
+ void *user_data)
+{
+}
+
+PolKitPolicyFileEntry*
+_polkit_authorization_db_pfe_get_by_id (PolKitPolicyCache *policy_cache,
+ const char *action_id)
+{
+ return NULL;
+}
+
+PolKitAuthorizationDB *
+polkit_authorization_db_ref (PolKitAuthorizationDB *authdb)
+{
+ g_return_val_if_fail (authdb != NULL, authdb);
+ authdb->refcount++;
+ return authdb;
+}
+
+void
+polkit_authorization_db_unref (PolKitAuthorizationDB *authdb)
+{
+ g_return_if_fail (authdb != NULL);
+ authdb->refcount--;
+ if (authdb->refcount > 0)
+ return;
+ g_free (authdb);
+}
+
+void
+polkit_authorization_db_debug (PolKitAuthorizationDB *authdb)
+{
+ g_return_if_fail (authdb != NULL);
+ _pk_debug ("PolKitAuthorizationDB: refcount=%d", authdb->refcount);
+}
+
+polkit_bool_t
+polkit_authorization_db_validate (PolKitAuthorizationDB *authdb)
+{
+ g_return_val_if_fail (authdb != NULL, FALSE);
+
+ return TRUE;
+}
+
+void
+_polkit_authorization_db_invalidate_cache (PolKitAuthorizationDB *authdb)
+{
+}
+
+polkit_bool_t
+polkit_authorization_db_is_session_authorized (PolKitAuthorizationDB *authdb,
+ PolKitAction *action,
+ PolKitSession *session,
+ polkit_bool_t *out_is_authorized)
+{
+ *out_is_authorized = FALSE;
+ return TRUE;
+}
+
+polkit_bool_t
+polkit_authorization_db_is_caller_authorized (PolKitAuthorizationDB *authdb,
+ PolKitAction *action,
+ PolKitCaller *caller,
+ polkit_bool_t revoke_if_one_shot,
+ polkit_bool_t *out_is_authorized)
+{
+ *out_is_authorized = FALSE;
+ return TRUE;
+}
+
+
+polkit_bool_t
+polkit_authorization_db_foreach (PolKitAuthorizationDB *authdb,
+ PolKitAuthorizationDBForeach cb,
+ void *user_data,
+ PolKitError **error)
+{
+ return FALSE;
+}
+
+polkit_bool_t
+polkit_authorization_db_foreach_for_uid (PolKitAuthorizationDB *authdb,
+ uid_t uid,
+ PolKitAuthorizationDBForeach cb,
+ void *user_data,
+ PolKitError **error)
+{
+ return FALSE;
+}
+
+polkit_bool_t
+polkit_authorization_db_foreach_for_action (PolKitAuthorizationDB *authdb,
+ PolKitAction *action,
+ PolKitAuthorizationDBForeach cb,
+ void *user_data,
+ PolKitError **error)
+{
+ return FALSE;
+}
+
+polkit_bool_t
+polkit_authorization_db_foreach_for_action_for_uid (PolKitAuthorizationDB *authdb,
+ PolKitAction *action,
+ uid_t uid,
+ PolKitAuthorizationDBForeach cb,
+ void *user_data,
+ PolKitError **error)
+{
+ return FALSE;
+}
+
+polkit_bool_t
+polkit_authorization_db_revoke_entry (PolKitAuthorizationDB *authdb,
+ PolKitAuthorization *auth,
+ PolKitError **error)
+{
+ polkit_error_set_error (error, POLKIT_ERROR_NOT_SUPPORTED, "Not supported");
+ return FALSE;
+}
+
+
diff --git a/src/polkit/polkit-authorization-db.c b/src/polkit/polkit-authorization-db.c
new file mode 100644
index 0000000..edccfc6
--- /dev/null
+++ b/src/polkit/polkit-authorization-db.c
@@ -0,0 +1,848 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-authorization-db.c : Represents the authorization database
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/wait.h>
+#include <errno.h>
+#include <string.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <pwd.h>
+
+#include <glib.h>
+
+#include "polkit-debug.h"
+#include "polkit-authorization-db.h"
+#include "polkit-utils.h"
+#include "polkit-private.h"
+
+/**
+ * SECTION:polkit-authorization-db
+ * @title: Authorization Database
+ * @short_description: Reading from and writing to the database storing authorizations
+ *
+ * This class presents an abstraction of the authorization database as
+ * well as methods for reading and writing to it.
+ *
+ * The reading parts are in <literal>libpolkit</literal> and the
+ * writing parts are in <literal>libpolkit-grant</literal>.
+ *
+ * Since: 0.7
+ **/
+
+/**
+ * PolKitAuthorizationDB:
+ *
+ * Objects of this class are used to represent the authorization
+ * database.
+ *
+ * Since: 0.7
+ **/
+struct _PolKitAuthorizationDB;
+
+/* PolKitAuthorizationDB structure is defined in polkit/polkit-private.h */
+
+static void
+_free_authlist (GSList *authlist)
+{
+ if (authlist != NULL) {
+ g_slist_foreach (authlist, (GFunc) polkit_authorization_unref, NULL);
+ g_slist_free (authlist);
+ }
+}
+
+
+/**
+ * polkit_authorization_db_get_capabilities:
+ *
+ * Determine what capabilities the authorization backend has.
+ *
+ * Returns: Flags from the #PolKitAuthorizationDBCapability enumeration
+ *
+ * Since: 0.7
+ */
+PolKitAuthorizationDBCapability
+polkit_authorization_db_get_capabilities (void)
+{
+ return POLKIT_AUTHORIZATION_DB_CAPABILITY_CAN_OBTAIN;
+}
+
+/**
+ * _polkit_authorization_db_new:
+ *
+ * Create a new #PolKitAuthorizationDB object.
+ *
+ * Returns: the new object
+ *
+ * Since: 0.7
+ **/
+PolKitAuthorizationDB *
+_polkit_authorization_db_new (void)
+{
+ PolKitAuthorizationDB *authdb;
+
+ authdb = g_new0 (PolKitAuthorizationDB, 1);
+ authdb->refcount = 1;
+
+ /* set up the hashtable */
+ _polkit_authorization_db_invalidate_cache (authdb);
+ return authdb;
+}
+
+void
+_polkit_authorization_db_pfe_foreach (PolKitPolicyCache *policy_cache,
+ PolKitPolicyCacheForeachFunc callback,
+ void *user_data)
+{
+}
+
+PolKitPolicyFileEntry*
+_polkit_authorization_db_pfe_get_by_id (PolKitPolicyCache *policy_cache,
+ const char *action_id)
+{
+ return NULL;
+}
+
+
+/**
+ * polkit_authorization_db_ref:
+ * @authdb: the object
+ *
+ * Increase reference count.
+ *
+ * Returns: the object
+ *
+ * Since: 0.7
+ **/
+PolKitAuthorizationDB *
+polkit_authorization_db_ref (PolKitAuthorizationDB *authdb)
+{
+ g_return_val_if_fail (authdb != NULL, authdb);
+ authdb->refcount++;
+ return authdb;
+}
+
+/**
+ * polkit_authorization_db_unref:
+ * @authdb: the object
+ *
+ * Decreases the reference count of the object. If it becomes zero,
+ * the object is freed. Before freeing, reference counts on embedded
+ * objects are decresed by one.
+ *
+ * Since: 0.7
+ **/
+void
+polkit_authorization_db_unref (PolKitAuthorizationDB *authdb)
+{
+ g_return_if_fail (authdb != NULL);
+ authdb->refcount--;
+ if (authdb->refcount > 0)
+ return;
+ g_hash_table_destroy (authdb->uid_to_authlist);
+ g_free (authdb);
+}
+
+/**
+ * polkit_authorization_db_debug:
+ * @authdb: the object
+ *
+ * Print debug details
+ *
+ * Since: 0.7
+ **/
+void
+polkit_authorization_db_debug (PolKitAuthorizationDB *authdb)
+{
+ g_return_if_fail (authdb != NULL);
+ _pk_debug ("PolKitAuthorizationDB: refcount=%d", authdb->refcount);
+}
+
+/**
+ * polkit_authorization_db_validate:
+ * @authdb: the object
+ *
+ * Validate the object
+ *
+ * Returns: #TRUE iff the object is valid.
+ *
+ * Since: 0.7
+ **/
+polkit_bool_t
+polkit_authorization_db_validate (PolKitAuthorizationDB *authdb)
+{
+ g_return_val_if_fail (authdb != NULL, FALSE);
+
+ return TRUE;
+}
+
+/**
+ * _polkit_authorization_db_invalidate_cache:
+ * @authdb: authorization database
+ *
+ * Tell the authorization database to invalidate any caches it might
+ * employ. This is called by #PolKitContext whenever configuration or
+ * anything else changes.
+ *
+ * Since: 0.7
+ */
+void
+_polkit_authorization_db_invalidate_cache (PolKitAuthorizationDB *authdb)
+{
+ /* out with the old, in the with new */
+ if (authdb->uid_to_authlist != NULL) {
+ g_hash_table_destroy (authdb->uid_to_authlist);
+ }
+ authdb->uid_to_authlist = g_hash_table_new_full (g_direct_hash,
+ g_direct_equal,
+ NULL,
+ (GDestroyNotify) _free_authlist);
+}
+
+/**
+ * _authdb_get_auths_for_uid:
+ * @authdb: authorization database
+ * @uid: uid to get authorizations for. If -1 is passed authorizations
+ * for all users will be returned.
+ * @error: return location for error
+ *
+ * Internal function to get authorizations for a uid.
+ *
+ * Returns: A singly-linked list of #PolKitAuthorization
+ * objects. Caller shall not free this list. Returns #NULL if either
+ * calling process is not sufficiently privileged (error will be set)
+ * or if there are no authorizations for the given uid.
+ *
+ * Since: 0.7
+ */
+static GSList *
+_authdb_get_auths_for_uid (PolKitAuthorizationDB *authdb,
+ uid_t uid,
+ PolKitError **error)
+{
+ GSList *ret;
+ char *helper_argv[] = {PACKAGE_LIBEXEC_DIR "/polkit-read-auth-helper", NULL, NULL};
+ gint exit_status;
+ GError *g_error;
+ char *standard_output;
+ size_t len;
+ off_t n;
+
+ ret = NULL;
+ standard_output = NULL;
+
+ /* first, see if this is in the cache */
+ ret = g_hash_table_lookup (authdb->uid_to_authlist, (gpointer) uid);
+ if (ret != NULL)
+ goto out;
+
+ helper_argv[1] = g_strdup_printf ("%d", uid);
+
+ /* we need to do this through a setgid polkituser helper
+ * because the auth file is readable only for uid 0 and gid
+ * polkituser.
+ */
+ g_error = NULL;
+ if (!g_spawn_sync (NULL, /* const gchar *working_directory */
+ helper_argv, /* gchar **argv */
+ NULL, /* gchar **envp */
+ 0, /* GSpawnFlags flags */
+ NULL, /* GSpawnChildSetupFunc child_setup */
+ NULL, /* gpointer user_data */
+ &standard_output, /* gchar **standard_output */
+ NULL, /* gchar **standard_error */
+ &exit_status, /* gint *exit_status */
+ &g_error)) { /* GError **error */
+ polkit_error_set_error (error,
+ POLKIT_ERROR_GENERAL_ERROR,
+ "Error spawning read auth helper: %s",
+ g_error->message);
+ g_error_free (g_error);
+ goto out;
+ }
+
+ if (!WIFEXITED (exit_status)) {
+ g_warning ("Read auth helper crashed!");
+ polkit_error_set_error (error,
+ POLKIT_ERROR_GENERAL_ERROR,
+ "Read auth helper crashed!");
+ goto out;
+ } else if (WEXITSTATUS(exit_status) != 0) {
+ polkit_error_set_error (error,
+ POLKIT_ERROR_NOT_AUTHORIZED_TO_READ_AUTHORIZATIONS_FOR_OTHER_USERS,
+ uid > 0 ?
+ "uid %d is not authorized to read authorizations for uid %d (requires org.freedesktop.policykit.read)" :
+ "uid %d is not authorized to read all authorizations (requires org.freedesktop.policykit.read)",
+ getuid (), uid);
+ goto out;
+ }
+
+ len = strlen (standard_output);
+
+ /* parse one line at a time (modifies standard_output in place) */
+ n = 0;
+ while (n < len) {
+ off_t m;
+ char *line;
+ PolKitAuthorization *auth;
+
+ m = n;
+ while (m < len && standard_output[m] != '\0') {
+ if (standard_output[m] == '\n')
+ break;
+ m++;
+ }
+ /* check EOF */
+ if (standard_output[m] == '\0')
+ break;
+ standard_output[m] = '\0';
+
+ line = standard_output + n;
+
+ if (strlen (line) >= 2 && strncmp (line, "#uid=", 5) == 0) {
+ uid = (uid_t) atoi (line + 5);
+ }
+
+ if (strlen (line) >= 2 && line[0] != '#') {
+ auth = _polkit_authorization_new_for_uid (line, uid);
+
+ if (auth != NULL) {
+ ret = g_slist_prepend (ret, auth);
+ }
+ }
+
+ n = m + 1;
+ }
+
+ g_hash_table_insert (authdb->uid_to_authlist, (gpointer) uid, ret);
+
+out:
+ g_free (helper_argv[1]);
+ g_free (standard_output);
+ return ret;
+}
+
+
+static polkit_bool_t
+_internal_foreach (PolKitAuthorizationDB *authdb,
+ PolKitAction *action,
+ uid_t uid,
+ PolKitAuthorizationDBForeach cb,
+ void *user_data,
+ PolKitError **error)
+{
+ GSList *l;
+ GSList *auths;
+ polkit_bool_t ret;
+ char *action_id;
+
+ g_return_val_if_fail (authdb != NULL, FALSE);
+ g_return_val_if_fail (cb != NULL, FALSE);
+
+ ret = FALSE;
+
+ if (action == NULL) {
+ action_id = NULL;
+ } else {
+ if (!polkit_action_get_action_id (action, &action_id))
+ goto out;
+ }
+
+ auths = _authdb_get_auths_for_uid (authdb, uid, error);
+ if (auths == NULL)
+ goto out;
+
+ for (l = auths; l != NULL; l = l->next) {
+ PolKitAuthorization *auth = l->data;
+
+ if (action_id != NULL) {
+ if (strcmp (polkit_authorization_get_action_id (auth), action_id) != 0) {
+ continue;
+ }
+ }
+
+ if (cb (authdb, auth, user_data)) {
+ ret = TRUE;
+ goto out;
+ }
+ }
+
+out:
+ return ret;
+}
+
+
+/**
+ * polkit_authorization_db_foreach:
+ * @authdb: authorization database
+ * @cb: callback
+ * @user_data: user data to pass to callback
+ * @error: return location for error
+ *
+ * Iterate over all entries in the authorization database.
+ *
+ * Note that unless the calling process has the authorization
+ * org.freedesktop.policykit.read this function may return an error.
+ *
+ * Returns: #TRUE if the callback returned #TRUE to stop iterating. If
+ * #FALSE, either error may be set or the callback returns #FALSE on
+ * every invocation.
+ *
+ * Since: 0.7
+ */
+polkit_bool_t
+polkit_authorization_db_foreach (PolKitAuthorizationDB *authdb,
+ PolKitAuthorizationDBForeach cb,
+ void *user_data,
+ PolKitError **error)
+{
+ return _internal_foreach (authdb, NULL, -1, cb, user_data, error);
+}
+
+/**
+ * polkit_authorization_db_foreach_for_uid:
+ * @authdb: authorization database
+ * @uid: user to get authorizations for
+ * @cb: callback
+ * @user_data: user data to pass to callback
+ * @error: return location for error
+ *
+ * Iterate over all entries in the authorization database for a given
+ * user.
+ *
+ * Note that if the calling process asks for authorizations for a
+ * different uid than itself and it lacks the authorization
+ * org.freedesktop.policykit.read this function may return an error.
+ *
+ * Returns: #TRUE if the callback returned #TRUE to stop iterating. If
+ * #FALSE, either error may be set or the callback returns #FALSE on
+ * every invocation.
+ *
+ * Since: 0.7
+ */
+polkit_bool_t
+polkit_authorization_db_foreach_for_uid (PolKitAuthorizationDB *authdb,
+ uid_t uid,
+ PolKitAuthorizationDBForeach cb,
+ void *user_data,
+ PolKitError **error)
+{
+ return _internal_foreach (authdb, NULL, uid, cb, user_data, error);
+}
+
+/**
+ * polkit_authorization_db_foreach_for_action:
+ * @authdb: authorization database
+ * @action: action to get authorizations for
+ * @cb: callback
+ * @user_data: user data to pass to callback
+ * @error: return location for error
+ *
+ * Iterate over all entries in the authorization database for a given
+ * action.
+ *
+ * Note that unless the calling process has the authorization
+ * org.freedesktop.policykit.read this function may return an error.
+ *
+ * Returns: #TRUE if the callback returned #TRUE to stop iterating. If
+ * #FALSE, either error may be set or the callback returns #FALSE on
+ * every invocation.
+ *
+ * Since: 0.7
+ */
+polkit_bool_t
+polkit_authorization_db_foreach_for_action (PolKitAuthorizationDB *authdb,
+ PolKitAction *action,
+ PolKitAuthorizationDBForeach cb,
+ void *user_data,
+ PolKitError **error)
+{
+ g_return_val_if_fail (action != NULL, FALSE);
+ return _internal_foreach (authdb, action, -1, cb, user_data, error);
+}
+
+/**
+ * polkit_authorization_db_foreach_for_action_for_uid:
+ * @authdb: authorization database
+ * @action: action to get authorizations for
+ * @uid: user to get authorizations for
+ * @cb: callback
+ * @user_data: user data to pass to callback
+ * @error: return location for error
+ *
+ * Iterate over all entries in the authorization database for a given
+ * action and user.
+ *
+ * Note that if the calling process asks for authorizations for a
+ * different uid than itself and it lacks the authorization
+ * org.freedesktop.policykit.read this function may return an error.
+ *
+ * Returns: #TRUE if the callback returned #TRUE to stop iterating. If
+ * #FALSE, either error may be set or the callback returns #FALSE on
+ * every invocation.
+ *
+ * Since: 0.7
+ */
+polkit_bool_t
+polkit_authorization_db_foreach_for_action_for_uid (PolKitAuthorizationDB *authdb,
+ PolKitAction *action,
+ uid_t uid,
+ PolKitAuthorizationDBForeach cb,
+ void *user_data,
+ PolKitError **error)
+{
+ g_return_val_if_fail (action != NULL, FALSE);
+ return _internal_foreach (authdb, action, uid, cb, user_data, error);
+}
+
+
+typedef struct {
+ char *action_id;
+ uid_t session_uid;
+ char *session_objpath;
+ PolKitSession *session;
+} CheckDataSession;
+
+static polkit_bool_t
+_check_auth_for_session (PolKitAuthorizationDB *authdb, PolKitAuthorization *auth, void *user_data)
+{
+ gboolean ret;
+ CheckDataSession *cd = (CheckDataSession *) user_data;
+ PolKitAuthorizationConstraint *constraint;
+
+ ret = FALSE;
+
+ if (strcmp (polkit_authorization_get_action_id (auth), cd->action_id) != 0)
+ goto no_match;
+
+ constraint = polkit_authorization_get_constraint (auth);
+ if (!polkit_authorization_constraint_check_session (constraint, cd->session))
+ goto no_match;
+
+ switch (polkit_authorization_get_scope (auth))
+ {
+ case POLKIT_AUTHORIZATION_SCOPE_PROCESS_ONE_SHOT:
+ case POLKIT_AUTHORIZATION_SCOPE_PROCESS:
+ goto no_match;
+
+ case POLKIT_AUTHORIZATION_SCOPE_SESSION:
+ if (strcmp (polkit_authorization_scope_session_get_ck_objref (auth), cd->session_objpath) != 0)
+ goto no_match;
+ break;
+
+ case POLKIT_AUTHORIZATION_SCOPE_ALWAYS:
+ break;
+ }
+
+ ret = TRUE;
+
+no_match:
+ return ret;
+}
+
+/**
+ * polkit_authorization_db_is_session_authorized:
+ * @authdb: the authorization database
+ * @action: the action to check for
+ * @session: the session to check for
+ * @out_is_authorized: return location
+ *
+ * Looks in the authorization database and determine if processes from
+ * the given session are authorized to do the given specific action.
+ *
+ * Returns: #TRUE if the look up was performed; #FALSE if the caller
+ * of this function lacks privileges to ask this question (e.g. asking
+ * about a user that is not himself).
+ *
+ * Since: 0.7
+ */
+polkit_bool_t
+polkit_authorization_db_is_session_authorized (PolKitAuthorizationDB *authdb,
+ PolKitAction *action,
+ PolKitSession *session,
+ polkit_bool_t *out_is_authorized)
+{
+ polkit_bool_t ret;
+ CheckDataSession cd;
+
+ ret = FALSE;
+
+ g_return_val_if_fail (authdb != NULL, FALSE);
+ g_return_val_if_fail (action != NULL, FALSE);
+ g_return_val_if_fail (session != NULL, FALSE);
+ g_return_val_if_fail (out_is_authorized != NULL, FALSE);
+
+ if (!polkit_action_get_action_id (action, &cd.action_id))
+ return FALSE;
+
+ if (!polkit_session_get_uid (session, &cd.session_uid))
+ return FALSE;
+
+ cd.session = session;
+
+ if (!polkit_session_get_ck_objref (session, &cd.session_objpath) || cd.session_objpath == NULL)
+ return FALSE;
+
+ ret = TRUE;
+
+ *out_is_authorized = FALSE;
+ if (polkit_authorization_db_foreach_for_uid (authdb,
+ cd.session_uid,
+ _check_auth_for_session,
+ &cd,
+ NULL)) {
+ *out_is_authorized = TRUE;
+ }
+
+ return ret;
+}
+
+typedef struct {
+ char *action_id;
+ uid_t caller_uid;
+ pid_t caller_pid;
+ polkit_uint64_t caller_pid_start_time;
+ char *session_objpath;
+ PolKitCaller *caller;
+ polkit_bool_t revoke_if_one_shot;
+} CheckData;
+
+static polkit_bool_t
+_check_auth_for_caller (PolKitAuthorizationDB *authdb, PolKitAuthorization *auth, void *user_data)
+{
+
+ gboolean ret;
+ pid_t caller_pid;
+ polkit_uint64_t caller_pid_start_time;
+ CheckData *cd = (CheckData *) user_data;
+ PolKitAuthorizationConstraint *constraint;
+ PolKitError *error;
+
+ ret = FALSE;
+
+ if (strcmp (polkit_authorization_get_action_id (auth), cd->action_id) != 0)
+ goto no_match;
+
+ constraint = polkit_authorization_get_constraint (auth);
+ if (!polkit_authorization_constraint_check_caller (constraint, cd->caller))
+ goto no_match;
+
+ switch (polkit_authorization_get_scope (auth))
+ {
+ case POLKIT_AUTHORIZATION_SCOPE_PROCESS_ONE_SHOT:
+ case POLKIT_AUTHORIZATION_SCOPE_PROCESS:
+ if (!polkit_authorization_scope_process_get_pid (auth, &caller_pid, &caller_pid_start_time))
+ goto no_match;
+ if (!(caller_pid == cd->caller_pid && caller_pid_start_time == cd->caller_pid_start_time))
+ goto no_match;
+
+ if (polkit_authorization_get_scope (auth) == POLKIT_AUTHORIZATION_SCOPE_PROCESS_ONE_SHOT) {
+
+ /* it's a match already; revoke if asked to do so */
+ if (cd->revoke_if_one_shot) {
+ error = NULL;
+ if (!polkit_authorization_db_revoke_entry (authdb, auth, &error)) {
+ g_warning ("Cannot revoke one-shot auth: %s: %s",
+ polkit_error_get_error_name (error),
+ polkit_error_get_error_message (error));
+ polkit_error_free (error);
+ }
+ }
+ }
+ break;
+
+ case POLKIT_AUTHORIZATION_SCOPE_SESSION:
+ if (cd->session_objpath == NULL)
+ goto no_match;
+ if (strcmp (polkit_authorization_scope_session_get_ck_objref (auth), cd->session_objpath) != 0)
+ goto no_match;
+ break;
+
+ case POLKIT_AUTHORIZATION_SCOPE_ALWAYS:
+ break;
+ }
+
+ ret = TRUE;
+
+
+no_match:
+ return ret;
+}
+
+/**
+ * polkit_authorization_db_is_caller_authorized:
+ * @authdb: the authorization database
+ * @action: the action to check for
+ * @caller: the caller to check for
+ * @revoke_if_one_shot: Whether to revoke one-shot authorizations. See
+ * discussion in polkit_context_is_caller_authorized() for details.
+ * @out_is_authorized: return location
+ *
+ * Looks in the authorization database if the given caller is
+ * authorized to do the given action.
+ *
+ * Returns: #TRUE if the look up was performed; #FALSE if the caller
+ * of this function lacks privileges to ask this question (e.g. asking
+ * about a user that is not himself).
+ *
+ * Since: 0.7
+ */
+polkit_bool_t
+polkit_authorization_db_is_caller_authorized (PolKitAuthorizationDB *authdb,
+ PolKitAction *action,
+ PolKitCaller *caller,
+ polkit_bool_t revoke_if_one_shot,
+ polkit_bool_t *out_is_authorized)
+{
+ PolKitSession *session;
+ polkit_bool_t ret;
+ CheckData cd;
+
+ ret = FALSE;
+
+ g_return_val_if_fail (authdb != NULL, FALSE);
+ g_return_val_if_fail (action != NULL, FALSE);
+ g_return_val_if_fail (caller != NULL, FALSE);
+ g_return_val_if_fail (out_is_authorized != NULL, FALSE);
+
+ if (!polkit_action_get_action_id (action, &cd.action_id))
+ return FALSE;
+
+ if (!polkit_caller_get_pid (caller, &cd.caller_pid))
+ return FALSE;
+
+ if (!polkit_caller_get_uid (caller, &cd.caller_uid))
+ return FALSE;
+
+ cd.caller = caller;
+ cd.revoke_if_one_shot = revoke_if_one_shot;
+
+ cd.caller_pid_start_time = polkit_sysdeps_get_start_time_for_pid (cd.caller_pid);
+ if (cd.caller_pid_start_time == 0)
+ return FALSE;
+
+ /* Caller does not _have_ to be member of a session */
+ cd.session_objpath = NULL;
+ if (polkit_caller_get_ck_session (caller, &session) && session != NULL) {
+ if (!polkit_session_get_ck_objref (session, &cd.session_objpath))
+ cd.session_objpath = NULL;
+ }
+
+ ret = TRUE;
+
+ *out_is_authorized = FALSE;
+ if (polkit_authorization_db_foreach_for_uid (authdb,
+ cd.caller_uid,
+ _check_auth_for_caller,
+ &cd,
+ NULL)) {
+ *out_is_authorized = TRUE;
+ }
+
+ return ret;
+}
+
+/**
+ * polkit_authorization_db_revoke_entry:
+ * @authdb: the authorization database
+ * @auth: the authorization to revoke
+ * @error: return location for error
+ *
+ * Removes an authorization from the authorization database. This uses
+ * a privileged helper /usr/libexec/polkit-revoke-helper.
+ *
+ * Returns: #TRUE if the authorization was revoked, #FALSE otherwise and error is set
+ *
+ * Since: 0.7
+ */
+polkit_bool_t
+polkit_authorization_db_revoke_entry (PolKitAuthorizationDB *authdb,
+ PolKitAuthorization *auth,
+ PolKitError **error)
+{
+ GError *g_error;
+ char *helper_argv[] = {PACKAGE_LIBEXEC_DIR "/polkit-revoke-helper", "", NULL, NULL, NULL};
+ const char *auth_file_entry;
+ gboolean ret;
+ gint exit_status;
+
+ ret = FALSE;
+
+ g_return_val_if_fail (authdb != NULL, FALSE);
+ g_return_val_if_fail (auth != NULL, FALSE);
+
+ auth_file_entry = _polkit_authorization_get_authfile_entry (auth);
+ //g_debug ("should delete line '%s'", auth_file_entry);
+
+ helper_argv[1] = (char *) auth_file_entry;
+ helper_argv[2] = "uid";
+ helper_argv[3] = g_strdup_printf ("%d", polkit_authorization_get_uid (auth));
+
+ g_error = NULL;
+ if (!g_spawn_sync (NULL, /* const gchar *working_directory */
+ helper_argv, /* gchar **argv */
+ NULL, /* gchar **envp */
+ 0, /* GSpawnFlags flags */
+ NULL, /* GSpawnChildSetupFunc child_setup */
+ NULL, /* gpointer user_data */
+ NULL, /* gchar **standard_output */
+ NULL, /* gchar **standard_error */
+ &exit_status, /* gint *exit_status */
+ &g_error)) { /* GError **error */
+ polkit_error_set_error (error,
+ POLKIT_ERROR_GENERAL_ERROR,
+ "Error spawning revoke helper: %s",
+ g_error->message);
+ g_error_free (g_error);
+ goto out;
+ }
+
+ if (!WIFEXITED (exit_status)) {
+ g_warning ("Revoke helper crashed!");
+ polkit_error_set_error (error,
+ POLKIT_ERROR_GENERAL_ERROR,
+ "Revoke helper crashed!");
+ goto out;
+ } else if (WEXITSTATUS(exit_status) != 0) {
+ polkit_error_set_error (error,
+ POLKIT_ERROR_NOT_AUTHORIZED_TO_REVOKE_AUTHORIZATIONS_FROM_OTHER_USERS,
+ "uid %d is not authorized to revoke authorizations from uid %d (requires org.freedesktop.policykit.revoke)",
+ getuid (), polkit_authorization_get_uid (auth));
+ } else {
+ ret = TRUE;
+ }
+
+out:
+ g_free (helper_argv[3]);
+ return ret;
+}
diff --git a/src/polkit/polkit-authorization-db.h b/src/polkit/polkit-authorization-db.h
new file mode 100644
index 0000000..8089bd4
--- /dev/null
+++ b/src/polkit/polkit-authorization-db.h
@@ -0,0 +1,156 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-authorization-db.h : Represents the authorization database
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_AUTHORIZATION_DB_H
+#define POLKIT_AUTHORIZATION_DB_H
+
+#include <polkit/polkit-types.h>
+#include <polkit/polkit-authorization.h>
+#include <polkit/polkit-action.h>
+#include <polkit/polkit-result.h>
+#include <polkit/polkit-caller.h>
+#include <polkit/polkit-session.h>
+#include <polkit/polkit-error.h>
+
+POLKIT_BEGIN_DECLS
+
+struct _PolKitAuthorizationDB;
+typedef struct _PolKitAuthorizationDB PolKitAuthorizationDB;
+
+/**
+ * PolKitAuthorizationDBCapability:
+ * @POLKIT_AUTHORIZATION_DB_CAPABILITY_CAN_OBTAIN: Users can obtain
+ * authorizations through authentication
+ *
+ * Capabilities of the authorization database backend.
+ *
+ * Since: 0.7
+ */
+typedef enum
+{
+ POLKIT_AUTHORIZATION_DB_CAPABILITY_CAN_OBTAIN = 1 << 0
+} PolKitAuthorizationDBCapability;
+
+PolKitAuthorizationDBCapability polkit_authorization_db_get_capabilities (void);
+
+PolKitAuthorizationDB *polkit_authorization_db_ref (PolKitAuthorizationDB *authdb);
+void polkit_authorization_db_unref (PolKitAuthorizationDB *authdb);
+
+void polkit_authorization_db_debug (PolKitAuthorizationDB *authdb);
+polkit_bool_t polkit_authorization_db_validate (PolKitAuthorizationDB *authdb);
+
+polkit_bool_t polkit_authorization_db_is_session_authorized (PolKitAuthorizationDB *authdb,
+ PolKitAction *action,
+ PolKitSession *session,
+ polkit_bool_t *out_is_authorized);
+
+polkit_bool_t polkit_authorization_db_is_caller_authorized (PolKitAuthorizationDB *authdb,
+ PolKitAction *action,
+ PolKitCaller *caller,
+ polkit_bool_t revoke_if_one_shot,
+ polkit_bool_t *out_is_authorized);
+
+/**
+ * PolKitAuthorizationDBForeach:
+ * @authdb: authorization database
+ * @auth: authorization; user shall not unref this object. Unless
+ * reffed by the user it will be destroyed when the callback function
+ * returns.
+ * @user_data: user data passed
+ *
+ * Type of callback function for iterating over authorizations.
+ *
+ * Returns: pass #TRUE to stop iterating
+ *
+ * Since: 0.7
+ */
+typedef polkit_bool_t (*PolKitAuthorizationDBForeach) (PolKitAuthorizationDB *authdb,
+ PolKitAuthorization *auth,
+ void *user_data);
+
+polkit_bool_t polkit_authorization_db_foreach (PolKitAuthorizationDB *authdb,
+ PolKitAuthorizationDBForeach cb,
+ void *user_data,
+ PolKitError **error);
+
+polkit_bool_t polkit_authorization_db_foreach_for_uid (PolKitAuthorizationDB *authdb,
+ uid_t uid,
+ PolKitAuthorizationDBForeach cb,
+ void *user_data,
+ PolKitError **error);
+
+polkit_bool_t polkit_authorization_db_foreach_for_action (PolKitAuthorizationDB *authdb,
+ PolKitAction *action,
+ PolKitAuthorizationDBForeach cb,
+ void *user_data,
+ PolKitError **error);
+
+polkit_bool_t polkit_authorization_db_foreach_for_action_for_uid (PolKitAuthorizationDB *authdb,
+ PolKitAction *action,
+ uid_t uid,
+ PolKitAuthorizationDBForeach cb,
+ void *user_data,
+ PolKitError **error);
+
+polkit_bool_t polkit_authorization_db_add_entry_process_one_shot (PolKitAuthorizationDB *authdb,
+ PolKitAction *action,
+ PolKitCaller *caller,
+ uid_t user_authenticated_as);
+
+polkit_bool_t polkit_authorization_db_add_entry_process (PolKitAuthorizationDB *authdb,
+ PolKitAction *action,
+ PolKitCaller *caller,
+ uid_t user_authenticated_as);
+
+polkit_bool_t polkit_authorization_db_add_entry_session (PolKitAuthorizationDB *authdb,
+ PolKitAction *action,
+ PolKitCaller *caller,
+ uid_t user_authenticated_as);
+
+polkit_bool_t polkit_authorization_db_add_entry_always (PolKitAuthorizationDB *authdb,
+ PolKitAction *action,
+ PolKitCaller *caller,
+ uid_t user_authenticated_as);
+
+polkit_bool_t polkit_authorization_db_grant_to_uid (PolKitAuthorizationDB *authdb,
+ PolKitAction *action,
+ uid_t uid,
+ PolKitAuthorizationConstraint *constraint,
+ PolKitError **error);
+
+polkit_bool_t polkit_authorization_db_revoke_entry (PolKitAuthorizationDB *authdb,
+ PolKitAuthorization *auth,
+ PolKitError **error);
+
+
+POLKIT_END_DECLS
+
+#endif /* POLKIT_AUTHORIZATION_DB_H */
+
+
diff --git a/src/polkit/polkit-authorization.c b/src/polkit/polkit-authorization.c
new file mode 100644
index 0000000..660183a
--- /dev/null
+++ b/src/polkit/polkit-authorization.c
@@ -0,0 +1,567 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-authorization.c : Represents an entry in the authorization
+ * database
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <glib.h>
+#include "polkit-debug.h"
+#include "polkit-authorization.h"
+#include "polkit-utils.h"
+#include "polkit-private.h"
+
+/**
+ * SECTION:polkit-authorization
+ * @title: Authorization Entry
+ * @short_description: An entry in the autothorization database
+ *
+ * This class is used to represent entries in the authorization
+ * database.
+ *
+ * Since: 0.7
+ **/
+
+/**
+ * PolKitAuthorization:
+ *
+ * Objects of this class are used to represent entries in the
+ * authorization database.
+ *
+ * Since: 0.7
+ **/
+struct _PolKitAuthorization
+{
+ int refcount;
+
+ char *entry_in_auth_file;
+
+ PolKitAuthorizationScope scope;
+ PolKitAuthorizationConstraint *constraint;
+
+ char *action_id;
+ uid_t uid;
+ time_t when;
+ uid_t authenticated_as_uid;
+
+ pid_t pid;
+ polkit_uint64_t pid_start_time;
+
+ polkit_bool_t explicitly_granted;
+ uid_t explicitly_granted_by;
+
+ char *session_id;
+};
+
+const char *
+_polkit_authorization_get_authfile_entry (PolKitAuthorization *auth)
+{
+ g_return_val_if_fail (auth != NULL, NULL);
+ return auth->entry_in_auth_file;
+}
+
+#ifdef POLKIT_AUTHDB_DEFAULT
+
+PolKitAuthorization *
+_polkit_authorization_new_for_uid (const char *entry_in_auth_file, uid_t uid)
+{
+ char **t;
+ guint num_t;
+ char *ep;
+ PolKitAuthorization *auth;
+ int n;
+
+ g_return_val_if_fail (entry_in_auth_file != NULL, NULL);
+
+ auth = g_new0 (PolKitAuthorization, 1);
+ auth->refcount = 1;
+ auth->entry_in_auth_file = g_strdup (entry_in_auth_file);
+ auth->uid = uid;
+
+ t = g_strsplit (entry_in_auth_file, ":", 0);
+ num_t = g_strv_length (t);
+
+/*
+ * pid:
+ * grant_line = g_strdup_printf ("process:%d:%Lu:%s:%Lu:%d:%s\n",
+ * caller_pid,
+ * pid_start_time,
+ * action_id,
+ * (polkit_uint64_t) now.tv_sec,
+ * user_authenticated_as,
+ * cbuf);
+ */
+ n = 1;
+
+ if (strcmp (t[0], "process") == 0 ||
+ strcmp (t[0], "process-one-shot") == 0) {
+ if (num_t != 7)
+ goto error;
+
+ if (strcmp (t[0], "process") == 0)
+ auth->scope = POLKIT_AUTHORIZATION_SCOPE_PROCESS;
+ else
+ auth->scope = POLKIT_AUTHORIZATION_SCOPE_PROCESS_ONE_SHOT;
+
+ auth->pid = strtoul (t[n++], &ep, 10);
+ if (*ep != '\0')
+ goto error;
+
+ auth->pid_start_time = strtoull (t[n++], &ep, 10);
+ if (*ep != '\0')
+ goto error;
+
+ if (!polkit_action_validate_id (t[n]))
+ goto error;
+ auth->action_id = g_strdup (t[n++]);
+
+ auth->when = strtoull (t[n++], &ep, 10);
+ if (*ep != '\0')
+ goto error;
+
+ auth->authenticated_as_uid = strtoul (t[n++], &ep, 10);
+ if (*ep != '\0')
+ goto error;
+
+ auth->constraint = polkit_authorization_constraint_from_string (t[n++]);
+ if (auth->constraint == NULL)
+ goto error;
+ }
+/*
+ * grant_line = g_strdup_printf ("session:%s:%s:%Lu:%s:%d:%s\n",
+ * session_objpath,
+ * action_id,
+ * (polkit_uint64_t) now.tv_sec,
+ * user_authenticated_as,
+ * cbuf);
+ */
+ else if (strcmp (t[0], "session") == 0) {
+ if (num_t != 6)
+ goto error;
+
+ auth->scope = POLKIT_AUTHORIZATION_SCOPE_SESSION;
+
+ auth->session_id = g_strdup (t[n++]);
+
+ if (!polkit_action_validate_id (t[n]))
+ goto error;
+ auth->action_id = g_strdup (t[n++]);
+
+ auth->when = strtoull (t[n++], &ep, 10);
+ if (*ep != '\0')
+ goto error;
+
+ auth->authenticated_as_uid = strtoul (t[n++], &ep, 10);
+ if (*ep != '\0')
+ goto error;
+
+ auth->constraint = polkit_authorization_constraint_from_string (t[n++]);
+ if (auth->constraint == NULL)
+ goto error;
+ }
+
+/*
+ * always:
+ * grant_line = g_strdup_printf ("always:%s:%Lu:%s:%d:%s\n",
+ * action_id,
+ * (polkit_uint64_t) now.tv_sec,
+ * user_authenticated_as,
+ * cbuf);
+ *
+ */
+ else if (strcmp (t[0], "always") == 0) {
+ if (num_t != 5)
+ goto error;
+
+ auth->scope = POLKIT_AUTHORIZATION_SCOPE_ALWAYS;
+
+ if (!polkit_action_validate_id (t[n]))
+ goto error;
+ auth->action_id = g_strdup (t[n++]);
+
+ auth->when = strtoull (t[n++], &ep, 10);
+ if (*ep != '\0')
+ goto error;
+
+ auth->authenticated_as_uid = strtoul (t[n++], &ep, 10);
+ if (*ep != '\0')
+ goto error;
+
+ auth->constraint = polkit_authorization_constraint_from_string (t[n++]);
+ if (auth->constraint == NULL)
+ goto error;
+ }
+/*
+ * grant:
+ * "grant:%d:%s:%Lu:%d:%s\n",
+ * action_id,
+ * (polkit_uint64_t) now.tv_sec,
+ * invoking_uid,
+ * authc_str) >= (int) sizeof (grant_line)) {
+ *
+ */
+ else if (strcmp (t[0], "grant") == 0) {
+
+ if (num_t != 5)
+ goto error;
+
+ auth->scope = POLKIT_AUTHORIZATION_SCOPE_ALWAYS;
+ auth->explicitly_granted = TRUE;
+
+ if (!polkit_action_validate_id (t[n]))
+ goto error;
+ auth->action_id = g_strdup (t[n++]);
+
+ auth->when = strtoull (t[n++], &ep, 10);
+ if (*ep != '\0')
+ goto error;
+
+ auth->explicitly_granted_by = strtoul (t[n++], &ep, 10);
+ if (*ep != '\0')
+ goto error;
+
+ auth->constraint = polkit_authorization_constraint_from_string (t[n++]);
+ if (auth->constraint == NULL)
+ goto error;
+
+ } else {
+ goto error;
+ }
+
+ g_strfreev (t);
+ return auth;
+
+error:
+ g_warning ("Error parsing token %d from line '%s'", n, entry_in_auth_file);
+ polkit_authorization_unref (auth);
+ g_strfreev (t);
+ return NULL;
+}
+
+#endif /* POLKIT_AUTHDB_DEFAULT */
+
+/**
+ * polkit_authorization_ref:
+ * @auth: the authorization object
+ *
+ * Increase reference count.
+ *
+ * Returns: the object
+ *
+ * Since: 0.7
+ **/
+PolKitAuthorization *
+polkit_authorization_ref (PolKitAuthorization *auth)
+{
+ g_return_val_if_fail (auth != NULL, auth);
+ auth->refcount++;
+ return auth;
+}
+
+/**
+ * polkit_authorization_unref:
+ * @auth: the authorization object
+ *
+ * Decreases the reference count of the object. If it becomes zero,
+ * the object is freed. Before freeing, reference counts on embedded
+ * objects are decresed by one.
+ *
+ * Since: 0.7
+ **/
+void
+polkit_authorization_unref (PolKitAuthorization *auth)
+{
+ g_return_if_fail (auth != NULL);
+ auth->refcount--;
+ if (auth->refcount > 0)
+ return;
+
+ g_free (auth->entry_in_auth_file);
+ g_free (auth->action_id);
+ g_free (auth->session_id);
+ if (auth->constraint != NULL)
+ polkit_authorization_constraint_unref (auth->constraint);
+ g_free (auth);
+}
+
+/**
+ * polkit_authorization_debug:
+ * @auth: the object
+ *
+ * Print debug details
+ *
+ * Since: 0.7
+ **/
+void
+polkit_authorization_debug (PolKitAuthorization *auth)
+{
+ g_return_if_fail (auth != NULL);
+ _pk_debug ("PolKitAuthorization: refcount=%d", auth->refcount);
+ _pk_debug (" scope = %d", auth->scope);
+ _pk_debug (" pid = %d", auth->pid);
+ _pk_debug (" pid_start_time = %Lu", auth->pid_start_time);
+ _pk_debug (" action_id = %s", auth->action_id);
+ _pk_debug (" when = %Lu", (polkit_uint64_t) auth->when);
+ _pk_debug (" auth_as_uid = %d", auth->authenticated_as_uid);
+}
+
+/**
+ * polkit_authorization_validate:
+ * @auth: the object
+ *
+ * Validate the object
+ *
+ * Returns: #TRUE iff the object is valid.
+ *
+ * Since: 0.7
+ **/
+polkit_bool_t
+polkit_authorization_validate (PolKitAuthorization *auth)
+{
+ g_return_val_if_fail (auth != NULL, FALSE);
+
+ return TRUE;
+}
+
+/**
+ * polkit_authorization_get_action_id:
+ * @auth: the object
+ *
+ * Get the action this authorization is for
+ *
+ * Returns: the action id. Caller should not free this string.
+ *
+ * Since: 0.7
+ */
+const char *
+polkit_authorization_get_action_id (PolKitAuthorization *auth)
+{
+ g_return_val_if_fail (auth != NULL, NULL);
+
+ return auth->action_id;
+}
+
+/**
+ * polkit_authorization_get_scope:
+ * @auth: the object
+ *
+ * Get the scope of the authorization; e.g. whether it's confined to a
+ * single process, a single session or can be retained
+ * indefinitely. Also keep in mind that an authorization is subject to
+ * constraints, see polkit_authorization_get_constraint() for details.
+ *
+ * Returns: the scope
+ *
+ * Since: 0.7
+ */
+PolKitAuthorizationScope
+polkit_authorization_get_scope (PolKitAuthorization *auth)
+{
+ g_return_val_if_fail (auth != NULL, 0);
+
+ return auth->scope;
+}
+
+/**
+ * polkit_authorization_scope_process_get_pid:
+ * @auth: the object
+ * @out_pid: return location
+ * @out_pid_start_time: return location
+ *
+ * If scope is #POLKIT_AUTHORIZATION_SCOPE_PROCESS_ONE_SHOT or
+ * #POLKIT_AUTHORIZATION_SCOPE_PROCESS, get information about what
+ * process the authorization is confined to.
+ *
+ * As process identifiers can be recycled, the start time of the
+ * process (the unit is not well-defined; on Linux it's the number of
+ * milliseconds since the system was started) is also returned.
+ *
+ * Returns: #TRUE if information was returned
+ *
+ * Since: 0.7
+ */
+polkit_bool_t
+polkit_authorization_scope_process_get_pid (PolKitAuthorization *auth,
+ pid_t *out_pid,
+ polkit_uint64_t *out_pid_start_time)
+{
+ g_return_val_if_fail (auth != NULL, FALSE);
+ g_return_val_if_fail (out_pid != NULL, FALSE);
+ g_return_val_if_fail (out_pid_start_time != NULL, FALSE);
+ g_return_val_if_fail (auth->scope == POLKIT_AUTHORIZATION_SCOPE_PROCESS ||
+ auth->scope == POLKIT_AUTHORIZATION_SCOPE_PROCESS_ONE_SHOT, FALSE);
+
+ *out_pid = auth->pid;
+ *out_pid_start_time = auth->pid_start_time;
+
+ return TRUE;
+}
+
+/**
+ * polkit_authorization_scope_session_get_ck_objref:
+ * @auth: the object
+ *
+ * Gets the ConsoleKit object path for the session the authorization
+ * is confined to.
+ *
+ * Returns: #NULL if scope wasn't session
+ *
+ * Since: 0.7
+ */
+const char *
+polkit_authorization_scope_session_get_ck_objref (PolKitAuthorization *auth)
+{
+ g_return_val_if_fail (auth != NULL, FALSE);
+ g_return_val_if_fail (auth->scope == POLKIT_AUTHORIZATION_SCOPE_SESSION, FALSE);
+
+ return auth->session_id;
+}
+
+/**
+ * polkit_authorization_get_uid:
+ * @auth: the object
+ *
+ * Gets the UNIX user id for the user the authorization is confined
+ * to.
+ *
+ * Returns: The UNIX user id for whom the authorization is confied to
+ *
+ * Since: 0.7
+ */
+uid_t
+polkit_authorization_get_uid (PolKitAuthorization *auth)
+{
+ g_return_val_if_fail (auth != NULL, 0);
+ return auth->uid;
+}
+
+/**
+ * polkit_authorization_get_time_of_grant:
+ * @auth: the object
+ *
+ * Returns the point in time the authorization was granted. The value
+ * is UNIX time, e.g. number of seconds since the Epoch Jan 1, 1970
+ * 0:00 UTC.
+ *
+ * Returns: When authorization was granted
+ *
+ * Since: 0.7
+ */
+time_t
+polkit_authorization_get_time_of_grant (PolKitAuthorization *auth)
+{
+ g_return_val_if_fail (auth != NULL, 0);
+ return auth->when;
+}
+
+/**
+ * polkit_authorization_was_granted_via_defaults:
+ * @auth: the object
+ * @out_user_authenticated_as: return location
+ *
+ * Determine if the authorization was obtained by the user by
+ * authenticating as himself or an administrator via the the
+ * "defaults" section in the <literal>.policy</literal> file for the
+ * action (e.g. "allow_any", "allow_inactive", "allow_active").
+ *
+ * Compare with polkit_authorization_was_granted_explicitly() - only
+ * one of these functions can return #TRUE.
+ *
+ * Returns: #TRUE if the authorization was obtained by the user
+ * himself authenticating.
+ *
+ * Since: 0.7
+ */
+polkit_bool_t
+polkit_authorization_was_granted_via_defaults (PolKitAuthorization *auth,
+ uid_t *out_user_authenticated_as)
+{
+ g_return_val_if_fail (auth != NULL, FALSE);
+ g_return_val_if_fail (out_user_authenticated_as != NULL, FALSE);
+
+ if (auth->explicitly_granted)
+ return FALSE;
+
+ *out_user_authenticated_as = auth->authenticated_as_uid;
+ return TRUE;
+}
+
+/**
+ * polkit_authorization_was_granted_explicitly:
+ * @auth: the object
+ * @out_by_whom: return location
+ *
+ * Determine if the authorization was explicitly granted by a
+ * sufficiently privileged user.
+ *
+ * Compare with polkit_authorization_was_granted_via_defaults() - only
+ * one of these functions can return #TRUE.
+ *
+ * Returns: #TRUE if the authorization was explicitly granted by a
+ * sufficiently privileger user.
+ *
+ * Since: 0.7
+ */
+polkit_bool_t
+polkit_authorization_was_granted_explicitly (PolKitAuthorization *auth,
+ uid_t *out_by_whom)
+{
+ g_return_val_if_fail (auth != NULL, FALSE);
+ g_return_val_if_fail (out_by_whom != NULL, FALSE);
+
+ if (!auth->explicitly_granted)
+ return FALSE;
+
+ *out_by_whom = auth->explicitly_granted_by;
+
+ return TRUE;
+}
+
+/**
+ * polkit_authorization_get_constraint:
+ * @auth: the object
+ *
+ * Get the constraint associated with an authorization.
+ *
+ * Returns: The constraint. Caller shall not unref this object.
+ *
+ * Since: 0.7
+ */
+PolKitAuthorizationConstraint *
+polkit_authorization_get_constraint (PolKitAuthorization *auth)
+{
+ g_return_val_if_fail (auth != NULL, FALSE);
+ return auth->constraint;
+}
diff --git a/src/polkit/polkit-authorization.h b/src/polkit/polkit-authorization.h
new file mode 100644
index 0000000..0e107be
--- /dev/null
+++ b/src/polkit/polkit-authorization.h
@@ -0,0 +1,100 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-authorization.h : Represents an entry in the authorization
+ * database
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_AUTHORIZATION_H
+#define POLKIT_AUTHORIZATION_H
+
+#include <polkit/polkit-types.h>
+#include <polkit/polkit-action.h>
+#include <polkit/polkit-result.h>
+#include <polkit/polkit-authorization-constraint.h>
+
+POLKIT_BEGIN_DECLS
+
+struct _PolKitAuthorization;
+typedef struct _PolKitAuthorization PolKitAuthorization;
+
+PolKitAuthorization *polkit_authorization_ref (PolKitAuthorization *auth);
+void polkit_authorization_unref (PolKitAuthorization *auth);
+
+void polkit_authorization_debug (PolKitAuthorization *auth);
+polkit_bool_t polkit_authorization_validate (PolKitAuthorization *auth);
+
+
+/**
+ * PolKitAuthorizationScope:
+ * @POLKIT_AUTHORIZATION_SCOPE_PROCESS_ONE_SHOT: The authorization is
+ * limited for a single shot for a single process on the system
+ * @POLKIT_AUTHORIZATION_SCOPE_PROCESS: The authorization is limited
+ * for a single process on the system
+ * @POLKIT_AUTHORIZATION_SCOPE_SESSION: The authorization is limited
+ * for processes originating from a given session
+ * @POLKIT_AUTHORIZATION_SCOPE_ALWAYS: The authorization is retained
+ * indefinitely.
+ *
+ * The scope of an authorization; e.g. whether it's limited to a
+ * process, a session or unlimited.
+ */
+typedef enum {
+ POLKIT_AUTHORIZATION_SCOPE_PROCESS_ONE_SHOT,
+ POLKIT_AUTHORIZATION_SCOPE_PROCESS,
+ POLKIT_AUTHORIZATION_SCOPE_SESSION,
+ POLKIT_AUTHORIZATION_SCOPE_ALWAYS,
+} PolKitAuthorizationScope;
+
+const char *polkit_authorization_get_action_id (PolKitAuthorization *auth);
+
+uid_t polkit_authorization_get_uid (PolKitAuthorization *auth);
+
+time_t polkit_authorization_get_time_of_grant (PolKitAuthorization *auth);
+
+PolKitAuthorizationConstraint *polkit_authorization_get_constraint (PolKitAuthorization *auth);
+
+PolKitAuthorizationScope polkit_authorization_get_scope (PolKitAuthorization *auth);
+
+
+polkit_bool_t polkit_authorization_scope_process_get_pid (PolKitAuthorization *auth,
+ pid_t *out_pid,
+ polkit_uint64_t *out_pid_start_time);
+
+const char *polkit_authorization_scope_session_get_ck_objref (PolKitAuthorization *auth);
+
+
+polkit_bool_t polkit_authorization_was_granted_via_defaults (PolKitAuthorization *auth,
+ uid_t *out_user_authenticated_as);
+
+polkit_bool_t polkit_authorization_was_granted_explicitly (PolKitAuthorization *auth,
+ uid_t *out_by_whom);
+
+POLKIT_END_DECLS
+
+#endif /* POLKIT_AUTHORIZATION_H */
+
+
diff --git a/src/polkit/polkit-caller.c b/src/polkit/polkit-caller.c
new file mode 100644
index 0000000..d3432b2
--- /dev/null
+++ b/src/polkit/polkit-caller.c
@@ -0,0 +1,455 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-caller.c : callers
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+/**
+ * SECTION:polkit-caller
+ * @title: Caller
+ * @short_description: Represents a process requesting a mechanism to do something.
+ *
+ * This class is used to represent a caller in another process that is
+ * calling into a mechanism to make the mechanism do something.
+ **/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <glib.h>
+#include "polkit-debug.h"
+#include "polkit-caller.h"
+#include "polkit-utils.h"
+#include "polkit-test.h"
+#include "polkit-memory.h"
+
+/**
+ * PolKitCaller:
+ *
+ * Objects of this class are used to record information about a caller
+ * in another process.
+ **/
+struct _PolKitCaller
+{
+ int refcount;
+ char *dbus_name;
+ uid_t uid;
+ pid_t pid;
+ char *selinux_context;
+ PolKitSession *session;
+};
+
+/**
+ * polkit_caller_new:
+ *
+ * Creates a new #PolKitCaller object.
+ *
+ * Returns: the new object
+ **/
+PolKitCaller *
+polkit_caller_new (void)
+{
+ PolKitCaller *caller;
+ caller = p_new0 (PolKitCaller, 1);
+ if (caller == NULL)
+ goto out;
+ caller->refcount = 1;
+out:
+ return caller;
+}
+
+/**
+ * polkit_caller_ref:
+ * @caller: The caller object
+ *
+ * Increase reference count.
+ *
+ * Returns: the object
+ **/
+PolKitCaller *
+polkit_caller_ref (PolKitCaller *caller)
+{
+ g_return_val_if_fail (caller != NULL, caller);
+ caller->refcount++;
+ return caller;
+}
+
+
+/**
+ * polkit_caller_unref:
+ * @caller: The caller object
+ *
+ * Decreases the reference count of the object. If it becomes zero,
+ * the object is freed. Before freeing, reference counts on embedded
+ * objects are decresed by one.
+ **/
+void
+polkit_caller_unref (PolKitCaller *caller)
+{
+ g_return_if_fail (caller != NULL);
+ caller->refcount--;
+ if (caller->refcount > 0)
+ return;
+ p_free (caller->dbus_name);
+ p_free (caller->selinux_context);
+ if (caller->session != NULL)
+ polkit_session_unref (caller->session);
+ p_free (caller);
+}
+
+/**
+ * polkit_caller_set_dbus_name:
+ * @caller: The caller object
+ * @dbus_name: unique system bus connection name
+ *
+ * Set the callers unique system bus connection name.
+ *
+ * Returns: #TRUE only if the value validated and was set
+ **/
+polkit_bool_t
+polkit_caller_set_dbus_name (PolKitCaller *caller, const char *dbus_name)
+{
+ g_return_val_if_fail (caller != NULL, FALSE);
+ g_return_val_if_fail (dbus_name == NULL || _pk_validate_unique_bus_name (dbus_name), FALSE);
+ if (caller->dbus_name != NULL)
+ p_free (caller->dbus_name);
+ if (dbus_name == NULL) {
+ caller->dbus_name = NULL;
+ return TRUE;
+ } else {
+ caller->dbus_name = p_strdup (dbus_name);
+ if (caller->dbus_name == NULL)
+ return FALSE;
+ else
+ return TRUE;
+ }
+}
+
+/**
+ * polkit_caller_set_uid:
+ * @caller: The caller object
+ * @uid: UNIX user id
+ *
+ * Set the callers UNIX user id.
+ *
+ * Returns: #TRUE only if the value validated and was set
+ **/
+polkit_bool_t
+polkit_caller_set_uid (PolKitCaller *caller, uid_t uid)
+{
+ g_return_val_if_fail (caller != NULL, FALSE);
+ caller->uid = uid;
+ return TRUE;
+}
+
+/**
+ * polkit_caller_set_pid:
+ * @caller: The caller object
+ * @pid: UNIX process id
+ *
+ * Set the callers UNIX process id.
+ *
+ * Returns: #TRUE only if the value validated and was set
+ **/
+polkit_bool_t
+polkit_caller_set_pid (PolKitCaller *caller, pid_t pid)
+{
+ g_return_val_if_fail (caller != NULL, FALSE);
+ caller->pid = pid;
+ return TRUE;
+}
+
+/**
+ * polkit_caller_set_selinux_context:
+ * @caller: The caller object
+ * @selinux_context: SELinux security context
+ *
+ * Set the callers SELinux security context.
+ *
+ * Returns: #TRUE only if the value validated and was set
+ **/
+polkit_bool_t
+polkit_caller_set_selinux_context (PolKitCaller *caller, const char *selinux_context)
+{
+ g_return_val_if_fail (caller != NULL, FALSE);
+ /* TODO: probably should have a separate validation function for SELinux contexts */
+ g_return_val_if_fail (selinux_context == NULL || _pk_validate_identifier (selinux_context), FALSE);
+
+ if (caller->selinux_context != NULL)
+ p_free (caller->selinux_context);
+ if (selinux_context == NULL) {
+ caller->selinux_context = NULL;
+ return TRUE;
+ } else {
+ caller->selinux_context = p_strdup (selinux_context);
+ if (caller->selinux_context == NULL)
+ return FALSE;
+ else
+ return TRUE;
+ }
+}
+
+/**
+ * polkit_caller_set_ck_session:
+ * @caller: The caller object
+ * @session: a session object
+ *
+ * Set the callers session. The reference count on the given object
+ * will be increased by one. If an existing session object was set
+ * already, the reference count on that one will be decreased by one.
+ *
+ * Returns: #TRUE only if the value validated and was set
+ **/
+polkit_bool_t
+polkit_caller_set_ck_session (PolKitCaller *caller, PolKitSession *session)
+{
+ g_return_val_if_fail (caller != NULL, FALSE);
+ g_return_val_if_fail (session == NULL || polkit_session_validate (session), FALSE);
+ if (caller->session != NULL)
+ polkit_session_unref (caller->session);
+ caller->session = session != NULL ? polkit_session_ref (session) : NULL;
+ return TRUE;
+}
+
+/**
+ * polkit_caller_get_dbus_name:
+ * @caller: The caller object
+ * @out_dbus_name: Returns the unique system bus connection name. The caller shall not free this string.
+ *
+ * Get the callers unique system bus connection name.
+ *
+ * Returns: TRUE iff the value is returned
+ **/
+polkit_bool_t
+polkit_caller_get_dbus_name (PolKitCaller *caller, char **out_dbus_name)
+{
+ g_return_val_if_fail (caller != NULL, FALSE);
+ g_return_val_if_fail (out_dbus_name != NULL, FALSE);
+ *out_dbus_name = caller->dbus_name;
+ return TRUE;
+}
+
+/**
+ * polkit_caller_get_uid:
+ * @caller: The caller object
+ * @out_uid: Returns the UNIX user id
+ *
+ * Get the callers UNIX user id.
+ *
+ * Returns: TRUE iff the value is returned
+ **/
+polkit_bool_t
+polkit_caller_get_uid (PolKitCaller *caller, uid_t *out_uid)
+{
+ g_return_val_if_fail (caller != NULL, FALSE);
+ g_return_val_if_fail (out_uid != NULL, FALSE);
+ *out_uid = caller->uid;
+ return TRUE;
+}
+
+/**
+ * polkit_caller_get_pid:
+ * @caller: The caller object
+ * @out_pid: Returns the UNIX process id
+ *
+ * Get the callers UNIX process id.
+ *
+ * Returns: TRUE iff the value is returned
+ **/
+polkit_bool_t
+polkit_caller_get_pid (PolKitCaller *caller, pid_t *out_pid)
+{
+ g_return_val_if_fail (caller != NULL, FALSE);
+ g_return_val_if_fail (out_pid != NULL, FALSE);
+ *out_pid = caller->pid;
+ return TRUE;
+}
+
+/**
+ * polkit_caller_get_selinux_context:
+ * @caller: The caller object
+ * @out_selinux_context: Returns the SELinux security context. The caller shall not free this string.
+ *
+ * Get the callers SELinux security context. Note that this may be
+ * #NULL if SELinux is not available on the system.
+ *
+ * Returns: TRUE iff the value is returned
+ **/
+polkit_bool_t
+polkit_caller_get_selinux_context (PolKitCaller *caller, char **out_selinux_context)
+{
+ g_return_val_if_fail (caller != NULL, FALSE);
+ g_return_val_if_fail (out_selinux_context != NULL, FALSE);
+ *out_selinux_context = caller->selinux_context;
+ return TRUE;
+}
+
+/**
+ * polkit_caller_get_ck_session:
+ * @caller: The caller object
+ * @out_session: Returns the session object. Caller shall not unref it.
+ *
+ * Get the callers session. Note that this may be #NULL if the caller
+ * is not in any session.
+ *
+ * Returns: TRUE iff the value is returned
+ **/
+polkit_bool_t
+polkit_caller_get_ck_session (PolKitCaller *caller, PolKitSession **out_session)
+{
+ g_return_val_if_fail (caller != NULL, FALSE);
+ g_return_val_if_fail (out_session != NULL, FALSE);
+ *out_session = caller->session;
+ return TRUE;
+}
+
+/**
+ * polkit_caller_debug:
+ * @caller: the object
+ *
+ * Print debug details
+ **/
+void
+polkit_caller_debug (PolKitCaller *caller)
+{
+ g_return_if_fail (caller != NULL);
+ _pk_debug ("PolKitCaller: refcount=%d dbus_name=%s uid=%d pid=%d selinux_context=%s",
+ caller->refcount, caller->dbus_name, caller->uid, caller->pid, caller->selinux_context);
+ if (caller->session != NULL)
+ polkit_session_debug (caller->session);
+}
+
+
+/**
+ * polkit_caller_validate:
+ * @caller: the object
+ *
+ * Validate the object
+ *
+ * Returns: #TRUE iff the object is valid.
+ **/
+polkit_bool_t
+polkit_caller_validate (PolKitCaller *caller)
+{
+ g_return_val_if_fail (caller != NULL, FALSE);
+ g_return_val_if_fail (caller->pid > 0, FALSE);
+ return TRUE;
+}
+
+#ifdef POLKIT_BUILD_TESTS
+
+static polkit_bool_t
+_run_test (void)
+{
+ char *s;
+ PolKitCaller *c;
+ pid_t pid;
+ uid_t uid;
+ PolKitSeat *seat;
+ PolKitSession *session;
+ PolKitSession *session2;
+
+ if ((c = polkit_caller_new ()) != NULL) {
+
+ g_assert (! polkit_caller_set_dbus_name (c, "org.invalid.name"));
+ g_assert (polkit_caller_set_dbus_name (c, NULL));
+ if (polkit_caller_set_dbus_name (c, ":1.43")) {
+ g_assert (polkit_caller_get_dbus_name (c, &s) && strcmp (s, ":1.43") == 0);
+
+ if (polkit_caller_set_dbus_name (c, ":1.44")) {
+ g_assert (polkit_caller_get_dbus_name (c, &s) && strcmp (s, ":1.44") == 0);
+ }
+ }
+
+ g_assert (polkit_caller_set_selinux_context (c, NULL));
+ if (polkit_caller_set_selinux_context (c, "system_u:object_r:bin_t")) {
+ g_assert (polkit_caller_get_selinux_context (c, &s) && strcmp (s, "system_u:object_r:bin_t") == 0);
+
+ if (polkit_caller_set_selinux_context (c, "system_u:object_r:httpd_exec_t")) {
+ g_assert (polkit_caller_get_selinux_context (c, &s) && strcmp (s, "system_u:object_r:httpd_exec_t") == 0);
+ }
+ }
+
+ g_assert (polkit_caller_set_uid (c, 0));
+ g_assert (polkit_caller_get_uid (c, &uid) && uid == 0);
+ g_assert (polkit_caller_set_pid (c, 1));
+ g_assert (polkit_caller_get_pid (c, &pid) && pid == 1);
+
+ /* validate where caller is not in a session */
+ g_assert (polkit_caller_validate (c));
+ polkit_caller_ref (c);
+ g_assert (polkit_caller_validate (c));
+ polkit_caller_unref (c);
+ g_assert (polkit_caller_validate (c));
+
+ if ((session = polkit_session_new ()) != NULL) {
+ if (polkit_session_set_ck_objref (session, "/somesession")) {
+ if ((seat = polkit_seat_new ()) != NULL) {
+ if (polkit_seat_set_ck_objref (seat, "/someseat")) {
+ g_assert (polkit_session_set_seat (session, seat));
+ g_assert (polkit_session_set_ck_is_local (session, TRUE));
+
+ g_assert (polkit_caller_set_ck_session (c, NULL));
+ g_assert (polkit_caller_get_ck_session (c, &session2) && session2 == NULL);
+
+ g_assert (polkit_caller_set_ck_session (c, session));
+ g_assert (polkit_caller_set_ck_session (c, session));
+ g_assert (polkit_caller_get_ck_session (c, &session2) && session2 == session);
+ /* validate where caller is in a session */
+ g_assert (polkit_caller_validate (c));
+
+ polkit_caller_debug (c);
+
+
+ }
+ polkit_seat_unref (seat);
+ }
+ }
+ polkit_session_unref (session);
+ }
+
+
+
+ polkit_caller_unref (c);
+ }
+
+ return TRUE;
+}
+
+PolKitTest _test_caller = {
+ "polkit_caller",
+ NULL,
+ NULL,
+ _run_test
+};
+
+#endif /* POLKIT_BUILD_TESTS */
diff --git a/src/polkit/polkit-caller.h b/src/polkit/polkit-caller.h
new file mode 100644
index 0000000..ad52102
--- /dev/null
+++ b/src/polkit/polkit-caller.h
@@ -0,0 +1,61 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-caller.h : callers
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_CALLER_H
+#define POLKIT_CALLER_H
+
+#include <polkit/polkit-types.h>
+#include <polkit/polkit-session.h>
+#include <sys/types.h>
+
+POLKIT_BEGIN_DECLS
+
+struct _PolKitCaller;
+typedef struct _PolKitCaller PolKitCaller;
+
+PolKitCaller *polkit_caller_new (void);
+PolKitCaller *polkit_caller_ref (PolKitCaller *caller);
+void polkit_caller_unref (PolKitCaller *caller);
+polkit_bool_t polkit_caller_set_dbus_name (PolKitCaller *caller, const char *dbus_name);
+polkit_bool_t polkit_caller_set_uid (PolKitCaller *caller, uid_t uid);
+polkit_bool_t polkit_caller_set_pid (PolKitCaller *caller, pid_t pid);
+polkit_bool_t polkit_caller_set_selinux_context (PolKitCaller *caller, const char *selinux_context);
+polkit_bool_t polkit_caller_set_ck_session (PolKitCaller *caller, PolKitSession *session);
+polkit_bool_t polkit_caller_get_dbus_name (PolKitCaller *caller, char **out_dbus_name);
+polkit_bool_t polkit_caller_get_uid (PolKitCaller *caller, uid_t *out_uid);
+polkit_bool_t polkit_caller_get_pid (PolKitCaller *caller, pid_t *out_pid);
+polkit_bool_t polkit_caller_get_selinux_context (PolKitCaller *caller, char **out_selinux_context);
+polkit_bool_t polkit_caller_get_ck_session (PolKitCaller *caller, PolKitSession **out_session);
+
+void polkit_caller_debug (PolKitCaller *caller);
+polkit_bool_t polkit_caller_validate (PolKitCaller *caller);
+
+POLKIT_END_DECLS
+
+#endif /* POLKIT_H */
diff --git a/src/polkit/polkit-config.c b/src/polkit/polkit-config.c
new file mode 100644
index 0000000..ff3c15e
--- /dev/null
+++ b/src/polkit/polkit-config.c
@@ -0,0 +1,772 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-config.h : Configuration file
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+#include <sys/inotify.h>
+#include <regex.h>
+#include <syslog.h>
+#include <regex.h>
+
+#include <expat.h>
+
+#include <glib.h>
+#include "polkit-config.h"
+#include "polkit-debug.h"
+#include "polkit-error.h"
+
+/**
+ * SECTION:polkit-config
+ * @title: Configuration
+ * @short_description: Represents the system-wide <literal>/etc/PolicyKit/PolicyKit.conf</literal> file.
+ *
+ * This class is used to represent the /etc/PolicyKit/PolicyKit.conf
+ * configuration file. Applications using PolicyKit should never use
+ * this class; it's only here for integration with other PolicyKit
+ * components.
+ **/
+
+enum {
+ STATE_NONE,
+ STATE_UNKNOWN_TAG,
+ STATE_IN_CONFIG,
+ STATE_IN_MATCH,
+ STATE_IN_RETURN,
+ STATE_IN_DEFINE_ADMIN_AUTH,
+};
+
+struct ConfigNode;
+typedef struct ConfigNode ConfigNode;
+
+/**
+ * PolKitConfig:
+ *
+ * This class represents the system-wide configuration file for
+ * PolicyKit. Applications using PolicyKit should never use this
+ * class; it's only here for integration with other PolicyKit
+ * components.
+ **/
+struct _PolKitConfig
+{
+ int refcount;
+ ConfigNode *top_config_node;
+};
+
+#define PARSER_MAX_DEPTH 32
+
+typedef struct {
+ XML_Parser parser;
+ int state;
+ PolKitConfig *pk_config;
+ const char *path;
+
+ int state_stack[PARSER_MAX_DEPTH];
+ ConfigNode *node_stack[PARSER_MAX_DEPTH];
+
+ int stack_depth;
+} ParserData;
+
+enum {
+ NODE_TYPE_NOP,
+ NODE_TYPE_TOP,
+ NODE_TYPE_MATCH,
+ NODE_TYPE_RETURN,
+ NODE_TYPE_DEFINE_ADMIN_AUTH,
+};
+
+enum {
+ MATCH_TYPE_ACTION,
+ MATCH_TYPE_USER,
+};
+
+static const char * const match_names[] =
+{
+ "action",
+ "user",
+};
+
+static const char * const define_admin_auth_names[] =
+{
+ "user",
+ "group",
+};
+
+struct ConfigNode
+{
+ int node_type;
+
+ union {
+
+ struct {
+ int match_type;
+ char *data;
+ regex_t preq;
+ } node_match;
+
+ struct {
+ PolKitResult result;
+ } node_return;
+
+ struct {
+ PolKitConfigAdminAuthType admin_type;
+ char *data;
+ } node_define_admin_auth;
+
+ } data;
+
+ GSList *children;
+};
+
+
+static ConfigNode *
+config_node_new (void)
+{
+ ConfigNode *node;
+ node = g_new0 (ConfigNode, 1);
+ return node;
+}
+
+static void
+config_node_dump_real (ConfigNode *node, unsigned int indent)
+{
+ GSList *i;
+ unsigned int n;
+ char buf[128];
+
+ for (n = 0; n < indent && n < sizeof (buf) - 1; n++)
+ buf[n] = ' ';
+ buf[n] = '\0';
+
+ switch (node->node_type) {
+ case NODE_TYPE_NOP:
+ _pk_debug ("%sNOP", buf);
+ break;
+ case NODE_TYPE_TOP:
+ _pk_debug ("%sTOP", buf);
+ break;
+ case NODE_TYPE_MATCH:
+ _pk_debug ("%sMATCH %s (%d) with '%s'",
+ buf,
+ match_names[node->data.node_match.match_type],
+ node->data.node_match.match_type,
+ node->data.node_match.data);
+ break;
+ case NODE_TYPE_RETURN:
+ _pk_debug ("%sRETURN %s (%d)",
+ buf,
+ polkit_result_to_string_representation (node->data.node_return.result),
+ node->data.node_return.result);
+ break;
+ case NODE_TYPE_DEFINE_ADMIN_AUTH:
+ _pk_debug ("%sDEFINE_ADMIN_AUTH %s (%d) with '%s'",
+ buf,
+ define_admin_auth_names[node->data.node_define_admin_auth.admin_type],
+ node->data.node_define_admin_auth.admin_type,
+ node->data.node_define_admin_auth.data);
+ break;
+ break;
+ }
+
+ for (i = node->children; i != NULL; i = g_slist_next (i)) {
+ ConfigNode *child = i->data;
+ config_node_dump_real (child, indent + 2);
+ }
+}
+
+static void
+config_node_dump (ConfigNode *node)
+{
+
+ config_node_dump_real (node, 0);
+}
+
+static void
+config_node_unref (ConfigNode *node)
+{
+ GSList *i;
+
+ switch (node->node_type) {
+ case NODE_TYPE_NOP:
+ break;
+ case NODE_TYPE_TOP:
+ break;
+ case NODE_TYPE_MATCH:
+ g_free (node->data.node_match.data);
+ regfree (&(node->data.node_match.preq));
+ break;
+ case NODE_TYPE_RETURN:
+ break;
+ case NODE_TYPE_DEFINE_ADMIN_AUTH:
+ g_free (node->data.node_define_admin_auth.data);
+ break;
+ }
+
+ for (i = node->children; i != NULL; i = g_slist_next (i)) {
+ ConfigNode *child = i->data;
+ config_node_unref (child);
+ }
+ g_slist_free (node->children);
+ g_free (node);
+}
+
+static void
+_start (void *data, const char *el, const char **attr)
+{
+ int state;
+ int num_attr;
+ ParserData *pd = data;
+ ConfigNode *node;
+
+ _pk_debug ("_start for node '%s' (at depth=%d)", el, pd->stack_depth);
+
+ for (num_attr = 0; attr[num_attr] != NULL; num_attr++)
+ ;
+
+ state = STATE_NONE;
+ node = config_node_new ();
+ node->node_type = NODE_TYPE_NOP;
+
+ switch (pd->state) {
+ case STATE_NONE:
+ if (strcmp (el, "config") == 0) {
+ state = STATE_IN_CONFIG;
+ _pk_debug ("parsed config node");
+
+ if (pd->pk_config->top_config_node != NULL) {
+ _pk_debug ("Multiple config nodes?");
+ goto error;
+ }
+
+ node->node_type = NODE_TYPE_TOP;
+ pd->pk_config->top_config_node = node;
+ }
+ break;
+ case STATE_IN_CONFIG: /* explicit fallthrough */
+ case STATE_IN_MATCH:
+ if ((strcmp (el, "match") == 0) && (num_attr == 2)) {
+
+ node->node_type = NODE_TYPE_MATCH;
+ if (strcmp (attr[0], "action") == 0) {
+ node->data.node_match.match_type = MATCH_TYPE_ACTION;
+ } else if (strcmp (attr[0], "user") == 0) {
+ node->data.node_match.match_type = MATCH_TYPE_USER;
+ } else {
+ _pk_debug ("Unknown match rule '%s'", attr[0]);
+ goto error;
+ }
+
+ node->data.node_match.data = g_strdup (attr[1]);
+ if (regcomp (&(node->data.node_match.preq), node->data.node_match.data, REG_NOSUB|REG_EXTENDED) != 0) {
+ _pk_debug ("Invalid expression '%s'", node->data.node_match.data);
+ goto error;
+ }
+
+ state = STATE_IN_MATCH;
+ _pk_debug ("parsed match node ('%s' (%d) -> '%s')",
+ attr[0],
+ node->data.node_match.match_type,
+ node->data.node_match.data);
+
+ } else if ((strcmp (el, "return") == 0) && (num_attr == 2)) {
+
+ node->node_type = NODE_TYPE_RETURN;
+
+ if (strcmp (attr[0], "result") == 0) {
+ PolKitResult r;
+ if (!polkit_result_from_string_representation (attr[1], &r)) {
+ _pk_debug ("Unknown return result '%s'", attr[1]);
+ goto error;
+ }
+ node->data.node_return.result = r;
+ } else {
+ _pk_debug ("Unknown return rule '%s'", attr[0]);
+ goto error;
+ }
+
+ state = STATE_IN_RETURN;
+ _pk_debug ("parsed return node ('%s' (%d))",
+ attr[1],
+ node->data.node_return.result);
+ } else if ((strcmp (el, "define_admin_auth") == 0) && (num_attr == 2)) {
+
+ node->node_type = NODE_TYPE_DEFINE_ADMIN_AUTH;
+ if (strcmp (attr[0], "user") == 0) {
+ node->data.node_define_admin_auth.admin_type = POLKIT_CONFIG_ADMIN_AUTH_TYPE_USER;
+ } else if (strcmp (attr[0], "group") == 0) {
+ node->data.node_define_admin_auth.admin_type = POLKIT_CONFIG_ADMIN_AUTH_TYPE_GROUP;
+ } else {
+ _pk_debug ("Unknown define_admin_auth rule '%s'", attr[0]);
+ goto error;
+ }
+
+ node->data.node_define_admin_auth.data = g_strdup (attr[1]);
+
+ state = STATE_IN_DEFINE_ADMIN_AUTH;
+ _pk_debug ("parsed define_admin_auth node ('%s' (%d) -> '%s')",
+ attr[0],
+ node->data.node_define_admin_auth.admin_type,
+ node->data.node_define_admin_auth.data);
+
+
+ }
+ break;
+ }
+
+ if (state == STATE_NONE || node == NULL) {
+ g_warning ("skipping unknown tag <%s> at line %d of %s",
+ el, (int) XML_GetCurrentLineNumber (pd->parser), pd->path);
+ syslog (LOG_ALERT, "libpolkit: skipping unknown tag <%s> at line %d of %s",
+ el, (int) XML_GetCurrentLineNumber (pd->parser), pd->path);
+ state = STATE_UNKNOWN_TAG;
+ }
+
+ if (pd->stack_depth < 0 || pd->stack_depth >= PARSER_MAX_DEPTH) {
+ _pk_debug ("reached max depth?");
+ goto error;
+ }
+ pd->state = state;
+ pd->state_stack[pd->stack_depth] = pd->state;
+ pd->node_stack[pd->stack_depth] = node;
+
+ if (pd->stack_depth > 0) {
+ pd->node_stack[pd->stack_depth - 1]->children =
+ g_slist_append (pd->node_stack[pd->stack_depth - 1]->children, node);
+ }
+
+ pd->stack_depth++;
+ _pk_debug ("now in state=%d (after _start, depth=%d)", pd->state, pd->stack_depth);
+ return;
+
+error:
+ if (node != NULL) {
+ config_node_unref (node);
+ }
+ XML_StopParser (pd->parser, FALSE);
+}
+
+static void
+_cdata (void *data, const char *s, int len)
+{
+}
+
+static void
+_end (void *data, const char *el)
+{
+ ParserData *pd = data;
+
+ _pk_debug ("_end for node '%s' (at depth=%d)", el, pd->stack_depth);
+
+ --pd->stack_depth;
+ if (pd->stack_depth < 0 || pd->stack_depth >= PARSER_MAX_DEPTH) {
+ _pk_debug ("reached max depth?");
+ goto error;
+ }
+ if (pd->stack_depth > 0)
+ pd->state = pd->state_stack[pd->stack_depth - 1];
+ else
+ pd->state = STATE_NONE;
+ _pk_debug ("now in state=%d (after _end, depth=%d)", pd->state, pd->stack_depth);
+ return;
+error:
+ XML_StopParser (pd->parser, FALSE);
+}
+
+/**
+ * polkit_config_new:
+ * @path: Path to configuration, typically /etc/PolicyKit/PolicyKit.conf is passed.
+ * @error: return location for error
+ *
+ * Load and parse a PolicyKit configuration file.
+ *
+ * Returns: the configuration file object
+ **/
+PolKitConfig *
+polkit_config_new (const char *path, PolKitError **error)
+{
+ ParserData pd;
+ int xml_res;
+ PolKitConfig *pk_config;
+ char *buf;
+ gsize buflen;
+ GError *g_error;
+
+ /* load and parse the configuration file */
+ pk_config = NULL;
+
+ g_error = NULL;
+ if (!g_file_get_contents (path, &buf, &buflen, &g_error)) {
+ polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID,
+ "Cannot load PolicyKit policy file at '%s': %s",
+ path,
+ g_error->message);
+ g_error_free (g_error);
+ goto error;
+ }
+
+ pd.parser = XML_ParserCreate (NULL);
+ if (pd.parser == NULL) {
+ polkit_error_set_error (error, POLKIT_ERROR_OUT_OF_MEMORY,
+ "Cannot load PolicyKit policy file at '%s': %s",
+ path,
+ "No memory for parser");
+ goto error;
+ }
+ XML_SetUserData (pd.parser, &pd);
+ XML_SetElementHandler (pd.parser, _start, _end);
+ XML_SetCharacterDataHandler (pd.parser, _cdata);
+
+ pk_config = g_new0 (PolKitConfig, 1);
+ pk_config->refcount = 1;
+
+ pd.state = STATE_NONE;
+ pd.pk_config = pk_config;
+ pd.node_stack[0] = NULL;
+ pd.stack_depth = 0;
+ pd.path = path;
+
+ xml_res = XML_Parse (pd.parser, buf, buflen, 1);
+
+ if (xml_res == 0) {
+ polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID,
+ "%s:%d: parse error: %s",
+ path,
+ (int) XML_GetCurrentLineNumber (pd.parser),
+ XML_ErrorString (XML_GetErrorCode (pd.parser)));
+
+ XML_ParserFree (pd.parser);
+ g_free (buf);
+ goto error;
+ }
+ XML_ParserFree (pd.parser);
+ g_free (buf);
+
+ _pk_debug ("Loaded configuration file %s", path);
+
+ if (pk_config->top_config_node != NULL)
+ config_node_dump (pk_config->top_config_node);
+
+ return pk_config;
+
+error:
+ if (pk_config != NULL)
+ polkit_config_unref (pk_config);
+ return NULL;
+}
+
+/**
+ * polkit_config_ref:
+ * @pk_config: the object
+ *
+ * Increase reference count.
+ *
+ * Returns: the object
+ **/
+PolKitConfig *
+polkit_config_ref (PolKitConfig *pk_config)
+{
+ g_return_val_if_fail (pk_config != NULL, pk_config);
+ pk_config->refcount++;
+ return pk_config;
+}
+
+/**
+ * polkit_config_unref:
+ * @pk_config: the object
+ *
+ * Decreases the reference count of the object. If it becomes zero,
+ * the object is freed. Before freeing, reference counts on embedded
+ * objects are decresed by one.
+ **/
+void
+polkit_config_unref (PolKitConfig *pk_config)
+{
+ g_return_if_fail (pk_config != NULL);
+ pk_config->refcount--;
+ if (pk_config->refcount > 0)
+ return;
+
+ if (pk_config->top_config_node != NULL)
+ config_node_unref (pk_config->top_config_node);
+
+ g_free (pk_config);
+}
+
+static gboolean
+config_node_match (ConfigNode *node,
+ PolKitAction *action,
+ PolKitCaller *caller,
+ PolKitSession *session)
+{
+ char *str;
+ char *str1;
+ char *str2;
+ uid_t uid;
+ gboolean match;
+
+ match = FALSE;
+ str1 = NULL;
+ str2 = NULL;
+ switch (node->data.node_match.match_type) {
+
+ case MATCH_TYPE_ACTION:
+ if (!polkit_action_get_action_id (action, &str))
+ goto out;
+ str1 = g_strdup (str);
+ break;
+
+ case MATCH_TYPE_USER:
+ if (caller != NULL) {
+ if (!polkit_caller_get_uid (caller, &uid))
+ goto out;
+ } else if (session != NULL) {
+ if (!polkit_session_get_uid (session, &uid))
+ goto out;
+ } else
+ goto out;
+
+ str1 = g_strdup_printf ("%d", uid);
+ {
+ struct passwd pd;
+ struct passwd* pwdptr=&pd;
+ struct passwd* tempPwdPtr;
+ char pwdbuffer[256];
+ int pwdlinelen = sizeof(pwdbuffer);
+
+ if ((getpwuid_r (uid, pwdptr, pwdbuffer, pwdlinelen, &tempPwdPtr)) !=0 )
+ goto out;
+ str2 = g_strdup (pd.pw_name);
+ }
+ break;
+ }
+
+ if (str1 != NULL) {
+ if (regexec (&(node->data.node_match.preq), str1, 0, NULL, 0) == 0)
+ match = TRUE;
+ }
+ if (!match && str2 != NULL) {
+ if (regexec (&(node->data.node_match.preq), str2, 0, NULL, 0) == 0)
+ match = TRUE;
+ }
+
+out:
+ g_free (str1);
+ g_free (str2);
+ return match;
+}
+
+
+/* exactly one of the parameters caller and session must be NULL */
+static PolKitResult
+config_node_test (ConfigNode *node,
+ PolKitAction *action,
+ PolKitCaller *caller,
+ PolKitSession *session)
+{
+ gboolean recurse;
+ PolKitResult result;
+
+ recurse = FALSE;
+ result = POLKIT_RESULT_UNKNOWN;
+
+ switch (node->node_type) {
+ case NODE_TYPE_NOP:
+ recurse = FALSE;
+ break;
+ case NODE_TYPE_TOP:
+ recurse = TRUE;
+ break;
+ case NODE_TYPE_MATCH:
+ if (config_node_match (node, action, caller, session))
+ recurse = TRUE;
+ break;
+ case NODE_TYPE_RETURN:
+ result = node->data.node_return.result;
+ break;
+ default:
+ break;
+ }
+
+ if (recurse) {
+ GSList *i;
+ for (i = node->children; i != NULL; i = g_slist_next (i)) {
+ ConfigNode *child_node = i->data;
+ result = config_node_test (child_node, action, caller, session);
+ if (result != POLKIT_RESULT_UNKNOWN) {
+ goto out;
+ }
+ }
+ }
+
+out:
+ return result;
+}
+
+/**
+ * polkit_config_can_session_do_action:
+ * @pk_config: the PolicyKit context
+ * @action: the type of access to check for
+ * @session: the session in question
+ *
+ * Determine if the /etc/PolicyKit/PolicyKit.conf configuration file
+ * says that a given session can do a given action.
+ *
+ * Returns: A #PolKitResult - returns #POLKIT_RESULT_UNKNOWN if there
+ * was no match in the configuration file.
+ */
+PolKitResult
+polkit_config_can_session_do_action (PolKitConfig *pk_config,
+ PolKitAction *action,
+ PolKitSession *session)
+{
+ PolKitResult result;
+ if (pk_config->top_config_node != NULL)
+ result = config_node_test (pk_config->top_config_node, action, NULL, session);
+ else
+ result = POLKIT_RESULT_UNKNOWN;
+ return result;
+}
+
+/**
+ * polkit_config_can_caller_do_action:
+ * @pk_config: the PolicyKit context
+ * @action: the type of access to check for
+ * @caller: the caller in question
+ *
+ * Determine if the /etc/PolicyKit/PolicyKit.conf configuration file
+ * says that a given caller can do a given action.
+ *
+ * Returns: A #PolKitResult - returns #POLKIT_RESULT_UNKNOWN if there
+ * was no match in the configuration file.
+ */
+PolKitResult
+polkit_config_can_caller_do_action (PolKitConfig *pk_config,
+ PolKitAction *action,
+ PolKitCaller *caller)
+{
+ PolKitResult result;
+ if (pk_config->top_config_node != NULL)
+ result = config_node_test (pk_config->top_config_node, action, caller, NULL);
+ else
+ result = POLKIT_RESULT_UNKNOWN;
+ return result;
+}
+
+
+static polkit_bool_t
+config_node_determine_admin_auth (ConfigNode *node,
+ PolKitAction *action,
+ PolKitCaller *caller,
+ PolKitConfigAdminAuthType *out_admin_auth_type,
+ const char **out_data)
+{
+ gboolean recurse;
+ gboolean result_set;
+
+ recurse = FALSE;
+ result_set = FALSE;
+
+ switch (node->node_type) {
+ case NODE_TYPE_NOP:
+ recurse = FALSE;
+ break;
+ case NODE_TYPE_TOP:
+ recurse = TRUE;
+ break;
+ case NODE_TYPE_MATCH:
+ if (config_node_match (node, action, caller, NULL))
+ recurse = TRUE;
+ break;
+ case NODE_TYPE_DEFINE_ADMIN_AUTH:
+ if (out_admin_auth_type != NULL)
+ *out_admin_auth_type = node->data.node_define_admin_auth.admin_type;
+ if (out_data != NULL)
+ *out_data = node->data.node_define_admin_auth.data;
+ result_set = TRUE;
+ break;
+ default:
+ break;
+ }
+
+ if (recurse) {
+ GSList *i;
+ for (i = node->children; i != NULL; i = g_slist_next (i)) {
+ ConfigNode *child_node = i->data;
+
+ result_set = config_node_determine_admin_auth (child_node,
+ action,
+ caller,
+ out_admin_auth_type,
+ out_data) || result_set;
+ }
+ }
+
+ return result_set;
+}
+
+/**
+ * polkit_config_determine_admin_auth_type:
+ * @pk_config: the PolicyKit context
+ * @action: the type of access to check for
+ * @caller: the caller in question
+ * @out_admin_auth_type: return location for the authentication type
+ * @out_data: return location for the match value of the given
+ * authentication type. Caller shall not manipulate or free this
+ * string.
+ *
+ * Determine what "Authenticate as admin" means for a given caller and
+ * a given action. This basically returns the result of the
+ * "define_admin_auth" in the configuration file when drilling down
+ * for a specific caller / action.
+ *
+ * Returns: TRUE if value was returned
+ */
+polkit_bool_t
+polkit_config_determine_admin_auth_type (PolKitConfig *pk_config,
+ PolKitAction *action,
+ PolKitCaller *caller,
+ PolKitConfigAdminAuthType *out_admin_auth_type,
+ const char **out_data)
+{
+ if (pk_config->top_config_node != NULL) {
+ return config_node_determine_admin_auth (pk_config->top_config_node,
+ action,
+ caller,
+ out_admin_auth_type,
+ out_data);
+ } else {
+ return FALSE;
+ }
+}
+
diff --git a/src/polkit/polkit-config.h b/src/polkit/polkit-config.h
new file mode 100644
index 0000000..a5307a4
--- /dev/null
+++ b/src/polkit/polkit-config.h
@@ -0,0 +1,87 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-config.h : Configuration file
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_CONFIG_H
+#define POLKIT_CONFIG_H
+
+#include <sys/types.h>
+#include <polkit/polkit-types.h>
+#include <polkit/polkit-error.h>
+#include <polkit/polkit-types.h>
+#include <polkit/polkit-result.h>
+#include <polkit/polkit-action.h>
+#include <polkit/polkit-session.h>
+#include <polkit/polkit-caller.h>
+
+POLKIT_BEGIN_DECLS
+
+struct _PolKitConfig;
+typedef struct _PolKitConfig PolKitConfig;
+
+PolKitConfig *polkit_config_new (const char *path, PolKitError **error);
+PolKitConfig *polkit_config_ref (PolKitConfig *pk_config);
+void polkit_config_unref (PolKitConfig *pk_config);
+
+PolKitResult
+polkit_config_can_session_do_action (PolKitConfig *pk_config,
+ PolKitAction *action,
+ PolKitSession *session);
+
+PolKitResult
+polkit_config_can_caller_do_action (PolKitConfig *pk_config,
+ PolKitAction *action,
+ PolKitCaller *caller);
+
+/**
+ * PolKitConfigAdminAuthType:
+ * @POLKIT_CONFIG_ADMIN_AUTH_TYPE_USER: Authentication as
+ * administrator matches one or more users
+ * @POLKIT_CONFIG_ADMIN_AUTH_TYPE_GROUP: Authentication as
+ * administrator matches users from one or more groups
+ *
+ * This enumeration reflects results defined in the
+ * "define_admin_auth" configuration element.
+ */
+typedef enum
+{
+ POLKIT_CONFIG_ADMIN_AUTH_TYPE_USER,
+ POLKIT_CONFIG_ADMIN_AUTH_TYPE_GROUP
+} PolKitConfigAdminAuthType;
+
+polkit_bool_t polkit_config_determine_admin_auth_type (PolKitConfig *pk_config,
+ PolKitAction *action,
+ PolKitCaller *caller,
+ PolKitConfigAdminAuthType *out_admin_auth_type,
+ const char **out_data);
+
+POLKIT_END_DECLS
+
+#endif /* POLKIT_CONFIG_H */
+
+
diff --git a/src/polkit/polkit-context.c b/src/polkit/polkit-context.c
new file mode 100644
index 0000000..1f25d58
--- /dev/null
+++ b/src/polkit/polkit-context.c
@@ -0,0 +1,803 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-context.c : context for PolicyKit
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+#include <sys/inotify.h>
+#include <syslog.h>
+
+#include <glib.h>
+#include "polkit-config.h"
+#include "polkit-debug.h"
+#include "polkit-context.h"
+#include "polkit-policy-cache.h"
+#include "polkit-private.h"
+
+/**
+ * SECTION:polkit
+ * @short_description: Centralized policy management.
+ *
+ * libpolkit is a C library for centralized policy management.
+ **/
+
+/**
+ * SECTION:polkit-context
+ * @title: Context
+ * @short_description: The main interface used to query PolicyKit.
+ *
+ * This class is used to represent the interface to PolicyKit - it is
+ * used by Mechanisms that use PolicyKit for making
+ * decisions. Typically, it's used as a singleton:
+ *
+ * <itemizedlist>
+ * <listitem>First, the Mechanism need to declare one or more PolicyKit Actions by dropping a <literal>.policy</literal> file into <literal>/usr/share/PolicyKit/policy</literal>. This is described in the PolicyKit specification.</listitem>
+ * <listitem>The mechanism starts up and uses polkit_context_new() to create a new context</listitem>
+ * <listitem>If the mechanism is a long running daemon, it should use polkit_context_set_config_changed() to register a callback when configuration changes. This is useful if, for example, the mechanism needs to revise decisions based on earlier answers from libpolkit. For example, a daemon that manages permissions on <literal>/dev</literal> may want to add/remove ACL's when configuration changes; for example, the system administrator could have changed the PolicyKit configuration file <literal>/etc/PolicyKit/PolicyKit.conf</literal> such that some user is now privileged to access a specific device.</listitem>
+ * <listitem>If polkit_context_set_config_changed() is used, the mechanism must also use polkit_context_set_io_watch_functions() to integrate libpolkit into the mainloop.</listitem>
+ * <listitem>The mechanism needs to call polkit_context_init() such that libpolkit can load configuration files and properly initialize.</listitem>
+ * <listitem>Whenever the mechanism needs to make a decision whether a caller is allowed to make a perform some action, the mechanism prepares a #PolKitAction and #PolKitCaller object (or #PolKitSession if applicable) and calls polkit_context_can_caller_do_action() (or polkit_context_can_session_do_action() if applicable). The mechanism may use the libpolkit-dbus library (specifically the polkit_caller_new_from_dbus_name() or polkit_caller_new_from_pid() functions) but may opt, for performance reasons, to construct #PolKitCaller (or #PolKitSession if applicable) from it's own cache of information.</listitem>
+ * <listitem>The mechanism will get a #PolKitResult object back that describes whether it should carry out the action. This result stems from a number of sources, see the PolicyKit specification document for details.</listitem>
+ * <listitem>If the result is #POLKIT_RESULT_YES, the mechanism should carry out the action. If the result is not #POLKIT_RESULT_YES nor #POLKIT_RESULT_UNKNOWN (this would never be returned but is mentioned here for completeness), the mechanism should throw an expcetion to the caller detailing the #PolKitResult as a textual string using polkit_result_to_string_representation(). For example, if the mechanism is using D-Bus it could throw an com.some-mechanism.DeniedByPolicy exception with the #PolKitResult textual representation in the detail field. Then the caller can interpret this exception and then act on it (for example it can attempt to gain that privilege).</listitem>
+ * </itemizedlist>
+ *
+ * For more information about using PolicyKit in mechanisms and
+ * callers, refer to the PolicyKit-gnome project which includes a
+ * sample application on how to use this in the GNOME desktop.
+ **/
+
+/**
+ * PolKitContext:
+ *
+ * Context object for users of PolicyKit.
+ **/
+struct _PolKitContext
+{
+ int refcount;
+
+ PolKitContextConfigChangedCB config_changed_cb;
+ void *config_changed_user_data;
+
+ PolKitContextAddIOWatch io_add_watch_func;
+ PolKitContextRemoveIOWatch io_remove_watch_func;
+
+ char *policy_dir;
+
+ PolKitPolicyCache *priv_cache;
+
+ PolKitConfig *config;
+
+ PolKitAuthorizationDB *authdb;
+
+ polkit_bool_t load_descriptions;
+
+ int inotify_fd;
+ int inotify_fd_watch_id;
+ int inotify_config_wd;
+ int inotify_policy_wd;
+ int inotify_grant_perm_wd;
+};
+
+/**
+ * polkit_context_new:
+ *
+ * Create a new context
+ *
+ * Returns: the object
+ **/
+PolKitContext *
+polkit_context_new (void)
+{
+ PolKitContext *pk_context;
+ pk_context = g_new0 (PolKitContext, 1);
+ pk_context->refcount = 1;
+ /* TODO: May want to rethink instantiating this on demand.. */
+ pk_context->authdb = _polkit_authorization_db_new ();
+ return pk_context;
+}
+
+/**
+ * polkit_context_init:
+ * @pk_context: the context object
+ * @error: return location for error
+ *
+ * Initializes a new context; loads PolicyKit files from
+ * /usr/share/PolicyKit/policy.
+ *
+ * Returns: #FALSE if @error was set, otherwise #TRUE
+ **/
+polkit_bool_t
+polkit_context_init (PolKitContext *pk_context, PolKitError **error)
+{
+ g_return_val_if_fail (pk_context != NULL, FALSE);
+
+ pk_context->policy_dir = g_strdup (PACKAGE_DATA_DIR "/PolicyKit/policy");
+ _pk_debug ("Using policy files from directory %s", pk_context->policy_dir);
+
+ /* NOTE: we don't populate the cache until it's needed.. */
+
+ /* NOTE: we don't load the configuration file until it's needed */
+
+ if (pk_context->io_add_watch_func != NULL) {
+ pk_context->inotify_fd = inotify_init ();
+ if (pk_context->inotify_fd < 0) {
+ _pk_debug ("failed to initialize inotify: %s", strerror (errno));
+ /* TODO: set error */
+ goto error;
+ }
+
+ /* Watch the /etc/PolicyKit/PolicyKit.conf file */
+ pk_context->inotify_config_wd = inotify_add_watch (pk_context->inotify_fd,
+ PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf",
+ IN_MODIFY | IN_CREATE | IN_ATTRIB);
+ if (pk_context->inotify_config_wd < 0) {
+ _pk_debug ("failed to add watch on file '" PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf': %s",
+ strerror (errno));
+ /* TODO: set error */
+ goto error;
+ }
+
+ /* Watch the /usr/share/PolicyKit/policy directory */
+ pk_context->inotify_policy_wd = inotify_add_watch (pk_context->inotify_fd,
+ PACKAGE_DATA_DIR "/PolicyKit/policy",
+ IN_MODIFY | IN_CREATE | IN_DELETE | IN_ATTRIB);
+ if (pk_context->inotify_policy_wd < 0) {
+ _pk_debug ("failed to add watch on directory '" PACKAGE_DATA_DIR "/PolicyKit/policy': %s",
+ strerror (errno));
+ /* TODO: set error */
+ goto error;
+ }
+
+#ifdef POLKIT_AUTHDB_DEFAULT
+ /* Watch the /var/lib/misc/PolicyKit.reload file */
+ pk_context->inotify_grant_perm_wd = inotify_add_watch (pk_context->inotify_fd,
+ PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload",
+ IN_MODIFY | IN_CREATE | IN_ATTRIB);
+ if (pk_context->inotify_grant_perm_wd < 0) {
+ _pk_debug ("failed to add watch on file '" PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload': %s",
+ strerror (errno));
+ /* TODO: set error */
+ goto error;
+ }
+#endif
+
+ pk_context->inotify_fd_watch_id = pk_context->io_add_watch_func (pk_context, pk_context->inotify_fd);
+ if (pk_context->inotify_fd_watch_id == 0) {
+ _pk_debug ("failed to add io watch");
+ /* TODO: set error */
+ goto error;
+ }
+ }
+
+ return TRUE;
+error:
+ return FALSE;
+}
+
+/**
+ * polkit_context_ref:
+ * @pk_context: the context object
+ *
+ * Increase reference count.
+ *
+ * Returns: the object
+ **/
+PolKitContext *
+polkit_context_ref (PolKitContext *pk_context)
+{
+ g_return_val_if_fail (pk_context != NULL, pk_context);
+ pk_context->refcount++;
+ return pk_context;
+}
+
+/**
+ * polkit_context_unref:
+ * @pk_context: the context object
+ *
+ * Decreases the reference count of the object. If it becomes zero,
+ * the object is freed. Before freeing, reference counts on embedded
+ * objects are decresed by one.
+ **/
+void
+polkit_context_unref (PolKitContext *pk_context)
+{
+
+ g_return_if_fail (pk_context != NULL);
+ pk_context->refcount--;
+ if (pk_context->refcount > 0)
+ return;
+
+ g_free (pk_context);
+}
+
+/**
+ * polkit_context_set_config_changed:
+ * @pk_context: the context object
+ * @cb: the callback to invoke
+ * @user_data: user data to pass to the callback
+ *
+ * Register the callback function for when configuration changes.
+ * Mechanisms should use this callback to e.g. reconfigure all
+ * permissions / acl's they have set in response to policy decisions
+ * made from information provided by PolicyKit.
+ *
+ * Note that this function may be called many times within a short
+ * interval due to how file monitoring works if e.g. the user is
+ * editing a configuration file (editors typically create back-up
+ * files). Mechanisms should use a "cool-off" timer (of, say, one
+ * second) to avoid doing many expensive operations (such as
+ * reconfiguring all ACL's for all devices) within a very short
+ * timeframe.
+ *
+ * This method must be called before polkit_context_init().
+ **/
+void
+polkit_context_set_config_changed (PolKitContext *pk_context,
+ PolKitContextConfigChangedCB cb,
+ void *user_data)
+{
+ g_return_if_fail (pk_context != NULL);
+ pk_context->config_changed_cb = cb;
+ pk_context->config_changed_user_data = user_data;
+}
+
+/**
+ * polkit_context_io_func:
+ * @pk_context: the object
+ * @fd: the file descriptor passed to the supplied function of type #PolKitContextAddIOWatch.
+ *
+ * Method that the application must call when there is data to read
+ * from a file descriptor registered with the supplied function of
+ * type #PolKitContextAddIOWatch.
+ **/
+void
+polkit_context_io_func (PolKitContext *pk_context, int fd)
+{
+ gboolean config_changed;
+
+ g_return_if_fail (pk_context != NULL);
+
+ _pk_debug ("polkit_context_io_func: data on fd %d", fd);
+
+ config_changed = FALSE;
+
+ if (fd == pk_context->inotify_fd) {
+/* size of the event structure, not counting name */
+#define EVENT_SIZE (sizeof (struct inotify_event))
+/* reasonable guess as to size of 1024 events */
+#define BUF_LEN (1024 * (EVENT_SIZE + 16))
+ char buf[BUF_LEN];
+ int len;
+ int i = 0;
+again:
+ len = read (fd, buf, BUF_LEN);
+ if (len < 0) {
+ if (errno == EINTR) {
+ goto again;
+ } else {
+ _pk_debug ("read: %s", strerror (errno));
+ }
+ } else if (len > 0) {
+ /* BUF_LEN too small? */
+ }
+ while (i < len) {
+ struct inotify_event *event;
+ event = (struct inotify_event *) &buf[i];
+ _pk_debug ("wd=%d mask=%u cookie=%u len=%u",
+ event->wd, event->mask, event->cookie, event->len);
+
+ _pk_debug ("config changed!");
+ config_changed = TRUE;
+
+ i += EVENT_SIZE + event->len;
+ }
+ }
+
+ if (config_changed) {
+ /* purge existing policy files */
+ _pk_debug ("purging policy files");
+ if (pk_context->priv_cache != NULL) {
+ polkit_policy_cache_unref (pk_context->priv_cache);
+ pk_context->priv_cache = NULL;
+ }
+
+ /* Purge existing old config file */
+ _pk_debug ("purging configuration file");
+ if (pk_context->config != NULL) {
+ polkit_config_unref (pk_context->config);
+ pk_context->config = NULL;
+ }
+
+ /* Purge authorization entries from the cache */
+ _polkit_authorization_db_invalidate_cache (pk_context->authdb);
+
+ if (pk_context->config_changed_cb != NULL) {
+ pk_context->config_changed_cb (pk_context,
+ pk_context->config_changed_user_data);
+ }
+ }
+}
+
+/**
+ * polkit_context_set_io_watch_functions:
+ * @pk_context: the context object
+ * @io_add_watch_func: the function that the PolicyKit library can invoke to start watching a file descriptor
+ * @io_remove_watch_func: the function that the PolicyKit library can invoke to stop watching a file descriptor
+ *
+ * Register a functions that PolicyKit can use for watching IO descriptors.
+ *
+ * This method must be called before polkit_context_init().
+ **/
+void
+polkit_context_set_io_watch_functions (PolKitContext *pk_context,
+ PolKitContextAddIOWatch io_add_watch_func,
+ PolKitContextRemoveIOWatch io_remove_watch_func)
+{
+ g_return_if_fail (pk_context != NULL);
+ pk_context->io_add_watch_func = io_add_watch_func;
+ pk_context->io_remove_watch_func = io_remove_watch_func;
+}
+
+/**
+ * polkit_context_set_load_descriptions:
+ * @pk_context: the context
+ *
+ * Set whether policy descriptions should be loaded. By default these
+ * are not loaded to keep memory use down. TODO: specify whether they
+ * are localized and how.
+ *
+ * This method must be called before polkit_context_init().
+ **/
+void
+polkit_context_set_load_descriptions (PolKitContext *pk_context)
+{
+ g_return_if_fail (pk_context != NULL);
+ pk_context->load_descriptions = TRUE;
+}
+
+/**
+ * polkit_context_get_policy_cache:
+ * @pk_context: the context
+ *
+ * Get the #PolKitPolicyCache object that holds all the defined policies as well as their defaults.
+ *
+ * Returns: the #PolKitPolicyCache object. Caller shall not unref it.
+ **/
+PolKitPolicyCache *
+polkit_context_get_policy_cache (PolKitContext *pk_context)
+{
+ g_return_val_if_fail (pk_context != NULL, NULL);
+
+ if (pk_context->priv_cache == NULL) {
+ PolKitError *error;
+
+ _pk_debug ("Populating cache from directory %s", pk_context->policy_dir);
+
+ error = NULL;
+ pk_context->priv_cache = _polkit_policy_cache_new (pk_context->policy_dir,
+ pk_context->load_descriptions,
+ &error);
+ if (pk_context->priv_cache == NULL) {
+ g_warning ("Error loading policy files from %s: %s",
+ pk_context->policy_dir, polkit_error_get_error_message (error));
+ polkit_error_free (error);
+ } else {
+ polkit_policy_cache_debug (pk_context->priv_cache);
+ }
+ }
+
+ return pk_context->priv_cache;
+}
+
+
+/**
+ * polkit_context_is_session_authorized:
+ * @pk_context: the PolicyKit context
+ * @action: the type of access to check for
+ * @session: the session in question
+ * @error: return location for error
+ *
+ * Determine if any caller from a giver session is authorized to do a
+ * given action.
+ *
+ * Returns: A #PolKitResult specifying if, and how, the caller can
+ * do a specific action.
+ *
+ * Since: 0.7
+ */
+PolKitResult
+polkit_context_is_session_authorized (PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitSession *session,
+ PolKitError **error)
+{
+ PolKitPolicyCache *cache;
+ PolKitPolicyFileEntry *pfe;
+ PolKitPolicyDefault *policy_default;
+ PolKitResult result_from_config;
+ PolKitResult result_from_grantdb;
+ polkit_bool_t from_authdb;
+ PolKitResult result;
+ PolKitConfig *config;
+
+ result = POLKIT_RESULT_NO;
+ g_return_val_if_fail (pk_context != NULL, result);
+
+ config = polkit_context_get_config (pk_context, NULL);
+ /* if the configuration file is malformed, always say no */
+ if (config == NULL)
+ goto out;
+
+ if (action == NULL || session == NULL)
+ goto out;
+
+ /* now validate the incoming objects */
+ if (!polkit_action_validate (action))
+ goto out;
+ if (!polkit_session_validate (session))
+ goto out;
+
+ cache = polkit_context_get_policy_cache (pk_context);
+ if (cache == NULL)
+ goto out;
+
+ _pk_debug ("entering polkit_can_session_do_action()");
+ polkit_action_debug (action);
+ polkit_session_debug (session);
+
+ pfe = polkit_policy_cache_get_entry (cache, action);
+ if (pfe == NULL) {
+ char *action_name;
+ if (!polkit_action_get_action_id (action, &action_name)) {
+ g_warning ("given action has no name");
+ } else {
+ g_warning ("no action with name '%s'", action_name);
+ }
+ result = POLKIT_RESULT_UNKNOWN;
+ goto out;
+ }
+
+ polkit_policy_file_entry_debug (pfe);
+
+ result_from_config = polkit_config_can_session_do_action (config, action, session);
+
+ result_from_grantdb = POLKIT_RESULT_UNKNOWN;
+ if (polkit_authorization_db_is_session_authorized (pk_context->authdb,
+ action,
+ session,
+ &from_authdb)) {
+ if (from_authdb)
+ result_from_grantdb = POLKIT_RESULT_YES;
+ }
+
+ /* Fist, the config file is authoritative.. so only use the
+ * value from the authdb if the config file allows to gain via
+ * authentication
+ */
+ if (result_from_config != POLKIT_RESULT_UNKNOWN) {
+ /* it does.. use it.. although try to use an existing grant if there is one */
+ if ((result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT ||
+ result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH ||
+ result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION ||
+ result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS ||
+ result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT ||
+ result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH ||
+ result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION ||
+ result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS) &&
+ result_from_grantdb == POLKIT_RESULT_YES) {
+ result = POLKIT_RESULT_YES;
+ } else {
+ result = result_from_config;
+ }
+ goto found;
+ }
+
+ /* If we have a positive answer from the authdb, use it */
+ if (result_from_grantdb == POLKIT_RESULT_YES) {
+ result = POLKIT_RESULT_YES;
+ goto found;
+ }
+
+ /* Otherwise, fall back to defaults as specified in the .policy file */
+ policy_default = polkit_policy_file_entry_get_default (pfe);
+ if (policy_default == NULL) {
+ g_warning ("no default policy for action!");
+ goto out;
+ }
+ result = polkit_policy_default_can_session_do_action (policy_default, action, session);
+
+found:
+ /* Never return UNKNOWN to user */
+ if (result == POLKIT_RESULT_UNKNOWN)
+ result = POLKIT_RESULT_NO;
+
+out:
+ _pk_debug ("... result was %s", polkit_result_to_string_representation (result));
+ return result;
+}
+
+/**
+ * polkit_context_is_caller_authorized:
+ * @pk_context: the PolicyKit context
+ * @action: the type of access to check for
+ * @caller: the caller in question
+ * @revoke_if_one_shot: Whether to revoke one-shot authorizations. See
+ * below for discussion.
+ * @error: return location for error
+ *
+ * Determine if a given caller is authorized to do a given
+ * action.
+ *
+ * It is important to understand how one-shot authorizations work.
+ * The revoke_if_one_shot parameter, if #TRUE, specifies whether
+ * one-shot authorizations should be revoked if they are used
+ * to make the decision to return #POLKIT_RESULT_YES.
+ *
+ * UI applications wanting to hint whether a caller is authorized must
+ * pass #FALSE here. Mechanisms that wants to check authorizations
+ * before carrying out work on behalf of a caller must pass #TRUE
+ * here.
+ *
+ * As a side-effect, any process with the authorization
+ * org.freedesktop.policykit.read can revoke one-shot authorizations
+ * from other users. Even though the window for doing so is small
+ * (one-shot auths are typically used right away), be careful who you
+ * grant that authorization to.
+ *
+ * This can fail with the following errors:
+ * #POLKIT_ERROR_NOT_AUTHORIZED_TO_READ_AUTHORIZATIONS_FOR_OTHER_USERS
+ *
+ * Returns: A #PolKitResult specifying if, and how, the caller can
+ * do a specific action.
+ *
+ * Since: 0.7
+ */
+PolKitResult
+polkit_context_is_caller_authorized (PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitCaller *caller,
+ polkit_bool_t revoke_if_one_shot,
+ PolKitError **error)
+{
+
+
+ PolKitPolicyCache *cache;
+ PolKitPolicyFileEntry *pfe;
+ PolKitResult result;
+ PolKitResult result_from_config;
+ PolKitResult result_from_grantdb;
+ PolKitPolicyDefault *policy_default;
+ PolKitConfig *config;
+ polkit_bool_t from_authdb;
+
+ result = POLKIT_RESULT_NO;
+ g_return_val_if_fail (pk_context != NULL, result);
+
+ /* if the configuration file is malformed, always say no */
+ config = polkit_context_get_config (pk_context, NULL);
+ if (config == NULL)
+ goto out;
+
+ if (action == NULL || caller == NULL)
+ goto out;
+
+ cache = polkit_context_get_policy_cache (pk_context);
+ if (cache == NULL)
+ goto out;
+
+ /* now validate the incoming objects */
+ if (!polkit_action_validate (action))
+ goto out;
+ if (!polkit_caller_validate (caller))
+ goto out;
+
+ _pk_debug ("entering polkit_can_caller_do_action()");
+ polkit_action_debug (action);
+ polkit_caller_debug (caller);
+
+ pfe = polkit_policy_cache_get_entry (cache, action);
+ if (pfe == NULL) {
+ char *action_name;
+ if (!polkit_action_get_action_id (action, &action_name)) {
+ g_warning ("given action has no name");
+ } else {
+ g_warning ("no action with name '%s'", action_name);
+ }
+ result = POLKIT_RESULT_UNKNOWN;
+ goto out;
+ }
+
+ polkit_policy_file_entry_debug (pfe);
+
+ result_from_config = polkit_config_can_caller_do_action (config, action, caller);
+
+ result_from_grantdb = POLKIT_RESULT_UNKNOWN;
+ if (polkit_authorization_db_is_caller_authorized (pk_context->authdb,
+ action,
+ caller,
+ revoke_if_one_shot,
+ &from_authdb)) {
+ if (from_authdb)
+ result_from_grantdb = POLKIT_RESULT_YES;
+ }
+
+ /* Fist, the config file is authoritative.. so only use the
+ * value from the authdb if the config file allows to gain via
+ * authentication
+ */
+ if (result_from_config != POLKIT_RESULT_UNKNOWN) {
+ /* it does.. use it.. although try to use an existing grant if there is one */
+ if ((result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT ||
+ result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH ||
+ result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION ||
+ result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS ||
+ result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT ||
+ result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH ||
+ result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION ||
+ result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS) &&
+ result_from_grantdb == POLKIT_RESULT_YES) {
+ result = POLKIT_RESULT_YES;
+ } else {
+ result = result_from_config;
+ }
+ goto found;
+ }
+
+ /* If we have a positive answer from the authdb, use it */
+ if (result_from_grantdb == POLKIT_RESULT_YES) {
+ result = POLKIT_RESULT_YES;
+ goto found;
+ }
+
+ /* Otherwise, fall back to defaults as specified in the .policy file */
+ policy_default = polkit_policy_file_entry_get_default (pfe);
+ if (policy_default == NULL) {
+ g_warning ("no default policy for action!");
+ goto out;
+ }
+ result = polkit_policy_default_can_caller_do_action (policy_default, action, caller);
+
+found:
+
+ /* Never return UNKNOWN to user */
+ if (result == POLKIT_RESULT_UNKNOWN)
+ result = POLKIT_RESULT_NO;
+out:
+ _pk_debug ("... result was %s", polkit_result_to_string_representation (result));
+ return result;
+}
+
+/**
+ * polkit_context_can_session_do_action:
+ * @pk_context: the PolicyKit context
+ * @action: the type of access to check for
+ * @session: the session in question
+ *
+ * Determine if a given session can do a given action.
+ *
+ * This can fail with the following errors:
+ * #POLKIT_ERROR_NOT_AUTHORIZED_TO_READ_AUTHORIZATIONS_FOR_OTHER_USERS
+ *
+ * Returns: A #PolKitResult - can only be one of
+ * #POLKIT_RESULT_YES, #POLKIT_RESULT_NO.
+ *
+ * Deprecated: 0.7: use polkit_context_is_session_authorized() instead.
+ */
+PolKitResult
+polkit_context_can_session_do_action (PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitSession *session)
+{
+ return polkit_context_is_session_authorized (pk_context, action, session, NULL);
+}
+
+/**
+ * polkit_context_can_caller_do_action:
+ * @pk_context: the PolicyKit context
+ * @action: the type of access to check for
+ * @caller: the caller in question
+ *
+ * Determine if a given caller can do a given action.
+ *
+ * Returns: A #PolKitResult specifying if, and how, the caller can
+ * do a specific action
+ *
+ * Deprecated: 0.7: use polkit_context_is_caller_authorized() instead.
+ */
+PolKitResult
+polkit_context_can_caller_do_action (PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitCaller *caller)
+{
+ return polkit_context_is_caller_authorized (pk_context, action, caller, TRUE, NULL);
+}
+
+/**
+ * polkit_context_get_config:
+ * @pk_context: the PolicyKit context
+ * @error: Return location for error
+ *
+ * Returns an object that provides access to the
+ * /etc/PolicyKit/PolicyKit.conf configuration files. Applications
+ * using PolicyKit should never use this method; it's only here for
+ * integration with other PolicyKit components.
+ *
+ * Returns: A #PolKitConfig object or NULL if the configuration file
+ * is malformed. Caller should not unref this object.
+ */
+PolKitConfig *
+polkit_context_get_config (PolKitContext *pk_context, PolKitError **error)
+{
+ if (pk_context->config == NULL) {
+ PolKitError **pk_error;
+ PolKitError *pk_error2;
+
+ pk_error2 = NULL;
+ if (error != NULL)
+ pk_error = error;
+ else
+ pk_error = &pk_error2;
+
+ _pk_debug ("loading configuration file");
+ pk_context->config = polkit_config_new (PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf", pk_error);
+ /* if configuration file was bad, log it */
+ if (pk_context->config == NULL) {
+ _pk_debug ("failed to load configuration file: %s",
+ polkit_error_get_error_message (*pk_error));
+ syslog (LOG_ALERT, "libpolkit: failed to load configuration file: %s",
+ polkit_error_get_error_message (*pk_error));
+ if (pk_error == &pk_error2)
+ polkit_error_free (*pk_error);
+ }
+ }
+ return pk_context->config;
+}
+
+/**
+ * polkit_context_get_authorization_db:
+ * @pk_context: the PolicyKit context
+ *
+ * Returns an object that provides access to the authorization
+ * database. Applications using PolicyKit should never use this
+ * method; it's only here for integration with other PolicyKit
+ * components.
+ *
+ * Returns: A #PolKitAuthorizationDB object. Caller should not unref
+ * this object.
+ */
+PolKitAuthorizationDB *
+polkit_context_get_authorization_db (PolKitContext *pk_context)
+{
+ return pk_context->authdb;
+}
diff --git a/src/polkit/polkit-context.h b/src/polkit/polkit-context.h
new file mode 100644
index 0000000..72e4ad8
--- /dev/null
+++ b/src/polkit/polkit-context.h
@@ -0,0 +1,190 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-context.h : PolicyKit context
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_CONTEXT_H
+#define POLKIT_CONTEXT_H
+
+#include <polkit/polkit-types.h>
+#include <polkit/polkit-error.h>
+#include <polkit/polkit-result.h>
+#include <polkit/polkit-context.h>
+#include <polkit/polkit-action.h>
+#include <polkit/polkit-seat.h>
+#include <polkit/polkit-session.h>
+#include <polkit/polkit-caller.h>
+#include <polkit/polkit-policy-cache.h>
+#include <polkit/polkit-config.h>
+#include <polkit/polkit-authorization-db.h>
+
+POLKIT_BEGIN_DECLS
+
+struct _PolKitContext;
+typedef struct _PolKitContext PolKitContext;
+
+/**
+ * PolKitContextConfigChangedCB:
+ * @pk_context: PolicyKit context
+ * @user_data: user data
+ *
+ * The type of the callback function for when configuration changes.
+ * Mechanisms should use this callback to e.g. reconfigure all
+ * permissions / acl's they have set in response to policy decisions
+ * made from information provided by PolicyKit.
+ *
+ * The user must have set up watches using #polkit_context_set_io_watch_functions
+ * for this to work.
+ *
+ * Note that this function may be called many times within a short
+ * interval due to how file monitoring works if e.g. the user is
+ * editing a configuration file (editors typically create back-up
+ * files). Mechanisms should use a "cool-off" timer (of, say, one
+ * second) to avoid doing many expensive operations (such as
+ * reconfiguring all ACL's for all devices) within a very short
+ * timeframe.
+ */
+typedef void (*PolKitContextConfigChangedCB) (PolKitContext *pk_context,
+ void *user_data);
+
+/**
+ * PolKitContextAddIOWatch:
+ * @pk_context: the polkit context
+ * @fd: the file descriptor to watch
+ *
+ * Type for function supplied by the application to integrate a watch
+ * on a file descriptor into the applications main loop. The
+ * application must call polkit_grant_io_func() when there is data
+ * to read from the file descriptor.
+ *
+ * For glib mainloop, the function will typically look like this:
+ *
+ * <programlisting>
+ * static gboolean
+ * io_watch_have_data (GIOChannel *channel, GIOCondition condition, gpointer user_data)
+ * {
+ * int fd;
+ * PolKitContext *pk_context = user_data;
+ * fd = g_io_channel_unix_get_fd (channel);
+ * polkit_context_io_func (pk_context, fd);
+ * return TRUE;
+ * }
+ *
+ * static int
+ * io_add_watch (PolKitContext *pk_context, int fd)
+ * {
+ * guint id = 0;
+ * GIOChannel *channel;
+ * channel = g_io_channel_unix_new (fd);
+ * if (channel == NULL)
+ * goto out;
+ * id = g_io_add_watch (channel, G_IO_IN, io_watch_have_data, pk_context);
+ * if (id == 0) {
+ * g_io_channel_unref (channel);
+ * goto out;
+ * }
+ * g_io_channel_unref (channel);
+ * out:
+ * return id;
+ * }
+ * </programlisting>
+ *
+ * Returns: 0 if the watch couldn't be set up; otherwise an unique
+ * identifier for the watch.
+ **/
+typedef int (*PolKitContextAddIOWatch) (PolKitContext *pk_context, int fd);
+
+/**
+ * PolKitContextRemoveIOWatch:
+ * @pk_context: the context object
+ * @watch_id: the id obtained from using the supplied function
+ * of type #PolKitContextAddIOWatch
+ *
+ * Type for function supplied by the application to remove a watch set
+ * up via the supplied function of type #PolKitContextAddIOWatch
+ *
+ * For the glib mainloop, the function will typically look like this:
+ *
+ * <programlisting>
+ * static void
+ * io_remove_watch (PolKitContext *pk_context, int watch_id)
+ * {
+ * g_source_remove (watch_id);
+ * }
+ * </programlisting>
+ *
+ **/
+typedef void (*PolKitContextRemoveIOWatch) (PolKitContext *pk_context, int watch_id);
+
+
+PolKitContext *polkit_context_new (void);
+void polkit_context_set_config_changed (PolKitContext *pk_context,
+ PolKitContextConfigChangedCB cb,
+ void *user_data);
+void polkit_context_set_io_watch_functions (PolKitContext *pk_context,
+ PolKitContextAddIOWatch io_add_watch_func,
+ PolKitContextRemoveIOWatch io_remove_watch_func);
+void polkit_context_set_load_descriptions (PolKitContext *pk_context);
+polkit_bool_t polkit_context_init (PolKitContext *pk_context,
+ PolKitError **error);
+PolKitContext *polkit_context_ref (PolKitContext *pk_context);
+void polkit_context_unref (PolKitContext *pk_context);
+
+void polkit_context_io_func (PolKitContext *pk_context, int fd);
+
+PolKitPolicyCache *polkit_context_get_policy_cache (PolKitContext *pk_context);
+
+POLKIT_GNUC_DEPRECATED
+PolKitResult polkit_context_can_session_do_action (PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitSession *session);
+
+POLKIT_GNUC_DEPRECATED
+PolKitResult polkit_context_can_caller_do_action (PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitCaller *caller);
+
+PolKitConfig *polkit_context_get_config (PolKitContext *pk_context, PolKitError **error);
+
+PolKitResult polkit_context_is_caller_authorized (PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitCaller *caller,
+ polkit_bool_t revoke_if_one_shot,
+ PolKitError **error);
+
+PolKitResult polkit_context_is_session_authorized (PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitSession *session,
+ PolKitError **error);
+
+PolKitAuthorizationDB *polkit_context_get_authorization_db (PolKitContext *pk_context);
+
+POLKIT_END_DECLS
+
+#endif /* POLKIT_CONTEXT_H */
+
+
diff --git a/src/polkit/polkit-debug.c b/src/polkit/polkit-debug.c
new file mode 100644
index 0000000..50c1491
--- /dev/null
+++ b/src/polkit/polkit-debug.c
@@ -0,0 +1,81 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit.c : library for querying system-wide policy
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+/**
+ * SECTION:polkit-debug
+ * @short_description: Internal debug functions for polkit.
+ *
+ * These functions are used for debug purposes
+ **/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <sys/time.h>
+#include <time.h>
+
+#include "polkit-types.h"
+#include "polkit-debug.h"
+
+/**
+ * pk_debug:
+ * @format: format
+ *
+ * Print debug message
+ **/
+void
+_pk_debug (const char *format, ...)
+{
+ va_list args;
+ static polkit_bool_t show_debug = FALSE;
+ static polkit_bool_t init = FALSE;
+
+ if (!init) {
+ init = TRUE;
+ if (getenv ("POLKIT_DEBUG") != NULL) {
+ show_debug = TRUE;
+ }
+ }
+
+ if (show_debug) {
+ struct timeval tnow;
+ struct tm *tlocaltime;
+ struct timezone tzone;
+ char tbuf[256];
+ gettimeofday (&tnow, &tzone);
+ tlocaltime = localtime ((time_t *) &tnow.tv_sec);
+ strftime (tbuf, sizeof (tbuf), "%H:%M:%S", tlocaltime);
+ fprintf (stdout, "%s.%03d: ", tbuf, (int)(tnow.tv_usec/1000));
+
+ va_start (args, format);
+ vfprintf (stdout, format, args);
+ va_end (args);
+ fprintf (stdout, "\n");
+ }
+}
diff --git a/src/polkit/polkit-debug.h b/src/polkit/polkit-debug.h
new file mode 100644
index 0000000..7177e7e
--- /dev/null
+++ b/src/polkit/polkit-debug.h
@@ -0,0 +1,33 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-debug.h : debug infrastructure for polkit
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#ifndef POLKIT_DEBUG_H
+#define POLKIT_DEBUG_H
+
+void _pk_debug (const char *format, ...) __attribute__((__format__ (__printf__, 1, 2)));
+
+#endif /* POLKIT_DEBUG_H */
+
+
diff --git a/src/polkit/polkit-error.c b/src/polkit/polkit-error.c
new file mode 100644
index 0000000..f87f817
--- /dev/null
+++ b/src/polkit/polkit-error.c
@@ -0,0 +1,246 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-error.c : GError error codes from PolicyKit
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+/**
+ * SECTION:polkit-error
+ * @title: Error reporting
+ * @short_description: Representation of recoverable errors.
+ *
+ * Error codes from PolicyKit.
+ **/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <glib.h>
+
+#include "polkit-types.h"
+#include "polkit-error.h"
+#include "polkit-debug.h"
+#include "polkit-test.h"
+#include "polkit-memory.h"
+
+/**
+ * PolKitError:
+ *
+ * Objects of this class are used for error reporting.
+ **/
+struct _PolKitError
+{
+ polkit_bool_t is_static;
+ PolKitErrorCode error_code;
+ char *error_message;
+};
+
+/**
+ * polkit_error_is_set:
+ * @error: the error
+ *
+ * Determine if an error set
+ *
+ * Returns: #TRUE if, and only if, the error is set
+ *
+ * Since: 0.7
+ */
+polkit_bool_t
+polkit_error_is_set (PolKitError *error)
+{
+ return error != NULL;
+}
+
+static const char *error_names[POLKIT_ERROR_NUM_ERROR_CODES] = {
+ "OutOfMemory",
+ "PolicyFileInvalid",
+ "GeneralError",
+ "NotAuthorizedToReadAuthorizationsForOtherUsers",
+ "NotAuthorizedToRevokeAuthorizationsFromOtherUsers",
+ "NotAuthorizedToGrantAuthorization",
+ "AuthorizationAlreadyExists",
+ "NotSupported"
+};
+
+/**
+ * polkit_error_get_error_name:
+ * @error: the error
+ *
+ * Get the CamelCase name for the error;
+ * e.g. #POLKIT_ERROR_OUT_OF_MEMORY maps to "OutOfMemory" and so on.
+ *
+ * Returns: the string
+ *
+ * Since: 0.7
+ */
+const char *
+polkit_error_get_error_name (PolKitError *error)
+{
+ g_return_val_if_fail (error != NULL, NULL);
+ g_return_val_if_fail (error->error_code >= 0 && error->error_code < POLKIT_ERROR_NUM_ERROR_CODES, NULL);
+
+ return error_names[error->error_code];
+}
+
+/**
+ * polkit_error_get_error_code:
+ * @error: the error object
+ *
+ * Returns the error code.
+ *
+ * Returns: A value from the #PolKitErrorCode enumeration.
+ **/
+PolKitErrorCode
+polkit_error_get_error_code (PolKitError *error)
+{
+ g_return_val_if_fail (error != NULL, -1);
+ return error->error_code;
+}
+
+/**
+ * polkit_error_get_error_message:
+ * @error: the error object
+ *
+ * Get the error message.
+ *
+ * Returns: A string describing the error. Caller shall not free this string.
+ **/
+const char *
+polkit_error_get_error_message (PolKitError *error)
+{
+ g_return_val_if_fail (error != NULL, NULL);
+ return error->error_message;
+}
+
+/**
+ * polkit_error_free:
+ * @error: the error
+ *
+ * Free an error.
+ **/
+void
+polkit_error_free (PolKitError *error)
+{
+ g_return_if_fail (error != NULL);
+ if (!error->is_static) {
+ p_free (error->error_message);
+ p_free (error);
+ }
+}
+
+
+static PolKitError _oom_error = {TRUE, POLKIT_ERROR_OUT_OF_MEMORY, "Pre-allocated OOM error object"};
+
+/**
+ * polkit_error_set_error:
+ * @error: the error object
+ * @error_code: A value from the #PolKitErrorCode enumeration.
+ * @format: printf style formatting string
+ * @Varargs: printf style arguments
+ *
+ * Sets an error. If OOM, the error will be set to a pre-allocated OOM error.
+ *
+ * Returns: TRUE if the error was set
+ **/
+polkit_bool_t
+polkit_error_set_error (PolKitError **error, PolKitErrorCode error_code, const char *format, ...)
+{
+ va_list args;
+ PolKitError *e;
+
+ g_return_val_if_fail (format != NULL, FALSE);
+ g_return_val_if_fail (error_code >= 0 && error_code < POLKIT_ERROR_NUM_ERROR_CODES, FALSE);
+
+ if (error == NULL)
+ goto out;
+
+ e = p_new0 (PolKitError, 1);
+ if (e == NULL) {
+ *error = &_oom_error;
+ } else {
+ e->is_static = FALSE;
+ e->error_code = error_code;
+ va_start (args, format);
+ e->error_message = p_strdup_vprintf (format, args);
+ va_end (args);
+ if (e->error_message == NULL) {
+ p_free (e);
+ *error = &_oom_error;
+ } else {
+ *error = e;
+ }
+ }
+
+out:
+ return TRUE;
+}
+
+#ifdef POLKIT_BUILD_TESTS
+
+static polkit_bool_t
+_run_test (void)
+{
+ unsigned int n;
+ PolKitError *e;
+ char s[256];
+
+ e = NULL;
+ g_assert (! polkit_error_is_set (e));
+ g_assert (! polkit_error_set_error (&e, -1, "Testing"));
+ g_assert (! polkit_error_set_error (&e, POLKIT_ERROR_NUM_ERROR_CODES, "Testing"));
+
+ for (n = 0; n < POLKIT_ERROR_NUM_ERROR_CODES; n++) {
+ polkit_error_set_error (&e, n, "Testing error code %d", n);
+ g_assert (polkit_error_is_set (e));
+ g_assert (polkit_error_get_error_code (e) == n || polkit_error_get_error_code (e) == POLKIT_ERROR_OUT_OF_MEMORY);
+ g_assert (strcmp (polkit_error_get_error_name (e), error_names[polkit_error_get_error_code (e)]) == 0);
+
+ if (polkit_error_get_error_code (e) != POLKIT_ERROR_OUT_OF_MEMORY) {
+ snprintf (s, sizeof (s), "Testing error code %d", n);
+ g_assert (strcmp (polkit_error_get_error_message (e), s) == 0);
+ }
+
+ polkit_error_free (e);
+ }
+
+ return TRUE;
+}
+
+
+PolKitTest _test_error = {
+ "polkit_error",
+ NULL,
+ NULL,
+ _run_test
+};
+
+#endif /* POLKIT_BUILD_TESTS */
diff --git a/src/polkit/polkit-error.h b/src/polkit/polkit-error.h
new file mode 100644
index 0000000..472d670
--- /dev/null
+++ b/src/polkit/polkit-error.h
@@ -0,0 +1,88 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-error.h : error reporting from PolicyKit
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_ERROR_H
+#define POLKIT_ERROR_H
+
+#include <polkit/polkit-types.h>
+
+POLKIT_BEGIN_DECLS
+
+/**
+ * PolKitErrorCode:
+ * @POLKIT_ERROR_OUT_OF_MEMORY: Out of memory
+ * @POLKIT_ERROR_POLICY_FILE_INVALID: There was an error parsing the given policy file
+ * @POLKIT_ERROR_GENERAL_ERROR: A general error code typically
+ * indicating problems with the installation of PolicyKit,
+ * e.g. helpers missing or wrong owner / permission.
+ * @POLKIT_ERROR_NOT_AUTHORIZED_TO_READ_AUTHORIZATIONS_FOR_OTHER_USERS:
+ * An attempt was made to read authorizations for other users and the
+ * calling process is not authorized.
+ * @POLKIT_ERROR_NOT_AUTHORIZED_TO_REVOKE_AUTHORIZATIONS_FROM_OTHER_USERS:
+ * An attempt was made to revoke authorizations for other users and the
+ * calling process is not authorized.
+ * @POLKIT_ERROR_NOT_AUTHORIZED_TO_GRANT_AUTHORIZATION: An attempt was
+ * made to grant an authorization and the calling process is not
+ * authorized.
+ * @POLKIT_ERROR_AUTHORIZATION_ALREADY_EXISTS: Subject already has an
+ * similar authorization already (modulo time of grant and who granted).
+ * @POLKIT_ERROR_NOT_SUPPORTED: The operation is not supported by the
+ * authorization database backend
+ * @POLKIT_ERROR_NUM_ERROR_CODES: Number of error codes. This may change
+ * from version to version; do not rely on it.
+ *
+ * Errors returned by PolicyKit
+ */
+typedef enum
+{
+ POLKIT_ERROR_OUT_OF_MEMORY,
+ POLKIT_ERROR_POLICY_FILE_INVALID,
+ POLKIT_ERROR_GENERAL_ERROR,
+ POLKIT_ERROR_NOT_AUTHORIZED_TO_READ_AUTHORIZATIONS_FOR_OTHER_USERS,
+ POLKIT_ERROR_NOT_AUTHORIZED_TO_REVOKE_AUTHORIZATIONS_FROM_OTHER_USERS,
+ POLKIT_ERROR_NOT_AUTHORIZED_TO_GRANT_AUTHORIZATION,
+ POLKIT_ERROR_AUTHORIZATION_ALREADY_EXISTS,
+ POLKIT_ERROR_NOT_SUPPORTED,
+
+ POLKIT_ERROR_NUM_ERROR_CODES
+} PolKitErrorCode;
+
+struct _PolKitError;
+typedef struct _PolKitError PolKitError;
+
+polkit_bool_t polkit_error_is_set (PolKitError *error);
+const char *polkit_error_get_error_name (PolKitError *error);
+PolKitErrorCode polkit_error_get_error_code (PolKitError *error);
+const char *polkit_error_get_error_message (PolKitError *error);
+void polkit_error_free (PolKitError *error);
+polkit_bool_t polkit_error_set_error (PolKitError **error, PolKitErrorCode error_code, const char *format, ...) __attribute__((__format__ (__printf__, 3, 4)));
+
+POLKIT_END_DECLS
+
+#endif /* POLKIT_ERROR_H */
diff --git a/src/polkit/polkit-hash.c b/src/polkit/polkit-hash.c
new file mode 100644
index 0000000..ef2797d
--- /dev/null
+++ b/src/polkit/polkit-hash.c
@@ -0,0 +1,560 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-hash.c : Hash tables
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <glib.h>
+#include <polkit/polkit-hash.h>
+#include <polkit/polkit-memory.h>
+#include <polkit/polkit-test.h>
+
+/**
+ * SECTION:polkit-hash
+ * @title: Hash Tables
+ * @short_description: Hash Tables
+ *
+ * This class provides support for hash tables.
+ *
+ * Since: 0.7
+ **/
+
+struct _PolKitHashNode;
+
+typedef struct _PolKitHashNode {
+ void *key;
+ void *value;
+ struct _PolKitHashNode *next;
+} PolKitHashNode;
+
+
+/**
+ * PolKitHash:
+ *
+ * The #PolKitHash structure not be accessed directly.
+ *
+ * Since: 0.7
+ */
+struct _PolKitHash
+{
+ int refcount;
+
+ int num_top_nodes;
+ PolKitHashNode **top_nodes;
+
+ PolKitHashFunc hash_func;
+ PolKitEqualFunc key_equal_func;
+ PolKitCopyFunc key_copy_func;
+ PolKitCopyFunc value_copy_func;
+ PolKitFreeFunc key_destroy_func;
+ PolKitFreeFunc value_destroy_func;
+};
+
+/**
+ * polkit_hash_new:
+ * @hash_func: The hash function to use
+ * @key_equal_func: The function used to determine key equality
+ * @key_copy_func: Function for copying keys or #NULL
+ * @value_copy_func: Function for copying values or #NULL
+ * @key_destroy_func: Function for freeing keys or #NULL
+ * @value_destroy_func: Function for freeing values or #NULL
+ *
+ * Creates a new Hash Table.
+ *
+ * Returns: The new hash table. Returns #NULL on OOM.
+ *
+ * Since: 0.7
+ */
+PolKitHash *
+polkit_hash_new (PolKitHashFunc hash_func,
+ PolKitEqualFunc key_equal_func,
+ PolKitCopyFunc key_copy_func,
+ PolKitCopyFunc value_copy_func,
+ PolKitFreeFunc key_destroy_func,
+ PolKitFreeFunc value_destroy_func)
+{
+ PolKitHash *h;
+
+ g_return_val_if_fail (hash_func != NULL, NULL);
+ g_return_val_if_fail (key_equal_func != NULL, NULL);
+
+ h = p_new0 (PolKitHash, 1);
+ if (h == NULL)
+ goto error;
+
+ h->refcount = 1;
+ h->hash_func = hash_func;
+ h->key_copy_func = key_copy_func;
+ h->value_copy_func = value_copy_func;
+ h->key_equal_func = key_equal_func;
+ h->key_destroy_func = key_destroy_func;
+ h->value_destroy_func = value_destroy_func;
+
+ h->num_top_nodes = 11; /* TODO: configurable? */
+ h->top_nodes = p_new0 (PolKitHashNode*, h->num_top_nodes);
+ if (h->top_nodes == NULL)
+ goto error;
+
+ return h;
+error:
+ if (h != NULL)
+ polkit_hash_unref (h);
+ return NULL;
+}
+
+/**
+ * polkit_hash_ref:
+ * @hash: the hash table
+ *
+ * Increase reference count.
+ *
+ * Returns: the hash table
+ *
+ * Since: 0.7
+ */
+PolKitHash *
+polkit_hash_ref (PolKitHash *hash)
+{
+ g_return_val_if_fail (hash != NULL, hash);
+ hash->refcount++;
+ return hash;
+}
+
+/**
+ * polkit_hash_unref:
+ * @hash: the hash table
+ *
+ * Decrease reference count. If reference count drop to zero the hash
+ * table is freed.
+ *
+ * Since: 0.7
+ */
+void
+polkit_hash_unref (PolKitHash *hash)
+{
+ g_return_if_fail (hash != NULL);
+
+ hash->refcount--;
+ if (hash->refcount > 0)
+ return;
+
+ if (hash->top_nodes != NULL) {
+ int n;
+
+ for (n = 0; n < hash->num_top_nodes; n++) {
+ PolKitHashNode *node;
+ PolKitHashNode *next;
+
+ for (node = hash->top_nodes[n]; node != NULL; node = next) {
+ if (hash->key_destroy_func != NULL)
+ hash->key_destroy_func (node->key);
+ if (hash->value_destroy_func != NULL)
+ hash->value_destroy_func (node->value);
+ next = node->next;
+ p_free (node);
+ }
+ }
+ }
+
+ p_free (hash->top_nodes);
+ p_free (hash);
+}
+
+/**
+ * polkit_hash_insert:
+ * @hash: the hash table
+ * @key: key to insert
+ * @value: value to insert
+ *
+ * Inserts a new key and value into a hash table. If the key already
+ * exists in the hash table it's current value is replaced with the
+ * new value.
+ *
+ * Returns: #TRUE unless OOM
+ *
+ * Since: 0.7
+ */
+polkit_bool_t
+polkit_hash_insert (PolKitHash *hash,
+ void *key,
+ void *value)
+{
+ int bucket;
+ PolKitHashNode **nodep;
+ PolKitHashNode *node;
+ void *key_copy;
+ void *value_copy;
+
+ g_return_val_if_fail (hash != NULL, FALSE);
+ g_return_val_if_fail (key != NULL, FALSE);
+
+ key_copy = NULL;
+ value_copy = NULL;
+ if (hash->key_copy_func != NULL) {
+ key_copy = hash->key_copy_func (key);
+ if (key_copy == NULL) {
+ goto oom;
+ }
+ } else {
+ key_copy = key;
+ }
+ if (hash->value_copy_func != NULL) {
+ value_copy = hash->value_copy_func (value);
+ if (value_copy == NULL) {
+ goto oom;
+ }
+ } else {
+ value_copy = value;
+ }
+
+ bucket = hash->hash_func (key) % hash->num_top_nodes;
+
+ nodep = & (hash->top_nodes [bucket]);
+ node = hash->top_nodes [bucket];
+ while (node != NULL) {
+ nodep = &(node->next);
+
+ if (hash->key_equal_func (key, node->key)) {
+ /* replace the value */
+
+ if (hash->key_destroy_func != NULL)
+ hash->key_destroy_func (node->key);
+ if (hash->value_destroy_func != NULL)
+ hash->value_destroy_func (node->value);
+
+ node->key = key_copy;
+ node->value = value_copy;
+
+ goto out;
+ } else {
+ node = node->next;
+ }
+ }
+
+ node = p_new0 (PolKitHashNode, 1);
+ if (node == NULL)
+ goto oom;
+
+ node->key = key_copy;
+ node->value = value_copy;
+ *nodep = node;
+
+out:
+ return TRUE;
+
+oom:
+ if (key_copy != NULL && hash->key_copy_func != NULL && hash->key_destroy_func != NULL)
+ hash->key_destroy_func (key_copy);
+
+ if (value_copy != NULL && hash->value_copy_func != NULL && hash->value_destroy_func != NULL)
+ hash->value_destroy_func (value_copy);
+
+ return FALSE;
+}
+
+/**
+ * polkit_hash_lookup:
+ * @hash: the hash table
+ * @key: key to look up
+ * @found: if not #NULL, will return #TRUE only if the key was found in the hash table
+ *
+ * Look up a value in the hash table.
+ *
+ * Returns: the value; caller shall not free/unref this value
+ *
+ * Since: 0.7
+ */
+void *
+polkit_hash_lookup (PolKitHash *hash, void *key, polkit_bool_t *found)
+{
+ int bucket;
+ void *value;
+ PolKitHashNode *node;
+
+ value = NULL;
+ if (found != NULL)
+ *found = FALSE;
+
+ g_return_val_if_fail (hash != NULL, NULL);
+ g_return_val_if_fail (key != NULL, NULL);
+
+ bucket = hash->hash_func (key) % hash->num_top_nodes;
+
+ node = hash->top_nodes [bucket];
+ while (node != NULL) {
+ if (hash->key_equal_func (key, node->key)) {
+ /* got it */
+
+ value = node->value;
+ if (found != NULL)
+ *found = TRUE;
+ goto out;
+ } else {
+ node = node->next;
+ }
+ }
+
+out:
+ return value;
+}
+
+
+/**
+ * polkit_hash_foreach:
+ * @hash: the hash table
+ * @cb: callback function
+ * @user_data: user data
+ *
+ * Iterate over all elements in a hash table
+ *
+ * Returns: #TRUE only if the callback short-circuited the iteration
+ *
+ * Since: 0.7
+ */
+polkit_bool_t
+polkit_hash_foreach (PolKitHash *hash, PolKitHashForeachFunc cb, void *user_data)
+{
+ int n;
+
+ g_return_val_if_fail (hash != NULL, FALSE);
+ g_return_val_if_fail (cb != NULL, FALSE);
+
+ for (n = 0; n < hash->num_top_nodes; n++) {
+ PolKitHashNode *node;
+
+ for (node = hash->top_nodes[n]; node != NULL; node = node->next) {
+ if (cb (hash, node->key, node->value, user_data))
+ return TRUE;
+ }
+ }
+
+ return FALSE;
+}
+
+
+/**
+ * polkit_hash_direct_hash_func:
+ * @key: the key
+ *
+ * Converts a pointer to a hash value.
+ *
+ * Returns: a hash value corresponding to the key
+ *
+ * Since: 0.7
+ */
+polkit_uint32_t
+polkit_hash_direct_hash_func (const void *key)
+{
+ /* TODO: reimplement */
+ return g_direct_hash (key);
+}
+
+/**
+ * polkit_hash_direct_equal_func:
+ * @v1: first value
+ * @v2: second value
+ *
+ * Compares two pointers and return #TRUE if they are equal (same address).
+ *
+ * Returns: #TRUE only if the values are equal
+ *
+ * Since: 0.7
+ */
+polkit_bool_t
+polkit_hash_direct_equal_func (const void *v1, const void *v2)
+{
+ /* TODO: reimplement */
+ return g_direct_equal (v1, v2);
+}
+
+/**
+ * polkit_hash_str_hash_func:
+ * @key: the key
+ *
+ * Converts a string to a hash value.
+ *
+ * Returns: a hash value corresponding to the key
+ *
+ * Since: 0.7
+ */
+polkit_uint32_t
+polkit_hash_str_hash_func (const void *key)
+{
+ const char *p;
+ polkit_uint32_t hash;
+
+ hash = 0;
+ for (p = key; *p != '\0'; p++)
+ hash = hash * 617 ^ *p;
+
+ return hash;
+}
+
+/**
+ * polkit_hash_str_equal_func:
+ * @v1: first value
+ * @v2: second value
+ *
+ * Compares two strings and return #TRUE if they are equal.
+ *
+ * Returns: #TRUE only if the values are equal
+ *
+ * Since: 0.7
+ */
+polkit_bool_t
+polkit_hash_str_equal_func (const void *v1, const void *v2)
+{
+ return strcmp (v1, v2) == 0;
+}
+
+/**
+ * polkit_hash_str_copy:
+ * @p: void pointer to string
+ *
+ * Similar to p_strdup() except for types.
+ *
+ * Returns: a void pointer to a copy or #NULL on OOM
+ */
+void *
+polkit_hash_str_copy (const void *p)
+{
+ return (void *) p_strdup ((const char *) p);
+}
+
+#ifdef POLKIT_BUILD_TESTS
+
+static polkit_bool_t
+_it1 (PolKitHash *hash, void *key, void *value, void *user_data)
+{
+ int *count = (int *) user_data;
+ *count += 1;
+ return FALSE;
+}
+
+static polkit_bool_t
+_it2 (PolKitHash *hash, void *key, void *value, void *user_data)
+{
+ int *count = (int *) user_data;
+ *count += 1;
+ return TRUE;
+}
+
+static polkit_bool_t
+_run_test (void)
+{
+ int count;
+ PolKitHash *h;
+ polkit_bool_t found;
+
+ /* string hash tables */
+ if ((h = polkit_hash_new (polkit_hash_str_hash_func, polkit_hash_str_equal_func,
+ polkit_hash_str_copy, polkit_hash_str_copy,
+ p_free, p_free)) != NULL) {
+ int n;
+ char *key;
+ char *value;
+ char *test_data[] = {"key1", "val1",
+ "key2", "val2",
+ "key3", "val3",
+ "key4", "val4",
+ "key5", "val5",
+ "key6", "val6",
+ "key7", "val7",
+ "key8", "val8",
+ "key9", "val9",
+ "key10", "val10",
+ "key11", "val11",
+ "key12", "val12",
+ NULL};
+
+ /* first insert the values */
+ for (n = 0; test_data [n*2] != NULL; n++) {
+ if (!polkit_hash_insert (h, test_data [n*2], test_data [n*2 + 1])) {
+ goto oom;
+ }
+ }
+
+ /* then check that we can look them up */
+ for (n = 0; test_data [n*2] != NULL; n++) {
+ key = test_data [n*2];
+ value = polkit_hash_lookup (h, test_data[n*2], &found);
+
+ g_assert (found && strcmp (value, test_data[n*2 + 1]) == 0);
+ }
+
+ /* lookup unknown key */
+ g_assert (polkit_hash_lookup (h, "unknown", &found) == NULL && !found);
+
+ /* replace key */
+ if (key != NULL) {
+ if (polkit_hash_insert (h, "key1", "val1-replaced")) {
+ /* check for replaced value */
+ value = polkit_hash_lookup (h, "key1", &found);
+ g_assert (found && value != NULL && strcmp (value, "val1-replaced") == 0);
+ }
+ }
+
+ count = 0;
+ g_assert (polkit_hash_foreach (h, _it1, &count) == FALSE);
+ g_assert (count == ((sizeof (test_data) / sizeof (char *) - 1) / 2));
+ count = 0;
+ g_assert (polkit_hash_foreach (h, _it2, &count) == TRUE);
+ g_assert (count == 1);
+
+ polkit_hash_ref (h);
+ polkit_hash_unref (h);
+ oom:
+
+ polkit_hash_unref (h);
+ }
+
+ /* direct hash tables */
+ if ((h = polkit_hash_new (polkit_hash_direct_hash_func, polkit_hash_direct_equal_func,
+ NULL, NULL,
+ NULL, NULL)) != NULL) {
+ if (polkit_hash_insert (h, h, h)) {
+ g_assert ((polkit_hash_lookup (h, h, &found) == h) && found);
+ if (polkit_hash_insert (h, h, NULL)) {
+ g_assert (polkit_hash_lookup (h, h, &found) == NULL && found);
+ }
+ }
+ polkit_hash_unref (h);
+ }
+
+ return TRUE;
+}
+
+PolKitTest _test_hash = {
+ "polkit_hash",
+ NULL,
+ NULL,
+ _run_test
+};
+
+#endif /* POLKIT_BUILD_TESTS */
diff --git a/src/polkit/polkit-hash.h b/src/polkit/polkit-hash.h
new file mode 100644
index 0000000..0c3428f
--- /dev/null
+++ b/src/polkit/polkit-hash.h
@@ -0,0 +1,147 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-hash.h : Hash tables
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_HASH_H
+#define POLKIT_HASH_H
+
+#include <polkit/polkit-types.h>
+
+POLKIT_BEGIN_DECLS
+
+struct _PolKitHash;
+typedef struct _PolKitHash PolKitHash;
+
+/**
+ * PolKitHashFunc:
+ * @key: a key
+ *
+ * The function is passed a key and should return a hash value. The
+ * functions polkit_hash_direct_hash_func() and
+ * polkit_hash_str_hash_func() provide hash functions which can be
+ * used when the key is a pointer and an char* respectively.
+ *
+ * Returns: the hash value corresponding to the key
+ *
+ * Since: 0.7
+ */
+typedef polkit_uint32_t (*PolKitHashFunc) (const void *key);
+
+/**
+ * PolKitEqualFunc:
+ * @key1: first key
+ * @key2: second key
+ *
+ * Determines if two keys are equal. The functions
+ * polkit_hash_direct_equal_func() and polkit_hash_str_equal_func()
+ * provide equality functions which can be used when the key is a
+ * pointer and an char* respectively.
+ *
+ * Returns: #TRUE iff the keys are equal
+ *
+ * Since: 0.7
+ */
+typedef polkit_bool_t (*PolKitEqualFunc) (const void *key1, const void *key2);
+
+/**
+ * PolKitFreeFunc:
+ * @p: pointer
+ *
+ * Specifies the type of function which is called when a data element
+ * is destroyed. It is passed the pointer to the data element and
+ * should free any memory and resources allocated for it. The function
+ * p_free() or any of the object unref functions can be passed here.
+ *
+ * Since: 0.7
+ */
+typedef void (*PolKitFreeFunc) (void *p);
+
+/**
+ * PolKitCopyFunc:
+ * @p: pointer
+ *
+ * Specifies the type of function which is called when a data element
+ * is to be cloned or reffed. It is passed the pointer to the data
+ * element and should return a new pointer to a reffed or cloned
+ * object. The function polkit_hash_str_copy() or any of the object
+ * ref functions can be passed here.
+ *
+ * Returns: A copy or ref of the object in question
+ *
+ * Since: 0.7
+ */
+typedef void *(*PolKitCopyFunc) (const void *p);
+
+/**
+ * PolKitHashForeachFunc:
+ * @hash: the hash table
+ * @key: key
+ * @value: value
+ * @user_data: user data passed to polkit_hash_foreach()
+ *
+ * Type signature for callback function used in polkit_hash_foreach().
+ *
+ * Returns: Return #TRUE to short-circuit, e.g. stop the iteration.
+ *
+ * Since: 0.7
+ */
+typedef polkit_bool_t (*PolKitHashForeachFunc) (PolKitHash *hash,
+ void *key,
+ void *value,
+ void *user_data);
+
+
+PolKitHash *polkit_hash_new (PolKitHashFunc hash_func,
+ PolKitEqualFunc key_equal_func,
+ PolKitCopyFunc key_copy_func,
+ PolKitCopyFunc value_copy_func,
+ PolKitFreeFunc key_destroy_func,
+ PolKitFreeFunc value_destroy_func);
+
+PolKitHash *polkit_hash_ref (PolKitHash *hash);
+void polkit_hash_unref (PolKitHash *hash);
+
+polkit_bool_t polkit_hash_insert (PolKitHash *hash, void *key, void *value);
+
+void *polkit_hash_lookup (PolKitHash *hash, void *key, polkit_bool_t *found);
+
+polkit_bool_t polkit_hash_foreach (PolKitHash *hash, PolKitHashForeachFunc cb, void *user_data);
+
+
+polkit_uint32_t polkit_hash_direct_hash_func (const void *key);
+polkit_bool_t polkit_hash_direct_equal_func (const void *v1, const void *v2);
+
+polkit_uint32_t polkit_hash_str_hash_func (const void *key);
+polkit_bool_t polkit_hash_str_equal_func (const void *v1, const void *v2);
+void *polkit_hash_str_copy (const void *p);
+
+POLKIT_END_DECLS
+
+#endif /* POLKIT_HASH_H */
+
+
diff --git a/src/polkit/polkit-list.c b/src/polkit/polkit-list.c
new file mode 100644
index 0000000..72f6642
--- /dev/null
+++ b/src/polkit/polkit-list.c
@@ -0,0 +1,330 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-list.c : Doubly-linked lists
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <glib.h>
+#include <polkit/polkit-list.h>
+#include <polkit/polkit-memory.h>
+#include <polkit/polkit-test.h>
+
+/**
+ * SECTION:polkit-list
+ * @title: Doubly-linked lists
+ * @short_description: Doubly-linked lists
+ *
+ * This class provides support for doubly-linked lists.
+ *
+ * Since: 0.7
+ **/
+
+/**
+ * polkit_list_append:
+ * @list: existing list or #NULL to create a new list
+ * @data: data to append to the list
+ *
+ * Append an entry to a list.
+ *
+ * Returns: the head of the new list or #NULL on OOM
+ *
+ * Since: 0.7
+ */
+PolKitList *
+polkit_list_append (PolKitList *list, void *data)
+{
+ PolKitList *l;
+ PolKitList *j;
+
+ for (j = list; j != NULL && j->next != NULL; j = j->next)
+ ;
+
+ l = p_new0 (PolKitList, 1);
+ if (l == NULL)
+ goto oom;
+
+ l->data = data;
+ l->prev = j;
+
+ if (j != NULL) {
+ j->next = l;
+ } else {
+ list = l;
+ }
+
+ return list;
+oom:
+ return NULL;
+}
+
+/**
+ * polkit_list_prepend:
+ * @list: existing list or #NULL to create a new list
+ * @data: data to prepend to the list
+ *
+ * Prepend an entry to a list.
+ *
+ * Returns: the head of the new list or #NULL on OOM
+ *
+ * Since: 0.7
+ */
+PolKitList *
+polkit_list_prepend (PolKitList *list, void *data)
+{
+ PolKitList *l;
+
+ l = p_new0 (PolKitList, 1);
+ if (l == NULL)
+ goto oom;
+
+ l->next = list;
+ l->data = data;
+ if (list != NULL) {
+ list->prev = l;
+ }
+
+oom:
+ return l;
+}
+
+/**
+ * polkit_list_delete_link:
+ * @list: existing list, cannot be #NULL
+ * @link: link to delete, cannot be #NULL
+ *
+ * Delete a link from a list.
+ *
+ * Returns: the new head of the list or #NULL if the list is empty after deletion.
+ *
+ * Since: 0.7
+ */
+PolKitList *
+polkit_list_delete_link (PolKitList *list, PolKitList *link)
+{
+ PolKitList *ret;
+
+ g_return_val_if_fail (list != NULL, NULL);
+ g_return_val_if_fail (link != NULL, NULL);
+
+ if (list == link)
+ ret = link->next;
+ else
+ ret = list;
+
+ if (link->prev != NULL) {
+ link->prev->next = link->next;
+ }
+
+ if (link->next != NULL) {
+ link->next->prev = link->prev;
+ }
+
+ p_free (link);
+
+ return ret;
+}
+
+/**
+ * polkit_list_free:
+ * @list: the list
+ *
+ * Frees all links in a list
+ *
+ * Since: 0.7
+ */
+void
+polkit_list_free (PolKitList *list)
+{
+ PolKitList *l;
+ PolKitList *j;
+
+ for (l = list; l != NULL; l = j) {
+ j = l->next;
+ p_free (l);
+ }
+}
+
+/**
+ * polkit_list_length:
+ * @list: the list
+ *
+ * Compute the length of a list.
+ *
+ * Returns: Number of entries in list
+ *
+ * Since: 0.7
+ */
+size_t
+polkit_list_length (PolKitList *list)
+{
+ ssize_t n;
+ PolKitList *l;
+
+ n = 0;
+ for (l = list; l != NULL; l = l->next)
+ n++;
+
+ return n;
+}
+
+/**
+ * polkit_list_foreach:
+ * @list: the list
+ * @func: callback function
+ * @user_data: user data to pass to callback
+ *
+ * Iterate over all entries in a list.
+ *
+ * Returns: #TRUE only if the callback short-circuited the iteration
+ *
+ * Since: 0.7
+ */
+polkit_bool_t
+polkit_list_foreach (PolKitList *list, PolKitListForeachFunc func, void *user_data)
+{
+ PolKitList *l;
+
+ g_return_val_if_fail (list != NULL, FALSE);
+ g_return_val_if_fail (func != NULL, FALSE);
+
+ for (l = list; l != NULL; l = l->next) {
+ if (func (list, l->data, user_data))
+ return TRUE;
+ }
+
+ return FALSE;
+}
+
+
+#ifdef POLKIT_BUILD_TESTS
+
+typedef struct {
+ int num;
+ int result;
+} _Closure;
+
+static polkit_bool_t
+_sum (PolKitList *list, void *data, void *user_data)
+{
+ _Closure *c = (_Closure*) user_data;
+
+ c->result += ((int) data) * (c->num + 1);
+ c->num += 1;
+
+ return FALSE;
+}
+
+static polkit_bool_t
+_sum2 (PolKitList *list, void *data, void *user_data)
+{
+ _Closure *c = (_Closure*) user_data;
+
+ if (c->num == 2)
+ return TRUE;
+
+ c->result += ((int) data) * (c->num + 1);
+ c->num += 1;
+
+ return FALSE;
+}
+
+static polkit_bool_t
+_run_test (void)
+{
+ _Closure c;
+ int items[] = {1, 2, 3, 4, 5};
+ unsigned int num_items = sizeof (items) / sizeof (int);
+ unsigned int n;
+ PolKitList *l;
+ PolKitList *j;
+
+ l = NULL;
+ for (n = 0; n < num_items; n++) {
+ j = l;
+ l = polkit_list_prepend (l, (void *) items[n]);
+ if (l == NULL)
+ goto oom;
+ }
+
+ g_assert (polkit_list_length (l) == num_items);
+ c.num = 0;
+ c.result = 0;
+ polkit_list_foreach (l, _sum, &c);
+ g_assert (c.result == 1*5 + 2*4 + 3*3 + 4*2 + 5*1);
+
+ c.num = 0;
+ c.result = 0;
+ polkit_list_foreach (l, _sum2, &c);
+ g_assert (c.result == 1*5 + 2*4);
+
+ l = polkit_list_delete_link (l, l);
+ g_assert (polkit_list_length (l) == num_items - 1);
+ c.num = 0;
+ c.result = 0;
+ polkit_list_foreach (l, _sum, &c);
+ g_assert (c.result == 1*4 + 2*3 + 3*2 + 4*1);
+
+ l = polkit_list_delete_link (l, l->next);
+ g_assert (polkit_list_length (l) == num_items - 2);
+ c.num = 0;
+ c.result = 0;
+ polkit_list_foreach (l, _sum, &c);
+ g_assert (c.result == 1*4 + 2*2 + 3*1);
+
+ polkit_list_free (l);
+
+ l = NULL;
+ for (n = 0; n < num_items; n++) {
+ j = l;
+ l = polkit_list_append (l, (void *) items[n]);
+ if (l == NULL)
+ goto oom;
+ }
+
+ c.num = 0;
+ c.result = 0;
+ polkit_list_foreach (l, _sum, &c);
+ g_assert (c.result == 1*1 + 2*2 + 3*3 + 4*4 + 5*5);
+
+ polkit_list_free (l);
+
+ return TRUE;
+oom:
+ polkit_list_free (j);
+ return TRUE;
+}
+
+PolKitTest _test_list = {
+ "polkit_list",
+ NULL,
+ NULL,
+ _run_test
+};
+
+#endif /* POLKIT_BUILD_TESTS */
diff --git a/src/polkit/polkit-list.h b/src/polkit/polkit-list.h
new file mode 100644
index 0000000..e8de811
--- /dev/null
+++ b/src/polkit/polkit-list.h
@@ -0,0 +1,85 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-list.h : Doubly-linked list
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_LIST_H
+#define POLKIT_LIST_H
+
+#include <polkit/polkit-types.h>
+
+POLKIT_BEGIN_DECLS
+
+struct _PolKitList;
+typedef struct _PolKitList PolKitList;
+
+/**
+ * PolKitList:
+ * @data: the value passed in polkit_list_append() and polkit_list_prepend()
+ * @next: the next element in the list or #NULL if this is the last element
+ * @prev: the previous element in the list or #NULL if this is the last element
+ *
+ * Public members of the #PolKitList data structure
+ *
+ * Since: 0.7
+ */
+struct _PolKitList {
+ void *data;
+ PolKitList *next;
+ PolKitList *prev;
+};
+
+/**
+ * PolKitListForeachFunc:
+ * @list: the list
+ * @data: data of link entry
+ * @user_data: user data passed to polkit_list_foreach()
+ *
+ * Type signature for callback function used in polkit_list_foreach().
+ *
+ * Returns: Return #TRUE to short-circuit, e.g. stop the iteration.
+ *
+ * Since: 0.7
+ */
+typedef polkit_bool_t (*PolKitListForeachFunc) (PolKitList *list,
+ void *data,
+ void *user_data);
+
+PolKitList *polkit_list_append (PolKitList *list, void *data);
+PolKitList *polkit_list_prepend (PolKitList *list, void *data);
+void polkit_list_free (PolKitList *list);
+PolKitList *polkit_list_delete_link (PolKitList *list, PolKitList *link);
+
+size_t polkit_list_length (PolKitList *list);
+polkit_bool_t polkit_list_foreach (PolKitList *list, PolKitListForeachFunc func, void *user_data);
+
+
+POLKIT_END_DECLS
+
+#endif /* POLKIT_LIST_H */
+
+
diff --git a/src/polkit/polkit-memory.c b/src/polkit/polkit-memory.c
new file mode 100644
index 0000000..10c208d
--- /dev/null
+++ b/src/polkit/polkit-memory.c
@@ -0,0 +1,373 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-memory.c : Memory management
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <glib.h>
+
+#include <polkit/polkit-memory.h>
+#include <polkit/polkit-private.h>
+
+/**
+ * SECTION:polkit-memory
+ * @title: Memory management
+ * @short_description: Memory management
+ *
+ * Functions used for memory management.
+ *
+ * Since: 0.7
+ **/
+
+
+#ifdef POLKIT_BUILD_TESTS
+
+static int _cur_allocs = 0;
+static int _total_allocs = 0;
+static int _fail_nth = -1;
+
+void
+_polkit_memory_reset (void)
+{
+ _cur_allocs = 0;
+ _total_allocs = 0;
+ _fail_nth = -1;
+}
+
+int
+_polkit_memory_get_current_allocations (void)
+{
+ return _cur_allocs;
+}
+
+int
+_polkit_memory_get_total_allocations (void)
+{
+ return _total_allocs;
+}
+
+void
+_polkit_memory_fail_nth_alloc (int number)
+{
+ _fail_nth = number;
+}
+
+/**
+ * p_malloc:
+ * @bytes: number of 8-bit bytes to allocate
+ *
+ * Allocate memory
+ *
+ * Returns: memory location or #NULL on OOM. Free with p_free().
+ *
+ * Since: 0.7
+ */
+void *
+p_malloc (size_t bytes)
+{
+ void *p;
+
+ if (_fail_nth != -1 && _total_allocs == _fail_nth) {
+ return NULL;
+ }
+
+ p = malloc (bytes);
+
+ if (p != NULL) {
+ _cur_allocs++;
+ _total_allocs++;
+ }
+
+ return p;
+}
+
+/**
+ * p_malloc0:
+ * @bytes: number of 8-bit bytes to allocate
+ *
+ * Allocate memory and zero it.
+ *
+ * Returns: memory location or #NULL on OOM. Free with p_free().
+ *
+ * Since: 0.7
+ */
+void *
+p_malloc0 (size_t bytes)
+{
+ void *p;
+
+ if (_fail_nth != -1 && _total_allocs == _fail_nth) {
+ return NULL;
+ }
+
+ p = calloc (1, bytes);
+
+ if (p != NULL) {
+ _cur_allocs++;
+ _total_allocs++;
+ }
+
+ return p;
+}
+
+/**
+ * p_realloc:
+ * @memory: memory previously allocated
+ * @bytes: new size
+ *
+ * Reallocate memory; like realloc(3).
+ *
+ * Returns: memory location or #NULL on OOM. Free with p_free().
+ *
+ * Since: 0.7
+ */
+void *
+p_realloc (void *memory, size_t bytes)
+{
+ void *p;
+
+ g_debug ("realloc %p %d", memory, bytes);
+
+ if (memory == NULL)
+ return p_malloc (bytes);
+
+ if (bytes == 0) {
+ p_free (memory);
+ return memory;
+ }
+
+ if (_fail_nth != -1 && _total_allocs == _fail_nth) {
+ return NULL;
+ }
+
+ p = realloc (memory, bytes);
+
+ return p;
+}
+
+/**
+ * p_free:
+ * @memory: pointer to memory allocated with p_malloc() + friends
+ *
+ * Free memory allocated by p_malloc() + friends.
+ *
+ * Since: 0.7
+ */
+void
+p_free (void *memory)
+{
+ free (memory);
+ if (memory != NULL) {
+ _cur_allocs--;
+ }
+}
+
+/**
+ * p_strdup:
+ * @s: string
+ *
+ * Duplicate a string. Similar to strdup(3).
+ *
+ * Returns: Allocated memory or #NULL on OOM. Free with p_free().
+ *
+ * Since: 0.7
+ */
+char *
+p_strdup (const char *s)
+{
+ char *p;
+ size_t len;
+
+ len = strlen (s);
+
+ p = p_malloc (len + 1);
+ if (p == NULL)
+ goto out;
+
+ memcpy (p, s, len);
+ p[len] = '\0';
+
+out:
+ return p;
+}
+
+/**
+ * p_strndup:
+ * @s: string
+ * @n: size
+ *
+ * Duplicate a string but copy at most @n characters. If @s is longer
+ * than @n, only @n characters are copied, and a terminating null byte
+ * is added. Similar to strndup(3).
+ *
+ * Returns: Allocated memory or #NULL on OOM. Free with p_free().
+ *
+ * Since: 0.7
+ */
+char *
+p_strndup (const char *s, size_t n)
+{
+ char *p;
+ size_t len;
+
+ for (len = 0; len < n; len++) {
+ if (s[len] == '\0')
+ break;
+ if (len == n)
+ break;
+ }
+
+
+ p = p_malloc (len + 1);
+ if (p == NULL)
+ goto out;
+
+ memcpy (p, s, len);
+ p[len] = '\0';
+out:
+ return p;
+}
+
+/*--------------------------------------------------------------------------------------------------------------*/
+#else
+/*--------------------------------------------------------------------------------------------------------------*/
+
+void *
+p_malloc (size_t bytes)
+{
+ return malloc (bytes);
+}
+
+void *
+p_malloc0 (size_t bytes)
+{
+ return calloc (1, bytes);
+}
+
+void *
+p_realloc (void *memory, size_t bytes)
+{
+ return realloc (memory, bytes);
+}
+
+void
+p_free (void *memory)
+{
+ free (memory);
+}
+
+void
+_polkit_memory_reset (void)
+{
+}
+
+int
+_polkit_memory_get_current_allocations (void)
+{
+ return -1;
+}
+
+int
+_polkit_memory_get_total_allocations (void)
+{
+ return -1;
+}
+
+void
+_polkit_memory_fail_nth_alloc (int number)
+{
+}
+
+char *
+p_strdup (const char *s)
+{
+ return strdup (s);
+}
+
+char *
+p_strndup (const char *s, size_t n)
+{
+ return strndup (s, n);
+}
+
+#endif /* POLKIT_BUILD_TESTS */
+
+/**
+ * p_strdup_printf:
+ * @format: sprintf(3) format string
+ * @...: the parameters to insert into the format string.
+ *
+ * Similar to the standard C sprintf(3) function but safer, since it
+ * calculates the maximum space required and allocates memory to hold
+ * the result. The returned string should be freed when no longer
+ * needed.
+ *
+ * Returns: A newly allocated string or #NULL on OOM. Free with p_free().
+ *
+ * Since: 0.7
+ */
+char*
+p_strdup_printf (const char *format, ...)
+{
+ char *s;
+ va_list args;
+
+ va_start (args, format);
+ s = p_strdup_vprintf (format, args);
+ va_end (args);
+
+ return s;
+}
+
+/**
+ * p_strdup_vprintf:
+ * @format: printf(3) format string
+ * @args: list of parameters to insert
+ *
+ * Similar to the standard C vsprintf(3) function but safer, since it
+ * calculates the maximum space required and allocates memory to hold
+ * the result. The returned string should be freed when no longer
+ * needed.
+ *
+ * Returns: A newly allocated string or #NULL on OOM. Free with p_free().
+ *
+ * Since: 0.7
+ */
+char*
+p_strdup_vprintf (const char *format, va_list args)
+{
+ char *s;
+ char *gs;
+ /* TODO: reimplement */
+ gs = g_strdup_vprintf (format, args);
+ s = p_strdup (gs);
+ g_free (gs);
+
+ return s;
+}
diff --git a/src/polkit/polkit-memory.h b/src/polkit/polkit-memory.h
new file mode 100644
index 0000000..78d3d83
--- /dev/null
+++ b/src/polkit/polkit-memory.h
@@ -0,0 +1,75 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-memory.h : Memory management
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_MEMORY_H
+#define POLKIT_MEMORY_H
+
+#include <stdarg.h>
+#include <polkit/polkit-types.h>
+
+POLKIT_BEGIN_DECLS
+
+void *p_malloc (size_t bytes);
+void *p_malloc0 (size_t bytes);
+void *p_realloc (void *memory, size_t bytes);
+void p_free (void *memory);
+
+/**
+ * p_new:
+ * @type: the type of object to allocate
+ * @count: number of objects to allocate
+ *
+ * Allocate memory for @count structures of type @type.
+ *
+ * Returns: Allocated memory, cast to a pointer of #type or #NULL on OOM.
+ */
+#define p_new(type, count) ((type*)p_malloc (sizeof (type) * (count)));
+
+/**
+ * p_new0:
+ * @type: the type of object to allocate
+ * @count: number of objects to allocate
+ *
+ * Allocate zeroed memory for @count structures of type @type.
+ *
+ * Returns: Allocated memory, cast to a pointer of #type or #NULL on OOM.
+ */
+#define p_new0(type, count) ((type*)p_malloc0 (sizeof (type) * (count)));
+
+char *p_strdup (const char *s);
+char *p_strndup (const char *s, size_t n);
+char* p_strdup_printf (const char *format, ...);
+char* p_strdup_vprintf (const char *format, va_list args);
+
+
+POLKIT_END_DECLS
+
+#endif /* POLKIT_MEMORY_H */
+
+
diff --git a/src/polkit/polkit-policy-cache.c b/src/polkit/polkit-policy-cache.c
new file mode 100644
index 0000000..e9be5ea
--- /dev/null
+++ b/src/polkit/polkit-policy-cache.c
@@ -0,0 +1,355 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-policy-cache.c : policy cache
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+#include <syslog.h>
+
+#include <glib.h>
+#include "polkit-debug.h"
+#include "polkit-policy-file.h"
+#include "polkit-policy-cache.h"
+#include "polkit-private.h"
+
+/**
+ * SECTION:polkit-policy-cache
+ * @title: Policy Cache
+ * @short_description: Holds the actions defined on the system.
+ *
+ * This class is used to hold all policy objects (stemming from policy
+ * files) and provide look-up functions.
+ **/
+
+/**
+ * PolKitPolicyCache:
+ *
+ * Instances of this class are used to hold all policy objects
+ * (stemming from policy files) and provide look-up functions.
+ **/
+struct _PolKitPolicyCache
+{
+ int refcount;
+
+ GSList *priv_entries;
+};
+
+
+static void
+_append_entry (PolKitPolicyFile *policy_file,
+ PolKitPolicyFileEntry *policy_file_entry,
+ void *user_data)
+{
+ PolKitPolicyCache *policy_cache = user_data;
+
+ polkit_policy_file_entry_ref (policy_file_entry);
+ policy_cache->priv_entries = g_slist_append (policy_cache->priv_entries, policy_file_entry);
+}
+
+PolKitPolicyCache *
+_polkit_policy_cache_new (const char *dirname, polkit_bool_t load_descriptions, PolKitError **error)
+{
+ const char *file;
+ GDir *dir;
+ PolKitPolicyCache *pc;
+ GError *g_error;
+
+ pc = g_new0 (PolKitPolicyCache, 1);
+ pc->refcount = 1;
+
+ g_error = NULL;
+ dir = g_dir_open (dirname, 0, &g_error);
+ if (dir == NULL) {
+ polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID,
+ "Cannot load policy files from directory %s: %s",
+ dirname,
+ g_error->message);
+ g_error_free (g_error);
+ goto out;
+ }
+ while ((file = g_dir_read_name (dir)) != NULL) {
+ char *path;
+ PolKitPolicyFile *pf;
+ PolKitError *pk_error;
+
+ if (!g_str_has_suffix (file, ".policy"))
+ continue;
+
+ if (g_str_has_prefix (file, "."))
+ continue;
+
+ path = g_strdup_printf ("%s/%s", dirname, file);
+
+ _pk_debug ("Loading %s", path);
+ pk_error = NULL;
+ pf = polkit_policy_file_new (path, load_descriptions, &pk_error);
+ g_free (path);
+
+ if (pf == NULL) {
+ _pk_debug ("libpolkit: ignoring malformed policy file: %s",
+ polkit_error_get_error_message (pk_error));
+ syslog (LOG_ALERT, "libpolkit: ignoring malformed policy file: %s",
+ polkit_error_get_error_message (pk_error));
+ polkit_error_free (pk_error);
+ continue;
+ }
+
+ /* steal entries */
+ polkit_policy_file_entry_foreach (pf, _append_entry, pc);
+ polkit_policy_file_unref (pf);
+ }
+ g_dir_close (dir);
+
+ return pc;
+out:
+ if (pc != NULL)
+ polkit_policy_cache_ref (pc);
+ return NULL;
+}
+
+/**
+ * polkit_policy_cache_ref:
+ * @policy_cache: the policy cache object
+ *
+ * Increase reference count.
+ *
+ * Returns: the object
+ **/
+PolKitPolicyCache *
+polkit_policy_cache_ref (PolKitPolicyCache *policy_cache)
+{
+ g_return_val_if_fail (policy_cache != NULL, policy_cache);
+ policy_cache->refcount++;
+ return policy_cache;
+}
+
+/**
+ * polkit_policy_cache_unref:
+ * @policy_cache: the policy cache object
+ *
+ * Decreases the reference count of the object. If it becomes zero,
+ * the object is freed. Before freeing, reference counts on embedded
+ * objects are decresed by one.
+ **/
+void
+polkit_policy_cache_unref (PolKitPolicyCache *policy_cache)
+{
+ GSList *i;
+
+ g_return_if_fail (policy_cache != NULL);
+ policy_cache->refcount--;
+ if (policy_cache->refcount > 0)
+ return;
+
+ for (i = policy_cache->priv_entries; i != NULL; i = g_slist_next (i)) {
+ PolKitPolicyFileEntry *pfe = i->data;
+ polkit_policy_file_entry_unref (pfe);
+ }
+ if (policy_cache->priv_entries != NULL)
+ g_slist_free (policy_cache->priv_entries);
+
+ g_free (policy_cache);
+}
+
+/**
+ * polkit_policy_cache_debug:
+ * @policy_cache: the cache
+ *
+ * Print debug information about object
+ **/
+void
+polkit_policy_cache_debug (PolKitPolicyCache *policy_cache)
+{
+ GSList *i;
+ g_return_if_fail (policy_cache != NULL);
+
+ _pk_debug ("PolKitPolicyCache: refcount=%d num_entries=%d ...",
+ policy_cache->refcount,
+ policy_cache->priv_entries == NULL ? 0 : g_slist_length (policy_cache->priv_entries));
+
+ for (i = policy_cache->priv_entries; i != NULL; i = g_slist_next (i)) {
+ PolKitPolicyFileEntry *pfe = i->data;
+ polkit_policy_file_entry_debug (pfe);
+ }
+}
+
+/**
+ * polkit_policy_cache_get_entry_by_id:
+ * @policy_cache: the cache
+ * @action_id: the action identifier
+ *
+ * Given a action identifier, find the object describing the
+ * definition of the policy; e.g. data stemming from files in
+ * /usr/share/PolicyKit/policy.
+ *
+ * Returns: A #PolKitPolicyFileEntry entry on sucess; otherwise
+ * #NULL if the action wasn't identified. Caller shall not unref
+ * this object.
+ **/
+PolKitPolicyFileEntry*
+polkit_policy_cache_get_entry_by_id (PolKitPolicyCache *policy_cache, const char *action_id)
+{
+ GSList *i;
+ PolKitPolicyFileEntry *pfe;
+
+ g_return_val_if_fail (policy_cache != NULL, NULL);
+ g_return_val_if_fail (action_id != NULL, NULL);
+
+ pfe = NULL;
+
+ for (i = policy_cache->priv_entries; i != NULL; i = g_slist_next (i)) {
+ pfe = i->data;
+ if (strcmp (polkit_policy_file_entry_get_id (pfe), action_id) == 0) {
+ goto out;
+ }
+ }
+
+ if (pfe == NULL) {
+ /* the authdb backend may want to synthesize pfe's */
+ pfe = _polkit_authorization_db_pfe_get_by_id (policy_cache, action_id);
+ }
+
+out:
+ return pfe;
+}
+
+/**
+ * polkit_policy_cache_get_entry:
+ * @policy_cache: the cache
+ * @action: the action
+ *
+ * Given a action, find the object describing the definition of the
+ * policy; e.g. data stemming from files in
+ * /usr/share/PolicyKit/policy.
+ *
+ * Returns: A #PolKitPolicyFileEntry entry on sucess; otherwise
+ * #NULL if the action wasn't identified. Caller shall not unref
+ * this object.
+ **/
+PolKitPolicyFileEntry*
+polkit_policy_cache_get_entry (PolKitPolicyCache *policy_cache,
+ PolKitAction *action)
+{
+ char *action_id;
+ PolKitPolicyFileEntry *pfe;
+
+ /* I'm sure it would be easy to make this O(1)... */
+
+ g_return_val_if_fail (policy_cache != NULL, NULL);
+ g_return_val_if_fail (action != NULL, NULL);
+
+ pfe = NULL;
+
+ if (!polkit_action_get_action_id (action, &action_id))
+ goto out;
+
+ pfe = polkit_policy_cache_get_entry_by_id (policy_cache, action_id);
+
+out:
+ return pfe;
+}
+
+/**
+ * polkit_policy_cache_foreach:
+ * @policy_cache: the policy cache
+ * @callback: callback function
+ * @user_data: user data to pass to callback function
+ *
+ * Visit all entries in the policy cache.
+ **/
+void
+polkit_policy_cache_foreach (PolKitPolicyCache *policy_cache,
+ PolKitPolicyCacheForeachFunc callback,
+ void *user_data)
+{
+ GSList *i;
+ PolKitPolicyFileEntry *pfe;
+
+ g_return_if_fail (policy_cache != NULL);
+ g_return_if_fail (callback != NULL);
+
+ for (i = policy_cache->priv_entries; i != NULL; i = g_slist_next (i)) {
+ pfe = i->data;
+ callback (policy_cache, pfe, user_data);
+ }
+
+ /* the authdb backend may also want to return synthesized pfe's */
+ _polkit_authorization_db_pfe_foreach (policy_cache,
+ callback,
+ user_data);
+}
+
+/**
+ * polkit_policy_cache_get_entry_by_annotation:
+ * @policy_cache: the policy cache
+ * @annotation_key: the key to check for
+ * @annotation_value: the value to check for
+ *
+ * Find the first policy file entry where a given annotation matches a
+ * given value. Note that there is nothing preventing the existence of
+ * multiple policy file entries matching this criteria; it would
+ * however be a packaging bug if this situation occured.
+ *
+ * Returns: The first #PolKitPolicyFileEntry matching the search
+ * criteria. The caller shall not unref this object. Returns #NULL if
+ * there are no policy file entries matching the search criteria.
+ *
+ * Since: 0.7
+ */
+PolKitPolicyFileEntry*
+polkit_policy_cache_get_entry_by_annotation (PolKitPolicyCache *policy_cache,
+ const char *annotation_key,
+ const char *annotation_value)
+{
+ GSList *i;
+
+ g_return_val_if_fail (policy_cache != NULL, NULL);
+ g_return_val_if_fail (annotation_key != NULL, NULL);
+ g_return_val_if_fail (annotation_value != NULL, NULL);
+
+ for (i = policy_cache->priv_entries; i != NULL; i = g_slist_next (i)) {
+ const char *value;
+ PolKitPolicyFileEntry *pfe = i->data;
+
+ value = polkit_policy_file_entry_get_annotation (pfe, annotation_key);
+ if (value == NULL)
+ continue;
+
+ if (strcmp (annotation_value, value) == 0) {
+ return pfe;
+ }
+ }
+
+ return NULL;
+}
diff --git a/src/polkit/polkit-policy-cache.h b/src/polkit/polkit-policy-cache.h
new file mode 100644
index 0000000..e7e5662
--- /dev/null
+++ b/src/polkit/polkit-policy-cache.h
@@ -0,0 +1,75 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-policy-cache.h : policy cache
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_POLICY_CACHE_H
+#define POLKIT_POLICY_CACHE_H
+
+#include <polkit/polkit-types.h>
+#include <polkit/polkit-error.h>
+#include <polkit/polkit-action.h>
+#include <polkit/polkit-policy-file-entry.h>
+
+POLKIT_BEGIN_DECLS
+
+struct _PolKitPolicyCache;
+typedef struct _PolKitPolicyCache PolKitPolicyCache;
+
+/**
+ * PolKitPolicyCacheForeachFunc:
+ * @policy_cache: the policy cache
+ * @entry: an entry in the cache - do not unref
+ * @user_data: user data passed to polkit_policy_cache_foreach()
+ *
+ * Callback function for polkit_policy_cache_foreach().
+ **/
+typedef void (*PolKitPolicyCacheForeachFunc) (PolKitPolicyCache *policy_cache,
+ PolKitPolicyFileEntry *entry,
+ void *user_data);
+
+PolKitPolicyCache *polkit_policy_cache_ref (PolKitPolicyCache *policy_cache);
+void polkit_policy_cache_unref (PolKitPolicyCache *policy_cache);
+void polkit_policy_cache_debug (PolKitPolicyCache *policy_cache);
+PolKitPolicyFileEntry* polkit_policy_cache_get_entry (PolKitPolicyCache *policy_cache,
+ PolKitAction *action);
+PolKitPolicyFileEntry* polkit_policy_cache_get_entry_by_id (PolKitPolicyCache *policy_cache,
+ const char *action_id);
+
+PolKitPolicyFileEntry* polkit_policy_cache_get_entry_by_annotation (PolKitPolicyCache *policy_cache,
+ const char *annotation_key,
+ const char *annotation_value);
+
+void polkit_policy_cache_foreach (PolKitPolicyCache *policy_cache,
+ PolKitPolicyCacheForeachFunc callback,
+ void *user_data);
+
+POLKIT_END_DECLS
+
+#endif /* POLKIT_POLICY_CACHE_H */
+
+
diff --git a/src/polkit/polkit-policy-default.c b/src/polkit/polkit-policy-default.c
new file mode 100644
index 0000000..ed689e5
--- /dev/null
+++ b/src/polkit/polkit-policy-default.c
@@ -0,0 +1,442 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-policy-default.c : policy definition for the defaults
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <glib.h>
+#include "polkit-debug.h"
+#include "polkit-error.h"
+#include "polkit-policy-default.h"
+#include "polkit-private.h"
+#include "polkit-test.h"
+#include "polkit-memory.h"
+
+/**
+ * SECTION:polkit-policy-default
+ * @title: Defaults
+ * @short_description: Models the default policy for an action.
+ *
+ * This class records the default policy of an action.
+ **/
+
+/**
+ * PolKitPolicyDefault:
+ *
+ * Objects of this class are used to record information about a
+ * default policy for an action.
+ **/
+struct _PolKitPolicyDefault
+{
+ int refcount;
+ PolKitResult default_any;
+ PolKitResult default_inactive;
+ PolKitResult default_active;
+};
+
+PolKitPolicyDefault *
+_polkit_policy_default_new (PolKitResult defaults_allow_any,
+ PolKitResult defaults_allow_inactive,
+ PolKitResult defaults_allow_active)
+{
+ PolKitPolicyDefault *pd;
+
+ pd = p_new0 (PolKitPolicyDefault, 1);
+ if (pd == NULL)
+ goto out;
+ pd->refcount = 1;
+ pd->default_any = defaults_allow_any;
+ pd->default_inactive = defaults_allow_inactive;
+ pd->default_active = defaults_allow_active;
+out:
+ return pd;
+}
+
+/**
+ * polkit_policy_default_ref:
+ * @policy_default: the policy object
+ *
+ * Increase reference count.
+ *
+ * Returns: the object
+ **/
+PolKitPolicyDefault *
+polkit_policy_default_ref (PolKitPolicyDefault *policy_default)
+{
+ g_return_val_if_fail (policy_default != NULL, policy_default);
+ policy_default->refcount++;
+ return policy_default;
+}
+
+/**
+ * polkit_policy_default_unref:
+ * @policy_default: the object
+ *
+ * Decreases the reference count of the object. If it becomes zero,
+ * the object is freed. Before freeing, reference counts on embedded
+ * objects are decresed by one.
+ **/
+void
+polkit_policy_default_unref (PolKitPolicyDefault *policy_default)
+{
+ g_return_if_fail (policy_default != NULL);
+ policy_default->refcount--;
+ if (policy_default->refcount > 0)
+ return;
+ p_free (policy_default);
+}
+
+/**
+ * polkit_policy_default_debug:
+ * @policy_default: the object
+ *
+ * Print debug details
+ **/
+void
+polkit_policy_default_debug (PolKitPolicyDefault *policy_default)
+{
+ g_return_if_fail (policy_default != NULL);
+ _pk_debug ("PolKitPolicyDefault: refcount=%d\n"
+ " default_any=%s\n"
+ " default_inactive=%s\n"
+ " default_active=%s",
+ policy_default->refcount,
+ polkit_result_to_string_representation (policy_default->default_any),
+ polkit_result_to_string_representation (policy_default->default_inactive),
+ polkit_result_to_string_representation (policy_default->default_active));
+}
+
+
+/**
+ * polkit_policy_default_can_session_do_action:
+ * @policy_default: the object
+ * @action: the type of access to check for
+ * @session: the session in question
+ *
+ * Using the default policy for an action, determine if a given
+ * session can do a given action.
+ *
+ * Returns: A #PolKitResult - can only be one of
+ * #POLKIT_RESULT_YES, #POLKIT_RESULT_NO.
+ **/
+PolKitResult
+polkit_policy_default_can_session_do_action (PolKitPolicyDefault *policy_default,
+ PolKitAction *action,
+ PolKitSession *session)
+{
+ polkit_bool_t is_local;
+ polkit_bool_t is_active;
+ PolKitResult ret;
+
+ ret = POLKIT_RESULT_NO;
+
+ g_return_val_if_fail (policy_default != NULL, ret);
+ g_return_val_if_fail (action != NULL, ret);
+ g_return_val_if_fail (session != NULL, ret);
+
+ ret = policy_default->default_any;
+
+ polkit_session_get_ck_is_local (session, &is_local);
+ polkit_session_get_ck_is_active (session, &is_active);
+
+ if (!is_local)
+ goto out;
+
+ if (is_active) {
+ ret = policy_default->default_active;
+ } else {
+ ret = policy_default->default_inactive;
+ }
+out:
+ return ret;
+}
+
+/**
+ * polkit_policy_default_can_caller_do_action:
+ * @policy_default: the object
+ * @action: the type of access to check for
+ * @caller: the caller in question
+ *
+ * Using the default policy for an action, determine if a given
+ * caller can do a given action.
+ *
+ * Returns: A #PolKitResult specifying if, and how, the caller can
+ * do the given action.
+ **/
+PolKitResult
+polkit_policy_default_can_caller_do_action (PolKitPolicyDefault *policy_default,
+ PolKitAction *action,
+ PolKitCaller *caller)
+{
+ polkit_bool_t is_local;
+ polkit_bool_t is_active;
+ PolKitSession *session;
+ PolKitResult ret;
+
+ ret = POLKIT_RESULT_NO;
+
+ g_return_val_if_fail (policy_default != NULL, ret);
+ g_return_val_if_fail (action != NULL, ret);
+ g_return_val_if_fail (caller != NULL, ret);
+
+ ret = policy_default->default_any;
+
+ polkit_caller_get_ck_session (caller, &session);
+ if (session == NULL)
+ goto out;
+
+ polkit_session_get_ck_is_local (session, &is_local);
+ polkit_session_get_ck_is_active (session, &is_active);
+
+ if (!is_local)
+ goto out;
+
+ if (is_active) {
+ ret = policy_default->default_active;
+ } else {
+ ret = policy_default->default_inactive;
+ }
+
+out:
+ return ret;
+}
+
+/**
+ * polkit_policy_default_get_allow_any:
+ * @policy_default: the object
+ *
+ * Get default policy.
+ *
+ * Returns: default policy
+ **/
+PolKitResult
+polkit_policy_default_get_allow_any (PolKitPolicyDefault *policy_default)
+{
+ g_return_val_if_fail (policy_default != NULL, POLKIT_RESULT_NO);
+ return policy_default->default_any;
+}
+
+/**
+ * polkit_policy_default_get_allow_inactive:
+ * @policy_default: the object
+ *
+ * Get default policy.
+ *
+ * Returns: default policy
+ **/
+PolKitResult
+polkit_policy_default_get_allow_inactive (PolKitPolicyDefault *policy_default)
+{
+ g_return_val_if_fail (policy_default != NULL, POLKIT_RESULT_NO);
+ return policy_default->default_inactive;
+}
+
+/**
+ * polkit_policy_default_get_allow_active:
+ * @policy_default: the object
+ *
+ * Get default policy.
+ *
+ * Returns: default policy
+ **/
+PolKitResult
+polkit_policy_default_get_allow_active (PolKitPolicyDefault *policy_default)
+{
+ g_return_val_if_fail (policy_default != NULL, POLKIT_RESULT_NO);
+ return policy_default->default_active;
+}
+
+
+#ifdef POLKIT_BUILD_TESTS
+
+static polkit_bool_t
+_ts (PolKitSession *s, PolKitResult any, PolKitResult inactive, PolKitResult active, PolKitResult *ret)
+{
+ PolKitAction *a;
+ PolKitPolicyDefault *d;
+ polkit_bool_t oom;
+
+ oom = TRUE;
+
+ if (s == NULL)
+ goto out;
+
+ if ((a = polkit_action_new ()) != NULL) {
+ if (polkit_action_set_action_id (a, "org.dummy")) {
+ if ((d = _polkit_policy_default_new (any,
+ inactive,
+ active)) != NULL) {
+ PolKitCaller *c;
+
+ *ret = polkit_policy_default_can_session_do_action (d, a, s);
+ oom = FALSE;
+
+ if ((c = polkit_caller_new ()) != NULL) {
+ g_assert (polkit_policy_default_can_caller_do_action (d, a, c) == any);
+
+ g_assert (polkit_caller_set_ck_session (c, s));
+ g_assert (polkit_policy_default_can_caller_do_action (d, a, c) == *ret);
+ polkit_caller_unref (c);
+ }
+
+ polkit_policy_default_ref (d);
+ polkit_policy_default_get_allow_any (d);
+ polkit_policy_default_get_allow_inactive (d);
+ polkit_policy_default_get_allow_active (d);
+ polkit_policy_default_unref (d);
+ polkit_policy_default_debug (d);
+ polkit_policy_default_unref (d);
+ }
+ }
+ polkit_action_unref (a);
+ }
+
+out:
+ return oom;
+}
+
+static polkit_bool_t
+_run_test (void)
+{
+ PolKitResult ret;
+ PolKitSession *s_active;
+ PolKitSession *s_inactive;
+ PolKitSession *s_active_remote;
+ PolKitSession *s_inactive_remote;
+
+ if ((s_active = polkit_session_new ()) != NULL) {
+ if (!polkit_session_set_ck_objref (s_active, "/session1")) {
+ polkit_session_unref (s_active);
+ s_active = NULL;
+ } else {
+ g_assert (polkit_session_set_ck_is_local (s_active, TRUE));
+ g_assert (polkit_session_set_ck_is_active (s_active, TRUE));
+ }
+ }
+
+ if ((s_inactive = polkit_session_new ()) != NULL) {
+ if (!polkit_session_set_ck_objref (s_inactive, "/session2")) {
+ polkit_session_unref (s_inactive);
+ s_inactive = NULL;
+ } else {
+ g_assert (polkit_session_set_ck_is_local (s_inactive, TRUE));
+ g_assert (polkit_session_set_ck_is_active (s_inactive, FALSE));
+ }
+ }
+
+ if ((s_active_remote = polkit_session_new ()) != NULL) {
+ if (!polkit_session_set_ck_objref (s_active_remote, "/session3") ||
+ !polkit_session_set_ck_remote_host (s_active_remote, "remotehost.com")) {
+ polkit_session_unref (s_active_remote);
+ s_active_remote = NULL;
+ } else {
+ g_assert (polkit_session_set_ck_is_local (s_active_remote, FALSE));
+ g_assert (polkit_session_set_ck_is_active (s_active_remote, TRUE));
+ }
+ }
+
+ if ((s_inactive_remote = polkit_session_new ()) != NULL) {
+ if (!polkit_session_set_ck_objref (s_inactive_remote, "/session4") ||
+ !polkit_session_set_ck_remote_host (s_inactive_remote, "remotehost.com")) {
+ polkit_session_unref (s_inactive_remote);
+ s_inactive_remote = NULL;
+ } else {
+ g_assert (polkit_session_set_ck_is_local (s_inactive_remote, FALSE));
+ g_assert (polkit_session_set_ck_is_active (s_inactive_remote, FALSE));
+ }
+ }
+
+ g_assert (_ts (s_active,
+ POLKIT_RESULT_NO, POLKIT_RESULT_NO, POLKIT_RESULT_YES, &ret) ||
+ ret == POLKIT_RESULT_YES);
+ g_assert (_ts (s_inactive,
+ POLKIT_RESULT_NO, POLKIT_RESULT_NO, POLKIT_RESULT_YES, &ret) ||
+ ret == POLKIT_RESULT_NO);
+ g_assert (_ts (s_active_remote,
+ POLKIT_RESULT_NO, POLKIT_RESULT_NO, POLKIT_RESULT_YES, &ret) ||
+ ret == POLKIT_RESULT_NO);
+ g_assert (_ts (s_inactive_remote,
+ POLKIT_RESULT_NO, POLKIT_RESULT_NO, POLKIT_RESULT_YES, &ret) ||
+ ret == POLKIT_RESULT_NO);
+
+ g_assert (_ts (s_active,
+ POLKIT_RESULT_NO, POLKIT_RESULT_YES, POLKIT_RESULT_YES, &ret) ||
+ ret == POLKIT_RESULT_YES);
+ g_assert (_ts (s_inactive,
+ POLKIT_RESULT_NO, POLKIT_RESULT_YES, POLKIT_RESULT_YES, &ret) ||
+ ret == POLKIT_RESULT_YES);
+ g_assert (_ts (s_active_remote,
+ POLKIT_RESULT_NO, POLKIT_RESULT_YES, POLKIT_RESULT_YES, &ret) ||
+ ret == POLKIT_RESULT_NO);
+ g_assert (_ts (s_inactive_remote,
+ POLKIT_RESULT_NO, POLKIT_RESULT_YES, POLKIT_RESULT_YES, &ret) ||
+ ret == POLKIT_RESULT_NO);
+
+ g_assert (_ts (s_active,
+ POLKIT_RESULT_YES, POLKIT_RESULT_YES, POLKIT_RESULT_YES, &ret) ||
+ ret == POLKIT_RESULT_YES);
+ g_assert (_ts (s_inactive,
+ POLKIT_RESULT_YES, POLKIT_RESULT_YES, POLKIT_RESULT_YES, &ret) ||
+ ret == POLKIT_RESULT_YES);
+ g_assert (_ts (s_active_remote,
+ POLKIT_RESULT_YES, POLKIT_RESULT_YES, POLKIT_RESULT_YES, &ret) ||
+ ret == POLKIT_RESULT_YES);
+ g_assert (_ts (s_inactive_remote,
+ POLKIT_RESULT_YES, POLKIT_RESULT_YES, POLKIT_RESULT_YES, &ret) ||
+ ret == POLKIT_RESULT_YES);
+
+ if (s_active != NULL)
+ polkit_session_unref (s_active);
+
+ if (s_inactive != NULL)
+ polkit_session_unref (s_inactive);
+
+ if (s_active_remote != NULL)
+ polkit_session_unref (s_active_remote);
+
+ if (s_inactive_remote != NULL)
+ polkit_session_unref (s_inactive_remote);
+
+ return TRUE;
+}
+
+PolKitTest _test_policy_default = {
+ "polkit_policy_default",
+ NULL,
+ NULL,
+ _run_test
+};
+
+#endif /* POLKIT_BUILD_TESTS */
diff --git a/src/polkit/polkit-policy-default.h b/src/polkit/polkit-policy-default.h
new file mode 100644
index 0000000..a9f6146
--- /dev/null
+++ b/src/polkit/polkit-policy-default.h
@@ -0,0 +1,67 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-policy-default.h : policy definition for the defaults
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_POLICY_DEFAULT_H
+#define POLKIT_POLICY_DEFAULT_H
+
+#include <polkit/polkit-types.h>
+#include <polkit/polkit-result.h>
+#include <polkit/polkit-action.h>
+#include <polkit/polkit-session.h>
+#include <polkit/polkit-caller.h>
+#include <polkit/polkit-error.h>
+
+POLKIT_BEGIN_DECLS
+
+struct _PolKitPolicyDefault;
+typedef struct _PolKitPolicyDefault PolKitPolicyDefault;
+
+PolKitPolicyDefault *polkit_policy_default_ref (PolKitPolicyDefault *policy_default);
+void polkit_policy_default_unref (PolKitPolicyDefault *policy_default);
+void polkit_policy_default_debug (PolKitPolicyDefault *policy_default);
+
+PolKitResult polkit_policy_default_can_session_do_action (PolKitPolicyDefault *policy_default,
+ PolKitAction *action,
+ PolKitSession *session);
+
+PolKitResult polkit_policy_default_can_caller_do_action (PolKitPolicyDefault *policy_default,
+ PolKitAction *action,
+ PolKitCaller *caller);
+
+PolKitResult polkit_policy_default_get_allow_any (PolKitPolicyDefault *policy_default);
+PolKitResult polkit_policy_default_get_allow_inactive (PolKitPolicyDefault *policy_default);
+PolKitResult polkit_policy_default_get_allow_active (PolKitPolicyDefault *policy_default);
+
+/* TODO: export knobs for "default policy" */
+
+POLKIT_END_DECLS
+
+#endif /* POLKIT_POLICY_DEFAULT_H */
+
+
diff --git a/src/polkit/polkit-policy-file-entry.c b/src/polkit/polkit-policy-file-entry.c
new file mode 100644
index 0000000..5517ea2
--- /dev/null
+++ b/src/polkit/polkit-policy-file-entry.c
@@ -0,0 +1,471 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-policy-file-entry.c : entries in policy files
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <glib.h>
+#include "polkit-debug.h"
+#include "polkit-error.h"
+#include "polkit-result.h"
+#include "polkit-policy-file-entry.h"
+#include "polkit-authorization-db.h"
+#include "polkit-private.h"
+#include "polkit-test.h"
+#include "polkit-memory.h"
+
+/**
+ * SECTION:polkit-policy-file-entry
+ * @title: Policy File Entry
+ * @short_description: Represents a declared action in a policy file.
+ *
+ * This class is used to represent a entries in policy files.
+ **/
+
+/**
+ * PolKitPolicyFileEntry:
+ *
+ * Objects of this class are used to record information about a
+ * policy.
+ **/
+struct _PolKitPolicyFileEntry
+{
+ int refcount;
+ char *action;
+ PolKitPolicyDefault *defaults;
+
+ char *policy_description;
+ char *policy_message;
+ PolKitHash *annotations;
+};
+
+
+/* NOTE: we take ownership of the annotations object */
+PolKitPolicyFileEntry *
+_polkit_policy_file_entry_new (const char *action_id,
+ PolKitResult defaults_allow_any,
+ PolKitResult defaults_allow_inactive,
+ PolKitResult defaults_allow_active,
+ PolKitHash *annotations)
+{
+ PolKitPolicyFileEntry *pfe;
+
+ g_return_val_if_fail (action_id != NULL, NULL);
+
+ pfe = p_new0 (PolKitPolicyFileEntry, 1);
+ if (pfe == NULL)
+ goto error;
+ pfe->refcount = 1;
+ pfe->action = p_strdup (action_id);
+ if (pfe->action == NULL)
+ goto error;
+
+ if (! (polkit_authorization_db_get_capabilities () & POLKIT_AUTHORIZATION_DB_CAPABILITY_CAN_OBTAIN)) {
+ /* if we don't support obtaining authorizations
+ * through authenticating, then make the defaults
+ * reflect this ...*/
+ defaults_allow_any = POLKIT_RESULT_NO;
+ defaults_allow_inactive = POLKIT_RESULT_NO;
+ defaults_allow_active = POLKIT_RESULT_NO;
+ }
+
+ pfe->defaults = _polkit_policy_default_new (defaults_allow_any,
+ defaults_allow_inactive,
+ defaults_allow_active);
+ if (pfe->defaults == NULL)
+ goto error;
+
+ pfe->annotations = annotations;
+
+ return pfe;
+error:
+ if (pfe != NULL)
+ polkit_policy_file_entry_unref (pfe);
+ return NULL;
+}
+
+polkit_bool_t
+_polkit_policy_file_entry_set_descriptions (PolKitPolicyFileEntry *pfe,
+ const char *policy_description,
+ const char *policy_message)
+{
+ g_return_val_if_fail (pfe != NULL, FALSE);
+
+ if (pfe->policy_description != NULL)
+ p_free (pfe->policy_description);
+ if (pfe->policy_message != NULL)
+ p_free (pfe->policy_message);
+
+ pfe->policy_description = p_strdup (policy_description);
+ pfe->policy_message = p_strdup (policy_message);
+
+ if (policy_description != NULL && pfe->policy_description == NULL)
+ return FALSE;
+
+ if (policy_message != NULL && pfe->policy_message == NULL)
+ return FALSE;
+
+ return TRUE;
+}
+
+/**
+ * polkit_policy_file_entry_get_action_description:
+ * @policy_file_entry: the object
+ *
+ * Get the description of the action that this policy entry describes. This
+ * is intended to be used in policy editors, for example "Mount internal
+ * volumes". Contrast with polkit_policy_file_entry_get_action_message(). The
+ * textual string will be returned in the current locale.
+ *
+ * Note, if polkit_context_set_load_descriptions() on the
+ * #PolKitContext object used to get this object wasn't called, this
+ * method will return #NULL.
+ *
+ * Returns: string or #NULL if descriptions are not loaded - caller shall not free this string
+ **/
+const char *
+polkit_policy_file_entry_get_action_description (PolKitPolicyFileEntry *policy_file_entry)
+{
+ g_return_val_if_fail (policy_file_entry != NULL, NULL);
+ return policy_file_entry->policy_description;
+}
+
+/**
+ * polkit_policy_file_entry_get_action_message:
+ * @policy_file_entry: the object
+ *
+ * Get the message describing the action that this policy entry
+ * describes. This is to be used in dialogs, for example "System
+ * Policy prevents mounting this volume". Contrast with
+ * polkit_policy_file_entry_get_action_description(). The textual string
+ * will be returned in the current locale.
+ *
+ * Note, if polkit_context_set_load_descriptions() on the
+ * #PolKitContext object used to get this object wasn't called, this
+ * method will return #NULL.
+ *
+ * Returns: string or #NULL if descriptions are not loaded - caller shall not free this string
+ **/
+const char *
+polkit_policy_file_entry_get_action_message (PolKitPolicyFileEntry *policy_file_entry)
+{
+ g_return_val_if_fail (policy_file_entry != NULL, NULL);
+ return policy_file_entry->policy_message;
+}
+
+/**
+ * polkit_policy_file_entry_ref:
+ * @policy_file_entry: the policy file object
+ *
+ * Increase reference count.
+ *
+ * Returns: the object
+ **/
+PolKitPolicyFileEntry *
+polkit_policy_file_entry_ref (PolKitPolicyFileEntry *policy_file_entry)
+{
+ g_return_val_if_fail (policy_file_entry != NULL, policy_file_entry);
+ policy_file_entry->refcount++;
+ return policy_file_entry;
+}
+
+/**
+ * polkit_policy_file_entry_unref:
+ * @policy_file_entry: the policy file object
+ *
+ * Decreases the reference count of the object. If it becomes zero,
+ * the object is freed. Before freeing, reference counts on embedded
+ * objects are decresed by one.
+ **/
+void
+polkit_policy_file_entry_unref (PolKitPolicyFileEntry *policy_file_entry)
+{
+ g_return_if_fail (policy_file_entry != NULL);
+ policy_file_entry->refcount--;
+ if (policy_file_entry->refcount > 0)
+ return;
+
+ p_free (policy_file_entry->action);
+
+ if (policy_file_entry->defaults != NULL)
+ polkit_policy_default_unref (policy_file_entry->defaults);
+
+ if (policy_file_entry->annotations != NULL)
+ polkit_hash_unref (policy_file_entry->annotations);
+
+ p_free (policy_file_entry->policy_description);
+ p_free (policy_file_entry->policy_message);
+
+ p_free (policy_file_entry);
+}
+
+/**
+ * polkit_policy_file_entry_debug:
+ * @policy_file_entry: the entry
+ *
+ * Print debug information about object
+ **/
+void
+polkit_policy_file_entry_debug (PolKitPolicyFileEntry *policy_file_entry)
+{
+ g_return_if_fail (policy_file_entry != NULL);
+ _pk_debug ("PolKitPolicyFileEntry: refcount=%d action=%s",
+ policy_file_entry->refcount,
+ policy_file_entry->action);
+ polkit_policy_default_debug (policy_file_entry->defaults);
+}
+
+/**
+ * polkit_policy_file_entry_get_id:
+ * @policy_file_entry: the file entry
+ *
+ * Get the action identifier.
+ *
+ * Returns: A string - caller shall not free this string.
+ **/
+const char *
+polkit_policy_file_entry_get_id (PolKitPolicyFileEntry *policy_file_entry)
+{
+ g_return_val_if_fail (policy_file_entry != NULL, NULL);
+ return policy_file_entry->action;
+}
+
+/**
+ * polkit_policy_file_entry_get_default:
+ * @policy_file_entry: the file entry
+ *
+ * Get the the default policy for this policy.
+ *
+ * Returns: A #PolKitPolicyDefault object - caller shall not unref this object.
+ **/
+PolKitPolicyDefault *
+polkit_policy_file_entry_get_default (PolKitPolicyFileEntry *policy_file_entry)
+{
+ g_return_val_if_fail (policy_file_entry != NULL, NULL);
+ return policy_file_entry->defaults;
+}
+
+typedef struct {
+ PolKitPolicyFileEntry *pfe;
+ PolKitPolicyFileEntryAnnotationsForeachFunc cb;
+ void *user_data;
+} _AnnotationsClosure;
+
+static polkit_bool_t
+_annotations_cb (PolKitHash *hash,
+ void *key,
+ void *value,
+ void *user_data)
+{
+ _AnnotationsClosure *closure = user_data;
+ closure->cb (closure->pfe, (const char *) key, (const char *) value, closure->user_data);
+ return FALSE;
+}
+
+/**
+ * polkit_policy_file_entry_annotations_foreach:
+ * @policy_file_entry: the policy file entry
+ * @cb: callback function
+ * @user_data: user data to pass to the callback function
+ *
+ * Iterate over all annotations on the policy file entry.
+ */
+void
+polkit_policy_file_entry_annotations_foreach (PolKitPolicyFileEntry *policy_file_entry,
+ PolKitPolicyFileEntryAnnotationsForeachFunc cb,
+ void *user_data)
+{
+ _AnnotationsClosure closure;
+
+ g_return_if_fail (policy_file_entry != NULL);
+ if (policy_file_entry->annotations == NULL)
+ return;
+
+ closure.pfe = policy_file_entry;
+ closure.cb = cb;
+ closure.user_data = user_data;
+
+ polkit_hash_foreach (policy_file_entry->annotations,
+ _annotations_cb,
+ &closure);
+}
+
+/**
+ * polkit_policy_file_entry_get_annotation:
+ * @policy_file_entry: the policy file entry
+ * @key: the key of the annotation
+ *
+ * Look of the value of a given annotation.
+ *
+ * Returns: The value of the annotation or #NULL if not found.
+ */
+const char *
+polkit_policy_file_entry_get_annotation (PolKitPolicyFileEntry *policy_file_entry,
+ const char *key)
+{
+ const char *value;
+ g_return_val_if_fail (policy_file_entry != NULL, NULL);
+ g_return_val_if_fail (key != NULL, NULL);
+
+ value = NULL;
+ if (policy_file_entry->annotations != NULL) {
+ value = polkit_hash_lookup (policy_file_entry->annotations, (void *) key, NULL);
+ }
+ return value;
+}
+
+#ifdef POLKIT_BUILD_TESTS
+
+static void
+_pfe_cb (PolKitPolicyFileEntry *pfe,
+ const char *key,
+ const char *value,
+ void *user_data)
+{
+ int *count = (int *) user_data;
+
+ if (strcmp (key, "a1") == 0 && strcmp (value, "v1") == 0)
+ *count += 1;
+ else if (strcmp (key, "a2") == 0 && strcmp (value, "v2") == 0)
+ *count += 1;
+}
+
+static void
+_pfe_cb2 (PolKitPolicyFileEntry *pfe,
+ const char *key,
+ const char *value,
+ void *user_data)
+{
+ int *count = (int *) user_data;
+ *count += 1;
+}
+
+
+static polkit_bool_t
+_run_test (void)
+{
+ PolKitPolicyFileEntry *pfe;
+ PolKitPolicyDefault *d;
+ PolKitHash *a;
+ int count;
+
+ a = NULL;
+ pfe = NULL;
+
+ if ((a = polkit_hash_new (polkit_hash_str_hash_func,
+ polkit_hash_str_equal_func,
+ NULL, NULL,
+ NULL, NULL)) == NULL)
+ goto oom;
+
+ if (!polkit_hash_insert (a, "a1", "v1"))
+ goto oom;
+
+ if (!polkit_hash_insert (a, "a2", "v2"))
+ goto oom;
+
+ if ((pfe = _polkit_policy_file_entry_new ("org.example-action",
+ POLKIT_RESULT_NO,
+ POLKIT_RESULT_ONLY_VIA_SELF_AUTH,
+ POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH,
+ a)) == NULL)
+ goto oom;
+ /* _file_entry_new assumes ownership of the passed a variable */
+ a = NULL;
+
+ g_assert (strcmp (polkit_policy_file_entry_get_id (pfe), "org.example-action") == 0);
+
+ if (_polkit_policy_file_entry_set_descriptions (pfe,
+ "the desc",
+ "the msg")) {
+ g_assert (strcmp (polkit_policy_file_entry_get_action_description (pfe), "the desc") == 0);
+ g_assert (strcmp (polkit_policy_file_entry_get_action_message (pfe), "the msg") == 0);
+ }
+
+ if (_polkit_policy_file_entry_set_descriptions (pfe,
+ "the desc2",
+ "the msg2")) {
+ g_assert (strcmp (polkit_policy_file_entry_get_action_description (pfe), "the desc2") == 0);
+ g_assert (strcmp (polkit_policy_file_entry_get_action_message (pfe), "the msg2") == 0);
+ }
+
+ g_assert ((d = polkit_policy_file_entry_get_default (pfe)) != NULL);
+ g_assert (polkit_policy_default_get_allow_any (d) == POLKIT_RESULT_NO);
+ g_assert (polkit_policy_default_get_allow_inactive (d) == POLKIT_RESULT_ONLY_VIA_SELF_AUTH);
+ g_assert (polkit_policy_default_get_allow_active (d) == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH);
+
+ polkit_policy_file_entry_ref (pfe);
+ polkit_policy_file_entry_unref (pfe);
+ polkit_policy_file_entry_debug (pfe);
+
+ g_assert (strcmp (polkit_policy_file_entry_get_annotation (pfe, "a1"), "v1") == 0);
+ g_assert (strcmp (polkit_policy_file_entry_get_annotation (pfe, "a2"), "v2") == 0);
+ g_assert (polkit_policy_file_entry_get_annotation (pfe, "a3") == NULL);
+
+ count = 0;
+ polkit_policy_file_entry_annotations_foreach (pfe, _pfe_cb, &count);
+ g_assert (count == 2);
+
+ polkit_policy_file_entry_unref (pfe);
+ if ((pfe = _polkit_policy_file_entry_new ("org.example-action-2",
+ POLKIT_RESULT_NO,
+ POLKIT_RESULT_ONLY_VIA_SELF_AUTH,
+ POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH,
+ NULL)) == NULL)
+ goto oom;
+ count = 0;
+ polkit_policy_file_entry_annotations_foreach (pfe, _pfe_cb2, &count);
+ g_assert (count == 0);
+ _pfe_cb2 (pfe, NULL, NULL, &count); /* want to get coverage of _pfe_cb2 */
+ g_assert (count == 1);
+
+oom:
+ if (pfe != NULL)
+ polkit_policy_file_entry_unref (pfe);
+
+ if (a != NULL)
+ polkit_hash_unref (a);
+
+ return TRUE;
+}
+
+PolKitTest _test_policy_file_entry = {
+ "polkit_policy_file_entry",
+ NULL,
+ NULL,
+ _run_test
+};
+
+#endif /* POLKIT_BUILD_TESTS */
diff --git a/src/polkit/polkit-policy-file-entry.h b/src/polkit/polkit-policy-file-entry.h
new file mode 100644
index 0000000..8eb88a9
--- /dev/null
+++ b/src/polkit/polkit-policy-file-entry.h
@@ -0,0 +1,76 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-policy-file-entry.h : entries in policy files
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_POLICY_FILE_ENTRY_H
+#define POLKIT_POLICY_FILE_ENTRY_H
+
+#include <polkit/polkit-types.h>
+#include <polkit/polkit-result.h>
+#include <polkit/polkit-policy-default.h>
+
+POLKIT_BEGIN_DECLS
+
+struct _PolKitPolicyFileEntry;
+typedef struct _PolKitPolicyFileEntry PolKitPolicyFileEntry;
+
+/**
+ * PolKitPolicyFileEntryAnnotationsForeachFunc:
+ * @policy_file_entry: the policy file entry
+ * @key: key of the annotation
+ * @value: corrosponding value of the annotation
+ * @user_data: user data passed to polkit_policy_file_entry_annotations_foreach()
+ *
+ * Callback function for polkit_policy_file_entry_annotations_foreach().
+ **/
+typedef void (*PolKitPolicyFileEntryAnnotationsForeachFunc) (PolKitPolicyFileEntry *policy_file_entry,
+ const char *key,
+ const char *value,
+ void *user_data);
+
+PolKitPolicyFileEntry *polkit_policy_file_entry_ref (PolKitPolicyFileEntry *policy_file_entry);
+void polkit_policy_file_entry_unref (PolKitPolicyFileEntry *policy_file_entry);
+void polkit_policy_file_entry_debug (PolKitPolicyFileEntry *policy_file_entry);
+
+const char *polkit_policy_file_entry_get_id (PolKitPolicyFileEntry *policy_file_entry);
+PolKitPolicyDefault *polkit_policy_file_entry_get_default (PolKitPolicyFileEntry *policy_file_entry);
+
+const char *polkit_policy_file_entry_get_action_description (PolKitPolicyFileEntry *policy_file_entry);
+const char *polkit_policy_file_entry_get_action_message (PolKitPolicyFileEntry *policy_file_entry);
+
+void polkit_policy_file_entry_annotations_foreach (PolKitPolicyFileEntry *policy_file_entry,
+ PolKitPolicyFileEntryAnnotationsForeachFunc cb,
+ void *user_data);
+const char *polkit_policy_file_entry_get_annotation (PolKitPolicyFileEntry *policy_file_entry,
+ const char *key);
+
+POLKIT_END_DECLS
+
+#endif /* POLKIT_POLICY_FILE_ENTRY_H */
+
+
diff --git a/src/polkit/polkit-policy-file.c b/src/polkit/polkit-policy-file.c
new file mode 100644
index 0000000..a894e0f
--- /dev/null
+++ b/src/polkit/polkit-policy-file.c
@@ -0,0 +1,809 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-policy-file.c : policy files
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+#include <syslog.h>
+
+#include <expat.h>
+
+#include <glib.h>
+#include "polkit-error.h"
+#include "polkit-result.h"
+#include "polkit-policy-file.h"
+#include "polkit-policy-file-entry.h"
+#include "polkit-debug.h"
+#include "polkit-private.h"
+#include "polkit-test.h"
+#include "polkit-list.h"
+
+/**
+ * SECTION:polkit-policy-file
+ * @title: Policy Definition Files
+ * @short_description: Represents a set of declared actions.
+ *
+ * This class is used to represent a policy file.
+ **/
+
+/**
+ * PolKitPolicyFile:
+ *
+ * Objects of this class are used to record information about a
+ * policy file.
+ **/
+struct _PolKitPolicyFile
+{
+ int refcount;
+ PolKitList *entries;
+};
+
+enum {
+ STATE_NONE,
+ STATE_UNKNOWN_TAG,
+ STATE_IN_POLICY_CONFIG,
+ STATE_IN_ACTION,
+ STATE_IN_ACTION_DESCRIPTION,
+ STATE_IN_ACTION_MESSAGE,
+ STATE_IN_DEFAULTS,
+ STATE_IN_DEFAULTS_ALLOW_ANY,
+ STATE_IN_DEFAULTS_ALLOW_INACTIVE,
+ STATE_IN_DEFAULTS_ALLOW_ACTIVE,
+ STATE_IN_ANNOTATE
+};
+
+#define PARSER_MAX_DEPTH 32
+
+typedef struct {
+ XML_Parser parser;
+ int state;
+ int state_stack[PARSER_MAX_DEPTH];
+ int stack_depth;
+
+ const char *path;
+
+ char *action_id;
+
+ PolKitResult defaults_allow_any;
+ PolKitResult defaults_allow_inactive;
+ PolKitResult defaults_allow_active;
+
+ PolKitPolicyFile *pf;
+
+ polkit_bool_t load_descriptions;
+
+ PolKitHash *policy_descriptions;
+ PolKitHash *policy_messages;
+
+ char *policy_description_nolang;
+ char *policy_message_nolang;
+
+ /* the language according to $LANG (e.g. en_US, da_DK, fr, en_CA minus the encoding) */
+ char *lang;
+
+ /* the value of xml:lang for the thing we're reading in _cdata() */
+ char *elem_lang;
+
+ char *annotate_key;
+ PolKitHash *annotations;
+
+ polkit_bool_t is_oom;
+} ParserData;
+
+static void
+pd_unref_action_data (ParserData *pd)
+{
+ p_free (pd->action_id);
+ pd->action_id = NULL;
+ p_free (pd->policy_description_nolang);
+ pd->policy_description_nolang = NULL;
+ p_free (pd->policy_message_nolang);
+ pd->policy_message_nolang = NULL;
+ if (pd->policy_descriptions != NULL) {
+ polkit_hash_unref (pd->policy_descriptions);
+ pd->policy_descriptions = NULL;
+ }
+ if (pd->policy_messages != NULL) {
+ polkit_hash_unref (pd->policy_messages);
+ pd->policy_messages = NULL;
+ }
+ p_free (pd->annotate_key);
+ pd->annotate_key = NULL;
+ if (pd->annotations != NULL) {
+ polkit_hash_unref (pd->annotations);
+ pd->annotations = NULL;
+ }
+ p_free (pd->elem_lang);
+ pd->elem_lang = NULL;
+}
+
+static void
+pd_unref_data (ParserData *pd)
+{
+ pd_unref_action_data (pd);
+ p_free (pd->lang);
+ pd->lang = NULL;
+}
+
+static void
+_start (void *data, const char *el, const char **attr)
+{
+ int state;
+ int num_attr;
+ ParserData *pd = data;
+
+ for (num_attr = 0; attr[num_attr] != NULL; num_attr++)
+ ;
+
+ state = STATE_NONE;
+
+ switch (pd->state) {
+ case STATE_NONE:
+ if (strcmp (el, "policyconfig") == 0) {
+ state = STATE_IN_POLICY_CONFIG;
+ }
+ break;
+ case STATE_IN_POLICY_CONFIG:
+ if (strcmp (el, "action") == 0) {
+ if (num_attr != 2 || strcmp (attr[0], "id") != 0)
+ goto error;
+ state = STATE_IN_ACTION;
+
+ if (!polkit_action_validate_id (attr[1]))
+ goto error;
+
+ pd_unref_action_data (pd);
+ pd->action_id = p_strdup (attr[1]);
+ if (pd->action_id == NULL)
+ goto oom;
+ pd->policy_descriptions = polkit_hash_new (polkit_hash_str_hash_func,
+ polkit_hash_str_equal_func,
+ polkit_hash_str_copy, polkit_hash_str_copy,
+ p_free, p_free);
+ pd->policy_messages = polkit_hash_new (polkit_hash_str_hash_func,
+ polkit_hash_str_equal_func,
+ polkit_hash_str_copy, polkit_hash_str_copy,
+ p_free, p_free);
+
+ /* initialize defaults */
+ pd->defaults_allow_any = POLKIT_RESULT_NO;
+ pd->defaults_allow_inactive = POLKIT_RESULT_NO;
+ pd->defaults_allow_active = POLKIT_RESULT_NO;
+ }
+ break;
+ case STATE_IN_ACTION:
+ if (strcmp (el, "defaults") == 0) {
+ state = STATE_IN_DEFAULTS;
+ } else if (strcmp (el, "description") == 0) {
+ if (num_attr == 2 && strcmp (attr[0], "xml:lang") == 0) {
+ pd->elem_lang = p_strdup (attr[1]);
+ if (pd->elem_lang == NULL)
+ goto oom;
+ }
+ state = STATE_IN_ACTION_DESCRIPTION;
+ } else if (strcmp (el, "message") == 0) {
+ if (num_attr == 2 && strcmp (attr[0], "xml:lang") == 0) {
+ pd->elem_lang = p_strdup (attr[1]);
+ if (pd->elem_lang == NULL)
+ goto oom;
+ }
+ state = STATE_IN_ACTION_MESSAGE;
+ } else if (strcmp (el, "annotate") == 0) {
+ if (num_attr != 2 || strcmp (attr[0], "key") != 0)
+ goto error;
+ state = STATE_IN_ANNOTATE;
+
+ p_free (pd->annotate_key);
+ pd->annotate_key = p_strdup (attr[1]);
+ if (pd->annotate_key == NULL)
+ goto oom;
+ }
+ break;
+ case STATE_IN_DEFAULTS:
+ if (strcmp (el, "allow_any") == 0)
+ state = STATE_IN_DEFAULTS_ALLOW_ANY;
+ else if (strcmp (el, "allow_inactive") == 0)
+ state = STATE_IN_DEFAULTS_ALLOW_INACTIVE;
+ else if (strcmp (el, "allow_active") == 0)
+ state = STATE_IN_DEFAULTS_ALLOW_ACTIVE;
+ break;
+ default:
+ break;
+ }
+
+ if (state == STATE_NONE) {
+ //g_warning ("skipping unknown tag <%s> at line %d of %s",
+ // el, (int) XML_GetCurrentLineNumber (pd->parser), pd->path);
+ //syslog (LOG_ALERT, "libpolkit: skipping unknown tag <%s> at line %d of %s",
+ // el, (int) XML_GetCurrentLineNumber (pd->parser), pd->path);
+ state = STATE_UNKNOWN_TAG;
+ }
+
+ pd->state = state;
+ pd->state_stack[pd->stack_depth] = pd->state;
+ pd->stack_depth++;
+ return;
+oom:
+ pd->is_oom = TRUE;
+error:
+ XML_StopParser (pd->parser, FALSE);
+}
+
+static void
+_cdata (void *data, const char *s, int len)
+{
+ char *str;
+ ParserData *pd = data;
+
+ str = p_strndup (s, len);
+ if (str == NULL)
+ goto oom;
+
+ switch (pd->state) {
+
+ case STATE_IN_ACTION_DESCRIPTION:
+ if (pd->load_descriptions) {
+ if (pd->elem_lang == NULL) {
+ p_free (pd->policy_description_nolang);
+ pd->policy_description_nolang = str;
+ str = NULL;
+ } else {
+ if (!polkit_hash_insert (pd->policy_descriptions, pd->elem_lang, str))
+ goto oom;
+ }
+ }
+ break;
+
+ case STATE_IN_ACTION_MESSAGE:
+ if (pd->load_descriptions) {
+ if (pd->elem_lang == NULL) {
+ p_free (pd->policy_message_nolang);
+ pd->policy_message_nolang = str;
+ str = NULL;
+ } else {
+ if (!polkit_hash_insert (pd->policy_messages, pd->elem_lang, str))
+ goto oom;
+ }
+ }
+ break;
+
+ case STATE_IN_DEFAULTS_ALLOW_ANY:
+ if (!polkit_result_from_string_representation (str, &pd->defaults_allow_any))
+ goto error;
+ break;
+ case STATE_IN_DEFAULTS_ALLOW_INACTIVE:
+ if (!polkit_result_from_string_representation (str, &pd->defaults_allow_inactive))
+ goto error;
+ break;
+ case STATE_IN_DEFAULTS_ALLOW_ACTIVE:
+ if (!polkit_result_from_string_representation (str, &pd->defaults_allow_active))
+ goto error;
+ break;
+
+ case STATE_IN_ANNOTATE:
+ if (pd->annotations == NULL) {
+ pd->annotations = polkit_hash_new (polkit_hash_str_hash_func,
+ polkit_hash_str_equal_func,
+ polkit_hash_str_copy, polkit_hash_str_copy,
+ p_free, p_free);
+ if (pd->annotations == NULL)
+ goto oom;
+ }
+ if (!polkit_hash_insert (pd->annotations, pd->annotate_key, str))
+ goto oom;
+ break;
+
+ default:
+ break;
+ }
+ p_free (str);
+ return;
+oom:
+ pd->is_oom = TRUE;
+error:
+ p_free (str);
+ XML_StopParser (pd->parser, FALSE);
+}
+
+/**
+ * _localize:
+ * @translations: a mapping from xml:lang to the value, e.g. 'da' -> 'Smadre', 'en_CA' -> 'Punch, Aye!'
+ * @untranslated: the untranslated value, e.g. 'Punch'
+ * @lang: the locale we're interested in, e.g. 'da_DK', 'da', 'en_CA', 'en_US'; basically just $LANG
+ * with the encoding cut off. Maybe be NULL.
+ *
+ * Pick the correct translation to use.
+ *
+ * Returns: the localized string to use
+ */
+static const char *
+_localize (PolKitHash *translations, const char *untranslated, const char *lang)
+{
+ const char *result;
+ char lang2[256];
+ int n;
+
+ if (lang == NULL) {
+ result = untranslated;
+ goto out;
+ }
+
+ /* first see if we have the translation */
+ result = (const char *) polkit_hash_lookup (translations, (void *) lang, NULL);
+ if (result != NULL)
+ goto out;
+
+ /* we could have a translation for 'da' but lang=='da_DK'; cut off the last part and try again */
+ strncpy (lang2, lang, sizeof (lang2));
+ for (n = 0; lang2[n] != '\0'; n++) {
+ if (lang2[n] == '_') {
+ lang2[n] = '\0';
+ break;
+ }
+ }
+ result = (const char *) polkit_hash_lookup (translations, (void *) lang2, NULL);
+ if (result != NULL)
+ goto out;
+
+ /* fall back to untranslated */
+ result = untranslated;
+out:
+ return result;
+}
+
+static void
+_end (void *data, const char *el)
+{
+ ParserData *pd = data;
+ PolKitList *l;
+
+ p_free (pd->elem_lang);
+ pd->elem_lang = NULL;
+
+ switch (pd->state) {
+ case STATE_IN_ACTION:
+ {
+ const char *policy_description;
+ const char *policy_message;
+ PolKitPolicyFileEntry *pfe;
+
+ /* NOTE: caller takes ownership of the annotations object */
+ pfe = _polkit_policy_file_entry_new (pd->action_id,
+ pd->defaults_allow_any,
+ pd->defaults_allow_inactive,
+ pd->defaults_allow_active,
+ pd->annotations);
+ if (pfe == NULL)
+ goto oom;
+ pd->annotations = NULL;
+
+ if (pd->load_descriptions) {
+ policy_description = _localize (pd->policy_descriptions, pd->policy_description_nolang, pd->lang);
+ policy_message = _localize (pd->policy_messages, pd->policy_message_nolang, pd->lang);
+ } else {
+ policy_description = NULL;
+ policy_message = NULL;
+ }
+
+ if (pd->load_descriptions) {
+ if (!_polkit_policy_file_entry_set_descriptions (pfe,
+ policy_description,
+ policy_message)) {
+ polkit_policy_file_entry_unref (pfe);
+ goto oom;
+ }
+ }
+
+ l = polkit_list_prepend (pd->pf->entries, pfe);
+ if (l == NULL) {
+ polkit_policy_file_entry_unref (pfe);
+ goto oom;
+ }
+ pd->pf->entries = l;
+ break;
+ }
+ default:
+ break;
+ }
+
+ --pd->stack_depth;
+ if (pd->stack_depth < 0 || pd->stack_depth >= PARSER_MAX_DEPTH) {
+ _pk_debug ("reached max depth?");
+ goto error;
+ }
+ if (pd->stack_depth > 0)
+ pd->state = pd->state_stack[pd->stack_depth - 1];
+ else
+ pd->state = STATE_NONE;
+
+ return;
+oom:
+ pd->is_oom = 1;
+error:
+ XML_StopParser (pd->parser, FALSE);
+}
+
+
+/**
+ * polkit_policy_file_new:
+ * @path: path to file
+ * @load_descriptions: whether descriptions should be loaded
+ * @error: Return location for error
+ *
+ * Load a policy file.
+ *
+ * Returns: The new object or #NULL if error is set
+ **/
+PolKitPolicyFile *
+polkit_policy_file_new (const char *path, polkit_bool_t load_descriptions, PolKitError **error)
+{
+ PolKitPolicyFile *pf;
+ ParserData pd;
+ int xml_res;
+ char *lang;
+ char *buf;
+ gsize buflen;
+ GError *g_error;
+
+ pf = NULL;
+ buf = NULL;
+
+ /* clear parser data */
+ memset (&pd, 0, sizeof (ParserData));
+
+ if (!g_str_has_suffix (path, ".policy")) {
+ polkit_error_set_error (error,
+ POLKIT_ERROR_POLICY_FILE_INVALID,
+ "Policy files must have extension .policy; file '%s' doesn't", path);
+ goto error;
+ }
+
+ g_error = NULL;
+ if (!g_file_get_contents (path, &buf, &buflen, &g_error)) {
+ polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID,
+ "Cannot load PolicyKit policy file at '%s': %s",
+ path,
+ g_error->message);
+ g_error_free (g_error);
+ goto error;
+ }
+
+ pd.path = path;
+/* #ifdef POLKIT_BUILD_TESTS
+ TODO: expat appears to leak on certain OOM paths
+*/
+#if 0
+ XML_Memory_Handling_Suite memsuite = {p_malloc, p_realloc, p_free};
+ pd.parser = XML_ParserCreate_MM (NULL, &memsuite, NULL);
+#else
+ pd.parser = XML_ParserCreate (NULL);
+#endif
+ pd.stack_depth = 0;
+ if (pd.parser == NULL) {
+ polkit_error_set_error (error, POLKIT_ERROR_OUT_OF_MEMORY,
+ "Cannot load PolicyKit policy file at '%s': %s",
+ path,
+ "No memory for parser");
+ goto error;
+ }
+ XML_SetUserData (pd.parser, &pd);
+ XML_SetElementHandler (pd.parser, _start, _end);
+ XML_SetCharacterDataHandler (pd.parser, _cdata);
+
+ pf = p_new0 (PolKitPolicyFile, 1);
+ if (pf == NULL) {
+ polkit_error_set_error (error, POLKIT_ERROR_OUT_OF_MEMORY,
+ "Cannot load PolicyKit policy file at '%s': No memory for object",
+ path);
+ goto error;
+ }
+
+ pf->refcount = 1;
+
+ /* init parser data */
+ pd.state = STATE_NONE;
+ pd.pf = pf;
+ pd.load_descriptions = load_descriptions;
+ lang = getenv ("LANG");
+ if (lang != NULL) {
+ int n;
+ pd.lang = p_strdup (lang);
+ if (pd.lang == NULL) {
+ polkit_error_set_error (error, POLKIT_ERROR_OUT_OF_MEMORY,
+ "Cannot load PolicyKit policy file at '%s': No memory for lang",
+ path);
+ goto error;
+ }
+ for (n = 0; pd.lang[n] != '\0'; n++) {
+ if (pd.lang[n] == '.') {
+ pd.lang[n] = '\0';
+ break;
+ }
+ }
+ }
+
+ xml_res = XML_Parse (pd.parser, buf, buflen, 1);
+
+ if (xml_res == 0) {
+ if (XML_GetErrorCode (pd.parser) == XML_ERROR_NO_MEMORY) {
+ polkit_error_set_error (error, POLKIT_ERROR_OUT_OF_MEMORY,
+ "Out of memory parsing %s",
+ path);
+ } else if (pd.is_oom) {
+ polkit_error_set_error (error, POLKIT_ERROR_OUT_OF_MEMORY,
+ "Out of memory parsing %s",
+ path);
+ } else {
+ polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID,
+ "%s:%d: parse error: %s",
+ path,
+ (int) XML_GetCurrentLineNumber (pd.parser),
+ XML_ErrorString (XML_GetErrorCode (pd.parser)));
+ }
+ XML_ParserFree (pd.parser);
+ goto error;
+ }
+
+ XML_ParserFree (pd.parser);
+ g_free (buf);
+ pd_unref_data (&pd);
+ return pf;
+error:
+ if (pf != NULL)
+ polkit_policy_file_unref (pf);
+ pd_unref_data (&pd);
+ g_free (buf);
+ return NULL;
+}
+
+/**
+ * polkit_policy_file_ref:
+ * @policy_file: the policy file object
+ *
+ * Increase reference count.
+ *
+ * Returns: the object
+ **/
+PolKitPolicyFile *
+polkit_policy_file_ref (PolKitPolicyFile *policy_file)
+{
+ g_return_val_if_fail (policy_file != NULL, policy_file);
+ policy_file->refcount++;
+ return policy_file;
+}
+
+/**
+ * polkit_policy_file_unref:
+ * @policy_file: the policy file object
+ *
+ * Decreases the reference count of the object. If it becomes zero,
+ * the object is freed. Before freeing, reference counts on embedded
+ * objects are decresed by one.
+ **/
+void
+polkit_policy_file_unref (PolKitPolicyFile *policy_file)
+{
+ PolKitList *i;
+ g_return_if_fail (policy_file != NULL);
+ policy_file->refcount--;
+ if (policy_file->refcount > 0)
+ return;
+ for (i = policy_file->entries; i != NULL; i = i->next) {
+ polkit_policy_file_entry_unref (i->data);
+ }
+ if (policy_file->entries != NULL)
+ polkit_list_free (policy_file->entries);
+ p_free (policy_file);
+}
+
+/**
+ * polkit_policy_file_entry_foreach:
+ * @policy_file: the policy file object
+ * @cb: callback to invoke for each entry
+ * @user_data: user data
+ *
+ * Visits all entries in a policy file.
+ **/
+void
+polkit_policy_file_entry_foreach (PolKitPolicyFile *policy_file,
+ PolKitPolicyFileEntryForeachFunc cb,
+ void *user_data)
+{
+ PolKitList *i;
+
+ g_return_if_fail (policy_file != NULL);
+ g_return_if_fail (cb != NULL);
+
+ for (i = policy_file->entries; i != NULL; i = i->next) {
+ PolKitPolicyFileEntry *pfe = i->data;
+ cb (policy_file, pfe, user_data);
+ }
+}
+
+#ifdef POLKIT_BUILD_TESTS
+
+/* this checks that the policy descriptions read from test-valid-3-lang.policy are correct */
+static void
+_check_pf (PolKitPolicyFile *pf, PolKitPolicyFileEntry *pfe, void *user_data)
+{
+ const char *r_msg;
+ const char *r_desc;
+ char *msg;
+ char *desc;
+ char *lang;
+ int *counter = (int *) user_data;
+ polkit_bool_t is_danish;
+
+ is_danish = FALSE;
+ lang = getenv ("LANG");
+ if (lang != NULL) {
+ if (strcmp (lang, "da_DK.UTF8") == 0 ||
+ strcmp (lang, "da_DK") == 0 ||
+ strcmp (lang, "da") == 0)
+ is_danish = TRUE;
+ }
+
+
+ if (strcmp (polkit_policy_file_entry_get_id (pfe), "org.example") == 0) {
+ if (is_danish) {
+ desc = "example (danish)";
+ msg = "message (danish)";
+ } else {
+ desc = "example";
+ msg = "message";
+ }
+ r_desc = polkit_policy_file_entry_get_action_description (pfe);
+ r_msg = polkit_policy_file_entry_get_action_message (pfe);
+
+ if (strcmp (r_desc, desc) == 0 &&
+ strcmp (r_msg, msg) == 0)
+ *counter += 1;
+
+ } else if (strcmp (polkit_policy_file_entry_get_id (pfe), "org.example2") == 0) {
+ if (is_danish) {
+ desc = "example 2 (danish)";
+ msg = "message 2 (danish)";
+ } else {
+ desc = "example 2";
+ msg = "message 2";
+ }
+ r_desc = polkit_policy_file_entry_get_action_description (pfe);
+ r_msg = polkit_policy_file_entry_get_action_message (pfe);
+
+ if (strcmp (r_desc, desc) == 0 &&
+ strcmp (r_msg, msg) == 0)
+ *counter += 1;
+ }
+}
+
+static polkit_bool_t
+_run_test (void)
+{
+ int m;
+ unsigned int n;
+ PolKitPolicyFile *pf;
+ PolKitError *error;
+ const char *valid_files[] = {
+ TEST_DATA_DIR "test-valid-1.policy",
+ TEST_DATA_DIR "test-valid-2-annotations.policy",
+ TEST_DATA_DIR "test-valid-3-lang.policy",
+ TEST_DATA_DIR "test-valid-4-unknown-tags.policy",
+ };
+ const char *invalid_files[] = {
+ TEST_DATA_DIR "non-existant-file.policy",
+ TEST_DATA_DIR "bad.extension",
+ TEST_DATA_DIR "test-invalid-1-action-id.policy",
+ TEST_DATA_DIR "test-invalid-2-bogus-any.policy",
+ TEST_DATA_DIR "test-invalid-3-bogus-inactive.policy",
+ TEST_DATA_DIR "test-invalid-4-bogus-active.policy",
+ TEST_DATA_DIR "test-invalid-5-max-depth.policy",
+ };
+
+ for (n = 0; n < sizeof (invalid_files) / sizeof (char*); n++) {
+ error = NULL;
+ g_assert (polkit_policy_file_new (invalid_files[n], TRUE, &error) == NULL);
+ g_assert (polkit_error_get_error_code (error) == POLKIT_ERROR_OUT_OF_MEMORY ||
+ polkit_error_get_error_code (error) == POLKIT_ERROR_POLICY_FILE_INVALID);
+ polkit_error_free (error);
+ }
+
+ for (n = 0; n < sizeof (valid_files) / sizeof (char*); n++) {
+
+ for (m = 0; m < 6; m++) {
+ polkit_bool_t load_descriptions;
+
+ /* only run the multiple lang tests for test-valid-3-lang.policy */
+ if (n != 2) {
+ if (m > 0)
+ break;
+ }
+
+ load_descriptions = TRUE;
+
+ switch (m) {
+ case 0:
+ unsetenv ("LANG");
+ break;
+ case 1:
+ setenv ("LANG", "da_DK.UTF8", 1);
+ break;
+ case 2:
+ setenv ("LANG", "da_DK", 1);
+ break;
+ case 3:
+ setenv ("LANG", "da", 1);
+ break;
+ case 4:
+ setenv ("LANG", "en_CA", 1);
+ break;
+ case 5:
+ unsetenv ("LANG");
+ load_descriptions = FALSE;
+ break;
+ }
+
+ error = NULL;
+ if ((pf = polkit_policy_file_new (valid_files[n], load_descriptions, &error)) == NULL) {
+ g_assert (polkit_error_get_error_code (error) == POLKIT_ERROR_OUT_OF_MEMORY);
+ polkit_error_free (error);
+ } else {
+
+ if (n == 2 && m != 5) {
+ int num_passed;
+
+ num_passed = 0;
+ polkit_policy_file_entry_foreach (pf,
+ _check_pf,
+ &num_passed);
+ g_assert (num_passed == 2);
+ }
+
+ polkit_policy_file_ref (pf);
+ polkit_policy_file_unref (pf);
+ polkit_policy_file_unref (pf);
+ }
+ }
+ }
+
+ return TRUE;
+}
+
+PolKitTest _test_policy_file = {
+ "polkit_policy_file",
+ NULL,
+ NULL,
+ _run_test
+};
+
+#endif /* POLKIT_BUILD_TESTS */
diff --git a/src/polkit/polkit-policy-file.h b/src/polkit/polkit-policy-file.h
new file mode 100644
index 0000000..ac590c3
--- /dev/null
+++ b/src/polkit/polkit-policy-file.h
@@ -0,0 +1,67 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-policy-file.h : policy files
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_POLICY_FILE_H
+#define POLKIT_POLICY_FILE_H
+
+#include <polkit/polkit-types.h>
+#include <polkit/polkit-error.h>
+#include <polkit/polkit-policy-file-entry.h>
+
+POLKIT_BEGIN_DECLS
+
+struct _PolKitPolicyFile;
+typedef struct _PolKitPolicyFile PolKitPolicyFile;
+
+/**
+ * PolKitPolicyFileEntryForeachFunc:
+ * @policy_file: the policy file
+ * @policy_file_entry: the entry
+ * @user_data: user data
+ *
+ * Type for function used in polkit_policy_file_entry_foreach().
+ **/
+typedef void (*PolKitPolicyFileEntryForeachFunc) (PolKitPolicyFile *policy_file,
+ PolKitPolicyFileEntry *policy_file_entry,
+ void *user_data);
+
+PolKitPolicyFile *polkit_policy_file_new (const char *path,
+ polkit_bool_t load_descriptions,
+ PolKitError **error);
+PolKitPolicyFile *polkit_policy_file_ref (PolKitPolicyFile *policy_file);
+void polkit_policy_file_unref (PolKitPolicyFile *policy_file);
+void polkit_policy_file_entry_foreach (PolKitPolicyFile *policy_file,
+ PolKitPolicyFileEntryForeachFunc cb,
+ void *user_data);
+
+POLKIT_END_DECLS
+
+#endif /* POLKIT_POLICY_FILE_H */
+
+
diff --git a/src/polkit/polkit-private.h b/src/polkit/polkit-private.h
new file mode 100644
index 0000000..cff4a91
--- /dev/null
+++ b/src/polkit/polkit-private.h
@@ -0,0 +1,107 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-private.h : Private functions
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION)
+#error "This is a private file and shouldn't be included outside PolicyKit."
+#endif
+
+#ifndef POLKIT_PRIVATE_H
+#define POLKIT_PRIVATE_H
+
+#include <glib.h>
+#include <polkit/polkit.h>
+#include <polkit/polkit-memory.h>
+#include <polkit/polkit-hash.h>
+
+POLKIT_BEGIN_DECLS
+
+void _polkit_memory_reset (void);
+int _polkit_memory_get_current_allocations (void);
+int _polkit_memory_get_total_allocations (void);
+void _polkit_memory_fail_nth_alloc (int number);
+
+PolKitAuthorization *_polkit_authorization_new_for_uid (const char *entry_in_auth_file, uid_t uid);
+const char *_polkit_authorization_get_authfile_entry (PolKitAuthorization *auth);
+
+PolKitAuthorizationConstraint *_polkit_authorization_constraint_new (const char *entry_in_auth_file);
+
+polkit_bool_t _polkit_authorization_db_auth_file_add (const char *root, polkit_bool_t transient, uid_t uid, char *str_to_add);
+
+PolKitAuthorizationDB *_polkit_authorization_db_new (void);
+void _polkit_authorization_db_invalidate_cache (PolKitAuthorizationDB *authdb);
+
+void _polkit_authorization_db_pfe_foreach (PolKitPolicyCache *policy_cache,
+ PolKitPolicyCacheForeachFunc callback,
+ void *user_data);
+
+PolKitPolicyFileEntry* _polkit_authorization_db_pfe_get_by_id (PolKitPolicyCache *policy_cache,
+ const char *action_id);
+
+
+PolKitPolicyCache *_polkit_policy_cache_new (const char *dirname, polkit_bool_t load_descriptions, PolKitError **error);
+
+PolKitPolicyCache *_polkit_policy_cache_new (const char *dirname, polkit_bool_t load_descriptions, PolKitError **error);
+
+PolKitPolicyDefault *_polkit_policy_default_new (PolKitResult defaults_allow_any,
+ PolKitResult defaults_allow_inactive,
+ PolKitResult defaults_allow_active);
+
+polkit_bool_t _polkit_policy_file_entry_set_descriptions (PolKitPolicyFileEntry *pfe,
+ const char *policy_description,
+ const char *policy_message);
+
+
+PolKitPolicyDefault *_polkit_policy_default_new (PolKitResult defaults_allow_any,
+ PolKitResult defaults_allow_inactive,
+ PolKitResult defaults_allow_active);
+
+
+PolKitPolicyFileEntry *_polkit_policy_file_entry_new (const char *action_id,
+ PolKitResult defaults_allow_any,
+ PolKitResult defaults_allow_inactive,
+ PolKitResult defaults_allow_active,
+ PolKitHash *annotations);
+
+
+#ifdef POLKIT_AUTHDB_DUMMY
+struct _PolKitAuthorizationDB
+{
+ /*< private >*/
+ int refcount;
+};
+#elif POLKIT_AUTHDB_DEFAULT
+struct _PolKitAuthorizationDB
+{
+ /*< private >*/
+ int refcount;
+ GHashTable *uid_to_authlist;
+};
+
+#endif
+
+POLKIT_END_DECLS
+
+#endif /* POLKIT_PRIVATE_H */
+
diff --git a/src/polkit/polkit-result.c b/src/polkit/polkit-result.c
new file mode 100644
index 0000000..eee04c0
--- /dev/null
+++ b/src/polkit/polkit-result.c
@@ -0,0 +1,152 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-result.c : result codes from PolicyKit
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+/**
+ * SECTION:polkit-result
+ * @title: Results
+ * @short_description: Definition of results of PolicyKit queries.
+ *
+ * These functions are used to manipulate PolicyKit results.
+ **/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <glib.h>
+#include "polkit-result.h"
+#include "polkit-test.h"
+#include "polkit-memory.h"
+
+
+static const struct {
+ PolKitResult result;
+ const char *str;
+} mapping[POLKIT_RESULT_N_RESULTS] =
+{
+ {POLKIT_RESULT_UNKNOWN, "unknown"},
+ {POLKIT_RESULT_NO, "no"},
+ {POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH, "auth_admin"},
+ {POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION, "auth_admin_keep_session"},
+ {POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS, "auth_admin_keep_always"},
+ {POLKIT_RESULT_ONLY_VIA_SELF_AUTH, "auth_self"},
+ {POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION, "auth_self_keep_session"},
+ {POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS, "auth_self_keep_always"},
+ {POLKIT_RESULT_YES, "yes"},
+ {POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT, "auth_admin_one_shot"},
+ {POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT, "auth_self_one_shot"},
+};
+
+
+/**
+ * polkit_result_to_string_representation:
+ * @result: the given result to get a textual representation of
+ *
+ * Gives a textual representation of a #PolKitResult object. This
+ * string is not suitable for displaying to an end user (it's not
+ * localized for starters) but is useful for serialization as it can
+ * be converted back to a #PolKitResult object using
+ * polkit_result_from_string_representation().
+ *
+ * Returns: string representing the result (do not free) or #NULL if the given result is invalid
+ **/
+const char *
+polkit_result_to_string_representation (PolKitResult result)
+{
+ if (result < 0 || result >= POLKIT_RESULT_N_RESULTS) {
+ g_warning ("The passed result code, %d, is not valid", result);
+ return NULL;
+ }
+
+ return mapping[result].str;
+}
+
+/**
+ * polkit_result_from_string_representation:
+ * @string: textual representation of a #PolKitResult object
+ * @out_result: return location for #PolKitResult
+ *
+ * Given a textual representation of a #PolKitResult object, find the
+ * #PolKitResult value.
+ *
+ * Returns: TRUE if the textual representation was valid, otherwise FALSE
+ **/
+polkit_bool_t
+polkit_result_from_string_representation (const char *string, PolKitResult *out_result)
+{
+ int n;
+
+ g_return_val_if_fail (out_result != NULL, FALSE);
+
+ for (n = 0; n < POLKIT_RESULT_N_RESULTS; n++) {
+ if (strcmp (mapping[n].str, string) == 0) {
+ *out_result = mapping[n].result;
+ goto found;
+ }
+ }
+
+ return FALSE;
+found:
+ return TRUE;
+}
+
+#ifdef POLKIT_BUILD_TESTS
+
+static polkit_bool_t
+_run_test (void)
+{
+ PolKitResult n;
+ PolKitResult m;
+
+ for (n = 0; n < POLKIT_RESULT_N_RESULTS; n++) {
+ g_assert (polkit_result_from_string_representation (polkit_result_to_string_representation (n), &m) && n== m);
+ }
+
+ g_assert (polkit_result_to_string_representation ((PolKitResult) -1) == NULL);
+ g_assert (polkit_result_to_string_representation (POLKIT_RESULT_N_RESULTS) == NULL);
+
+ g_assert (! polkit_result_from_string_representation ("non-exiting-result-id", &m));
+
+
+ return TRUE;
+}
+
+PolKitTest _test_result = {
+ "polkit_result",
+ NULL,
+ NULL,
+ _run_test
+};
+
+#endif /* POLKIT_BUILD_TESTS */
diff --git a/src/polkit/polkit-result.h b/src/polkit/polkit-result.h
new file mode 100644
index 0000000..17b45df
--- /dev/null
+++ b/src/polkit/polkit-result.h
@@ -0,0 +1,110 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-result.h : result codes from PolicyKit
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_RESULT_H
+#define POLKIT_RESULT_H
+
+#include <polkit/polkit-types.h>
+
+POLKIT_BEGIN_DECLS
+
+/**
+ * PolKitResult:
+ * @POLKIT_RESULT_UNKNOWN: The result is unknown / cannot be
+ * computed. This is mostly used internally in libpolkit.
+ * @POLKIT_RESULT_NO: Access denied.
+ * @POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT: Access denied, but
+ * authentication by the caller as administrator (e.g. root or a
+ * member in the wheel group depending on configuration) will grant
+ * access exactly one time to the process the caller is originating
+ * from. See polkit_context_is_caller_authorized() for discussion (and
+ * limitations) about one-shot authorizations.
+ * @POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH: Access denied, but
+ * authentication by the caller as administrator (e.g. root or a
+ * member in the wheel group depending on configuration) will grant
+ * access to the process the caller is originating from.
+ * @POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION: Access denied, but
+ * authentication by the caller as administrator (e.g. root or a
+ * member in the wheel group depending on configuration) will grant
+ * access for the remainder of the session
+ * @POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS: Access denied, but
+ * authentication by the caller as administrator (e.g. root or a
+ * member in the wheel group depending on configuration) will grant
+ * access in the future.
+ * @POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT: Access denied, but
+ * authentication by the caller as himself will grant access exactly
+ * one time to the process the caller is originating from. See
+ * polkit_context_is_caller_authorized() for discussion (and
+ * limitations) about one-shot authorizations.
+ * @POLKIT_RESULT_ONLY_VIA_SELF_AUTH: Access denied, but
+ * authentication by the caller as himself will grant access to the
+ * process the caller is originating from.
+ * @POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION: Access denied, but
+ * authentication by the caller as himself will grant access to the
+ * resource for the remainder of the session
+ * @POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS: Access denied, but
+ * authentication by the caller as himself will grant access to the
+ * resource in the future.
+ * @POLKIT_RESULT_YES: Access granted.
+ * @POLKIT_RESULT_N_RESULTS: Number of result codes
+ *
+ * Result codes from queries to PolicyKit. This enumeration may grow
+ * in the future. One should never rely on the ordering
+ */
+typedef enum
+{
+ POLKIT_RESULT_UNKNOWN,
+
+ POLKIT_RESULT_NO,
+
+ POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH,
+ POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION,
+ POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS,
+
+ POLKIT_RESULT_ONLY_VIA_SELF_AUTH,
+ POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION,
+ POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS,
+
+ POLKIT_RESULT_YES,
+
+ POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT,
+ POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT,
+
+ POLKIT_RESULT_N_RESULTS
+} PolKitResult;
+
+const char *
+polkit_result_to_string_representation (PolKitResult result);
+
+polkit_bool_t
+polkit_result_from_string_representation (const char *string, PolKitResult *out_result);
+
+POLKIT_END_DECLS
+
+#endif /* POLKIT_RESULT_H */
diff --git a/src/polkit/polkit-seat.c b/src/polkit/polkit-seat.c
new file mode 100644
index 0000000..0056da9
--- /dev/null
+++ b/src/polkit/polkit-seat.c
@@ -0,0 +1,231 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-seat.c : seat
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <glib.h>
+#include "polkit-debug.h"
+#include "polkit-seat.h"
+#include "polkit-utils.h"
+#include "polkit-test.h"
+#include "polkit-memory.h"
+
+/**
+ * SECTION:polkit-seat
+ * @title: Seat
+ * @short_description: Represents a ConsoleKit Seat.
+ *
+ * This class is used to represent a seat.
+ **/
+
+/**
+ * PolKitSeat:
+ *
+ * Objects of this class are used to record information about a
+ * seat.
+ **/
+struct _PolKitSeat
+{
+ int refcount;
+ char *ck_objref;
+};
+
+/**
+ * polkit_seat_new:
+ *
+ * Creates a new #PolKitSeat object.
+ *
+ * Returns: the new object
+ **/
+PolKitSeat *
+polkit_seat_new (void)
+{
+ PolKitSeat *seat;
+ seat = p_new0 (PolKitSeat, 1);
+ if (seat == NULL)
+ goto out;
+ seat->refcount = 1;
+out:
+ return seat;
+}
+
+/**
+ * polkit_seat_ref:
+ * @seat: the seat object
+ *
+ * Increase reference count.
+ *
+ * Returns: the object
+ **/
+PolKitSeat *
+polkit_seat_ref (PolKitSeat *seat)
+{
+ g_return_val_if_fail (seat != NULL, seat);
+ seat->refcount++;
+ return seat;
+}
+
+/**
+ * polkit_seat_unref:
+ * @seat: the seat object
+ *
+ * Decreases the reference count of the object. If it becomes zero,
+ * the object is freed. Before freeing, reference counts on embedded
+ * objects are decresed by one.
+ **/
+void
+polkit_seat_unref (PolKitSeat *seat)
+{
+ g_return_if_fail (seat != NULL);
+ seat->refcount--;
+ if (seat->refcount > 0)
+ return;
+ p_free (seat->ck_objref);
+ p_free (seat);
+}
+
+/**
+ * polkit_seat_set_ck_objref:
+ * @seat: the seat object
+ * @ck_objref: the D-Bus object path to the ConsoleKit seat object
+ *
+ * Set the D-Bus object path to the ConsoleKit seat object.
+ *
+ * Returns: #TRUE only if the value validated and was set
+ **/
+polkit_bool_t
+polkit_seat_set_ck_objref (PolKitSeat *seat, const char *ck_objref)
+{
+ g_return_val_if_fail (seat != NULL, FALSE);
+ g_return_val_if_fail (_pk_validate_identifier (ck_objref), FALSE);
+ if (seat->ck_objref != NULL)
+ p_free (seat->ck_objref);
+ seat->ck_objref = p_strdup (ck_objref);
+ if (seat->ck_objref == NULL)
+ return FALSE;
+ else
+ return TRUE;
+}
+
+/**
+ * polkit_seat_get_ck_objref:
+ * @seat: the seat object
+ * @out_ck_objref: Returns the D-Bus object path to the ConsoleKit seat object. The caller shall not free this string.
+ *
+ * Get the D-Bus object path to the ConsoleKit seat object.
+ *
+ * Returns: TRUE iff the value is returned
+ **/
+polkit_bool_t
+polkit_seat_get_ck_objref (PolKitSeat *seat, char **out_ck_objref)
+{
+ g_return_val_if_fail (seat != NULL, FALSE);
+ g_return_val_if_fail (out_ck_objref != NULL, FALSE);
+ *out_ck_objref = seat->ck_objref;
+ return TRUE;
+}
+
+/**
+ * polkit_seat_debug:
+ * @seat: the object
+ *
+ * Print debug details
+ **/
+void
+polkit_seat_debug (PolKitSeat *seat)
+{
+ g_return_if_fail (seat != NULL);
+ _pk_debug ("PolKitSeat: refcount=%d objpath=%s", seat->refcount, seat->ck_objref);
+}
+
+/**
+ * polkit_seat_validate:
+ * @seat: the object
+ *
+ * Validate the object
+ *
+ * Returns: #TRUE iff the object is valid.
+ **/
+polkit_bool_t
+polkit_seat_validate (PolKitSeat *seat)
+{
+ g_return_val_if_fail (seat != NULL, FALSE);
+ g_return_val_if_fail (seat->ck_objref != NULL, FALSE);
+ return TRUE;
+}
+
+#ifdef POLKIT_BUILD_TESTS
+
+static polkit_bool_t
+_run_test (void)
+{
+ char *str;
+ PolKitSeat *s;
+
+ s = polkit_seat_new ();
+ if (s == NULL) {
+ /* OOM */
+ } else {
+ if (! polkit_seat_set_ck_objref (s, "/someseat")) {
+ /* OOM */
+ } else {
+ g_assert (polkit_seat_get_ck_objref (s, &str) && strcmp (str, "/someseat") == 0);
+ g_assert (polkit_seat_validate (s));
+ polkit_seat_ref (s);
+ g_assert (polkit_seat_validate (s));
+ polkit_seat_unref (s);
+ g_assert (polkit_seat_validate (s));
+ polkit_seat_debug (s);
+ if (! polkit_seat_set_ck_objref (s, "/someseat2")) {
+ /* OOM */
+ } else {
+ g_assert (polkit_seat_get_ck_objref (s, &str) && strcmp (str, "/someseat2") == 0);
+ }
+ }
+ polkit_seat_unref (s);
+ }
+
+ return TRUE;
+}
+
+PolKitTest _test_seat = {
+ "polkit_seat",
+ NULL,
+ NULL,
+ _run_test
+};
+
+#endif /* POLKIT_BUILD_TESTS */
diff --git a/src/polkit/polkit-seat.h b/src/polkit/polkit-seat.h
new file mode 100644
index 0000000..ecb9958
--- /dev/null
+++ b/src/polkit/polkit-seat.h
@@ -0,0 +1,53 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-seat.h : seats
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_SEAT_H
+#define POLKIT_SEAT_H
+
+#include <polkit/polkit-types.h>
+
+POLKIT_BEGIN_DECLS
+
+struct _PolKitSeat;
+typedef struct _PolKitSeat PolKitSeat;
+
+PolKitSeat *polkit_seat_new (void);
+PolKitSeat *polkit_seat_ref (PolKitSeat *seat);
+void polkit_seat_unref (PolKitSeat *seat);
+polkit_bool_t polkit_seat_set_ck_objref (PolKitSeat *seat, const char *ck_objref);
+polkit_bool_t polkit_seat_get_ck_objref (PolKitSeat *seat, char **out_ck_objref);
+
+void polkit_seat_debug (PolKitSeat *seat);
+polkit_bool_t polkit_seat_validate (PolKitSeat *seat);
+
+POLKIT_END_DECLS
+
+#endif /* POLKIT_SEAT_H */
+
+
diff --git a/src/polkit/polkit-session.c b/src/polkit/polkit-session.c
new file mode 100644
index 0000000..3c0ebd2
--- /dev/null
+++ b/src/polkit/polkit-session.c
@@ -0,0 +1,501 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-session.c : sessions
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include <glib.h>
+#include "polkit-debug.h"
+#include "polkit-session.h"
+#include "polkit-utils.h"
+#include "polkit-test.h"
+#include "polkit-memory.h"
+
+/**
+ * SECTION:polkit-session
+ * @title: Session
+ * @short_description: Represents a ConsoleKit Session.
+ *
+ * This class is used to represent a session.
+ **/
+
+/**
+ * PolKitSession:
+ *
+ * Objects of this class are used to record information about a
+ * session.
+ **/
+struct _PolKitSession
+{
+ int refcount;
+ uid_t uid;
+ PolKitSeat *seat;
+ char *ck_objref;
+ polkit_bool_t is_active;
+ polkit_bool_t is_local;
+ char *remote_host;
+};
+
+/**
+ * polkit_session_new:
+ *
+ * Creates a new #PolKitSession object.
+ *
+ * Returns: the new object
+ **/
+PolKitSession *
+polkit_session_new (void)
+{
+ PolKitSession *session;
+ session = p_new0 (PolKitSession, 1);
+ if (session == NULL)
+ goto out;
+ session->refcount = 1;
+out:
+ return session;
+}
+
+/**
+ * polkit_session_ref:
+ * @session: The session object
+ *
+ * Increase reference count.
+ *
+ * Returns: the object
+ **/
+PolKitSession *
+polkit_session_ref (PolKitSession *session)
+{
+ g_return_val_if_fail (session != NULL, session);
+ session->refcount++;
+ return session;
+}
+
+
+/**
+ * polkit_session_unref:
+ * @session: The session object
+ *
+ * Decreases the reference count of the object. If it becomes zero,
+ * the object is freed. Before freeing, reference counts on embedded
+ * objects are decresed by one.
+ **/
+void
+polkit_session_unref (PolKitSession *session)
+{
+ g_return_if_fail (session != NULL);
+ session->refcount--;
+ if (session->refcount > 0)
+ return;
+ p_free (session->ck_objref);
+ p_free (session->remote_host);
+ if (session->seat != NULL)
+ polkit_seat_unref (session->seat);
+ p_free (session);
+}
+
+/**
+ * polkit_session_set_uid:
+ * @session: The session object
+ * @uid: UNIX user id
+ *
+ * Set the UNIX user id of the user owning the session.
+ *
+ * Returns: #TRUE only if the value validated and was set
+ **/
+polkit_bool_t
+polkit_session_set_uid (PolKitSession *session, uid_t uid)
+{
+ g_return_val_if_fail (session != NULL, FALSE);
+ session->uid = uid;
+ return TRUE;
+}
+
+/**
+ * polkit_session_set_ck_objref:
+ * @session: The session object
+ * @ck_objref: D-Bus object path
+ *
+ * Set the D-Bus object path to the ConsoleKit session object.
+ *
+ * Returns: #TRUE only if the value validated and was set
+ **/
+polkit_bool_t
+polkit_session_set_ck_objref (PolKitSession *session, const char *ck_objref)
+{
+ g_return_val_if_fail (session != NULL, FALSE);
+ g_return_val_if_fail (_pk_validate_identifier (ck_objref), FALSE);
+ if (session->ck_objref != NULL)
+ p_free (session->ck_objref);
+ session->ck_objref = p_strdup (ck_objref);
+ if (session->ck_objref == NULL)
+ return FALSE;
+ else
+ return TRUE;
+}
+
+/**
+ * polkit_session_set_ck_is_active:
+ * @session: The session object
+ * @is_active: whether ConsoleKit reports the session as active
+ *
+ * Set whether ConsoleKit regard the session as active.
+ *
+ * Returns: #TRUE only if the value validated and was set
+ **/
+polkit_bool_t
+polkit_session_set_ck_is_active (PolKitSession *session, polkit_bool_t is_active)
+{
+ g_return_val_if_fail (session != NULL, FALSE);
+ session->is_active = is_active;
+ return TRUE;
+}
+
+/**
+ * polkit_session_set_ck_is_local:
+ * @session: The session object
+ * @is_local: whether ConsoleKit reports the session as local
+ *
+ * Set whether ConsoleKit regard the session as local.
+ *
+ * Returns: #TRUE only if the value validated and was set
+ **/
+polkit_bool_t
+polkit_session_set_ck_is_local (PolKitSession *session, polkit_bool_t is_local)
+{
+ g_return_val_if_fail (session != NULL, FALSE);
+ session->is_local = is_local;
+ return TRUE;
+}
+
+/**
+ * polkit_session_set_ck_remote_host:
+ * @session: The session object
+ * @remote_host: hostname of the host/display that ConsoleKit reports
+ * the session to occur at
+ *
+ * Set the remote host/display that ConsoleKit reports the session to
+ * occur at.
+ *
+ * Returns: #TRUE only if the value validated and was set
+ **/
+polkit_bool_t
+polkit_session_set_ck_remote_host (PolKitSession *session, const char *remote_host)
+{
+ g_return_val_if_fail (session != NULL, FALSE);
+ /* TODO: FIXME: probably need to allow a lot more here */
+ g_return_val_if_fail (_pk_validate_identifier (remote_host), FALSE);
+ if (session->remote_host != NULL)
+ p_free (session->remote_host);
+ session->remote_host = p_strdup (remote_host);
+ if (session->remote_host == NULL)
+ return FALSE;
+ else
+ return TRUE;
+}
+
+/**
+ * polkit_session_set_seat:
+ * @session: The session object
+ * @seat: a #PolKitSeat object
+ *
+ * Set the seat that the session belongs to. The reference count on
+ * the given object will be increased by one. If an existing seat
+ * object was set already, the reference count on that one will be
+ * decreased by one.
+ *
+ * Returns: #TRUE only if the value validated and was set
+ **/
+polkit_bool_t
+polkit_session_set_seat (PolKitSession *session, PolKitSeat *seat)
+{
+ g_return_val_if_fail (session != NULL, FALSE);
+ g_return_val_if_fail (polkit_seat_validate (seat), FALSE);
+ if (session->seat != NULL)
+ polkit_seat_unref (session->seat);
+ session->seat = seat != NULL ? polkit_seat_ref (seat) : NULL;
+ return TRUE;
+}
+
+/**
+ * polkit_session_get_uid:
+ * @session: The session object
+ * @out_uid: UNIX user id
+ *
+ * Get the UNIX user id of the user owning the session.
+ *
+ * Returns: TRUE iff the value is returned
+ **/
+polkit_bool_t
+polkit_session_get_uid (PolKitSession *session, uid_t *out_uid)
+{
+ g_return_val_if_fail (session != NULL, FALSE);
+ g_return_val_if_fail (out_uid != NULL, FALSE);
+ *out_uid = session->uid;
+ return TRUE;
+}
+
+/**
+ * polkit_session_get_ck_objref:
+ * @session: The session object
+ * @out_ck_objref: D-Bus object path. Shall not be freed by the caller.
+ *
+ * Get the D-Bus object path to the ConsoleKit session object.
+ *
+ * Returns: TRUE iff the value is returned
+ **/
+polkit_bool_t
+polkit_session_get_ck_objref (PolKitSession *session, char **out_ck_objref)
+{
+ g_return_val_if_fail (session != NULL, FALSE);
+ g_return_val_if_fail (out_ck_objref != NULL, FALSE);
+ *out_ck_objref = session->ck_objref;
+ return TRUE;
+}
+
+/**
+ * polkit_session_get_ck_is_active:
+ * @session: The session object
+ * @out_is_active: whether ConsoleKit reports the session as active
+ *
+ * Get whether ConsoleKit regard the session as active.
+ *
+ * Returns: TRUE iff the value is returned
+ **/
+polkit_bool_t
+polkit_session_get_ck_is_active (PolKitSession *session, polkit_bool_t *out_is_active)
+{
+ g_return_val_if_fail (session != NULL, FALSE);
+ g_return_val_if_fail (out_is_active != NULL, FALSE);
+ *out_is_active = session->is_active;
+ return TRUE;
+}
+
+/**
+ * polkit_session_get_ck_is_local:
+ * @session: The session object
+ * @out_is_local: whether ConsoleKit reports the session as local
+ *
+ * Set whether ConsoleKit regard the session as local.
+ *
+ * Returns: TRUE iff the value is returned
+ **/
+polkit_bool_t
+polkit_session_get_ck_is_local (PolKitSession *session, polkit_bool_t *out_is_local)
+{
+ g_return_val_if_fail (session != NULL, FALSE);
+ g_return_val_if_fail (out_is_local != NULL, FALSE);
+ *out_is_local = session->is_local;
+ return TRUE;
+}
+
+/**
+ * polkit_session_get_ck_remote_host:
+ * @session: The session object
+ * @out_remote_host: hostname of the host/display that ConsoleKit
+ * reports the session to occur at. Shall not be freed by the caller.
+ *
+ * Get the remote host/display that ConsoleKit reports the session to
+ * occur at.
+ *
+ * Returns: TRUE iff the value is returned
+ **/
+polkit_bool_t
+polkit_session_get_ck_remote_host (PolKitSession *session, char **out_remote_host)
+{
+ g_return_val_if_fail (session != NULL, FALSE);
+ g_return_val_if_fail (out_remote_host != NULL, FALSE);
+ *out_remote_host = session->remote_host;
+ return TRUE;
+}
+
+/**
+ * polkit_session_get_seat:
+ * @session: The session object
+ * @out_seat: Returns the seat the session belongs to. Shall not
+ * be unreffed by the caller.
+ *
+ * Get the seat that the session belongs to.
+ *
+ * Returns: TRUE iff the value is returned
+ **/
+polkit_bool_t
+polkit_session_get_seat (PolKitSession *session, PolKitSeat **out_seat)
+{
+ g_return_val_if_fail (session != NULL, FALSE);
+ g_return_val_if_fail (out_seat != NULL, FALSE);
+ *out_seat = session->seat;
+ return TRUE;
+}
+
+/**
+ * polkit_session_debug:
+ * @session: the object
+ *
+ * Print debug details
+ **/
+void
+polkit_session_debug (PolKitSession *session)
+{
+ g_return_if_fail (session != NULL);
+ _pk_debug ("PolKitSession: refcount=%d uid=%d objpath=%s is_active=%d is_local=%d remote_host=%s",
+ session->refcount, session->uid,
+ session->ck_objref, session->is_active, session->is_local, session->remote_host);
+ if (session->seat != NULL)
+ polkit_seat_debug (session->seat);
+}
+
+
+/**
+ * polkit_session_validate:
+ * @session: the object
+ *
+ * Validate the object
+ *
+ * Returns: #TRUE iff the object is valid.
+ **/
+polkit_bool_t
+polkit_session_validate (PolKitSession *session)
+{
+ polkit_bool_t ret;
+ g_return_val_if_fail (session != NULL, FALSE);
+
+ ret = FALSE;
+ if (session->is_local) {
+ if (session->remote_host != NULL)
+ goto error;
+ } else {
+ if (session->remote_host == NULL)
+ goto error;
+ }
+ ret = TRUE;
+error:
+ return ret;
+}
+
+#ifdef POLKIT_BUILD_TESTS
+
+static polkit_bool_t
+_run_test (void)
+{
+ char *str;
+ PolKitSession *s;
+ PolKitSeat *seat;
+ PolKitSeat *seat2;
+ uid_t uid;
+ polkit_bool_t b;
+
+ s = polkit_session_new ();
+ if (s == NULL) {
+ /* OOM */
+ } else {
+ if (! polkit_session_set_ck_objref (s, "/somesession")) {
+ /* OOM */
+ } else {
+ g_assert (polkit_session_get_ck_objref (s, &str) && strcmp (str, "/somesession") == 0);
+ polkit_session_ref (s);
+ polkit_session_unref (s);
+ polkit_session_debug (s);
+ if (! polkit_session_set_ck_objref (s, "/somesession2")) {
+ /* OOM */
+ } else {
+ g_assert (polkit_session_get_ck_objref (s, &str) && strcmp (str, "/somesession2") == 0);
+ }
+
+ if ((seat = polkit_seat_new ()) != NULL) {
+ if (polkit_seat_set_ck_objref (seat, "/someseat")) {
+ g_assert (polkit_session_set_seat (s, seat));
+ g_assert (polkit_session_get_seat (s, &seat2) && seat == seat2);
+ }
+ polkit_seat_unref (seat);
+ if ((seat = polkit_seat_new ()) != NULL) {
+ if (polkit_seat_set_ck_objref (seat, "/someseat2")) {
+ g_assert (polkit_session_set_seat (s, seat));
+ g_assert (polkit_session_get_seat (s, &seat2) && seat == seat2);
+ }
+ polkit_seat_unref (seat);
+ }
+ }
+
+ g_assert (polkit_session_set_uid (s, 0));
+ g_assert (polkit_session_get_uid (s, &uid) && uid == 0);
+ g_assert (polkit_session_set_ck_is_active (s, TRUE));
+ g_assert (polkit_session_get_ck_is_active (s, &b) && b == TRUE);
+ g_assert (polkit_session_set_ck_is_local (s, TRUE));
+ g_assert (polkit_session_get_ck_is_local (s, &b) && b == TRUE);
+ g_assert (polkit_session_validate (s));
+
+ g_assert (polkit_session_set_uid (s, 500));
+ g_assert (polkit_session_get_uid (s, &uid) && uid == 500);
+ g_assert (polkit_session_set_ck_is_active (s, FALSE));
+ g_assert (polkit_session_get_ck_is_active (s, &b) && b == FALSE);
+ g_assert (polkit_session_set_ck_is_local (s, FALSE));
+ g_assert (polkit_session_get_ck_is_local (s, &b) && b == FALSE);
+
+ /* not valid because remote host is not set.. */
+ g_assert (!polkit_session_validate (s));
+
+
+ if (polkit_session_set_ck_remote_host (s, "somehost.com")) {
+ g_assert (polkit_session_get_ck_remote_host (s, &str) && strcmp (str, "somehost.com") == 0);
+ g_assert (polkit_session_validate (s));
+
+ /* not valid because remote host is set and local==TRUE */
+ g_assert (polkit_session_set_ck_is_local (s, TRUE));
+ g_assert (!polkit_session_validate (s));
+ g_assert (polkit_session_set_ck_is_local (s, FALSE));
+
+ if (polkit_session_set_ck_remote_host (s, "somehost2.com")) {
+ g_assert (polkit_session_get_ck_remote_host (s, &str) && strcmp (str, "somehost2.com") == 0);
+ g_assert (polkit_session_validate (s));
+ }
+ polkit_session_debug (s);
+ }
+
+ }
+ polkit_session_unref (s);
+ }
+
+ return TRUE;
+}
+
+PolKitTest _test_session = {
+ "polkit_session",
+ NULL,
+ NULL,
+ _run_test
+};
+
+#endif /* POLKIT_BUILD_TESTS */
diff --git a/src/polkit/polkit-session.h b/src/polkit/polkit-session.h
new file mode 100644
index 0000000..b1a2abe
--- /dev/null
+++ b/src/polkit/polkit-session.h
@@ -0,0 +1,64 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-session.h : sessions
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_SESSION_H
+#define POLKIT_SESSION_H
+
+#include <polkit/polkit-types.h>
+#include <polkit/polkit-seat.h>
+
+#include <sys/types.h>
+
+POLKIT_BEGIN_DECLS
+
+struct _PolKitSession;
+typedef struct _PolKitSession PolKitSession;
+
+PolKitSession *polkit_session_new (void);
+PolKitSession *polkit_session_ref (PolKitSession *session);
+void polkit_session_unref (PolKitSession *session);
+polkit_bool_t polkit_session_set_uid (PolKitSession *session, uid_t uid);
+polkit_bool_t polkit_session_set_seat (PolKitSession *session, PolKitSeat *seat);
+polkit_bool_t polkit_session_set_ck_objref (PolKitSession *session, const char *ck_objref);
+polkit_bool_t polkit_session_set_ck_is_active (PolKitSession *session, polkit_bool_t is_active);
+polkit_bool_t polkit_session_set_ck_is_local (PolKitSession *session, polkit_bool_t is_local);
+polkit_bool_t polkit_session_set_ck_remote_host (PolKitSession *session, const char *remote_host);
+polkit_bool_t polkit_session_get_uid (PolKitSession *session, uid_t *out_uid);
+polkit_bool_t polkit_session_get_seat (PolKitSession *session, PolKitSeat **out_seat);
+polkit_bool_t polkit_session_get_ck_objref (PolKitSession *session, char **out_ck_objref);
+polkit_bool_t polkit_session_get_ck_is_active (PolKitSession *session, polkit_bool_t *out_is_active);
+polkit_bool_t polkit_session_get_ck_is_local (PolKitSession *session, polkit_bool_t *out_is_local);
+polkit_bool_t polkit_session_get_ck_remote_host (PolKitSession *session, char **out_remote_host);
+
+void polkit_session_debug (PolKitSession *session);
+polkit_bool_t polkit_session_validate (PolKitSession *session);
+
+POLKIT_END_DECLS
+
+#endif /* POLKIT_SESSION_H */
diff --git a/src/polkit/polkit-sysdeps.c b/src/polkit/polkit-sysdeps.c
new file mode 100644
index 0000000..1a8f15d
--- /dev/null
+++ b/src/polkit/polkit-sysdeps.c
@@ -0,0 +1,159 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-sysdeps.c : Various platform specific utility functions
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+#include <sys/inotify.h>
+#include <syslog.h>
+
+#include <glib.h>
+#include "polkit-sysdeps.h"
+
+
+/**
+ * SECTION:polkit-sysdeps
+ * @title: System Dependencies
+ * @short_description: Various platform specific utility functions
+ *
+ * Various platform specific utility functions.
+ *
+ * Since: 0.7
+ **/
+
+
+/**
+ * polkit_sysdeps_get_start_time_for_pid:
+ * @pid: process id
+ *
+ * Get when a process started.
+ *
+ * Returns: start time for the process or 0 if an error occured
+ *
+ * Since: 0.7
+ */
+polkit_uint64_t
+polkit_sysdeps_get_start_time_for_pid (pid_t pid)
+{
+ char *filename;
+ char *contents;
+ gsize length;
+ polkit_uint64_t start_time;
+ GError *error = NULL;
+ char **tokens;
+ char *p;
+ char *endp;
+
+ start_time = 0;
+ contents = NULL;
+
+ filename = g_strdup_printf ("/proc/%d/stat", pid);
+ if (filename == NULL) {
+ fprintf (stderr, "Out of memory\n");
+ goto out;
+ }
+
+ if (!g_file_get_contents (filename, &contents, &length, &error)) {
+ //fprintf (stderr, "Cannot get contents of '%s': %s\n", filename, error->message);
+ g_error_free (error);
+ goto out;
+ }
+
+ /* start time is the 19th token after the '(process name)' entry */
+
+ p = strchr (contents, ')');
+ if (p == NULL) {
+ goto out;
+ }
+ p += 2; /* skip ') ' */
+ if (p - contents >= (int) length) {
+ goto out;
+ }
+
+ tokens = g_strsplit (p, " ", 0);
+ if (g_strv_length (tokens) < 20) {
+ goto out;
+ }
+
+ start_time = strtoll (tokens[19], &endp, 10);
+ if (endp == tokens[19]) {
+ goto out;
+ }
+
+ g_strfreev (tokens);
+
+out:
+ g_free (filename);
+ g_free (contents);
+ return start_time;
+}
+
+/**
+ * polkit_sysdeps_get_exe_for_pid:
+ * @pid: process id
+ * @out_buf: buffer to store the string representation in
+ * @buf_size: size of buffer
+ *
+ * Get the name of the binary a given process was started from. Note
+ * that this is not reliable information; it should not be part of any
+ * security decision.
+ *
+ * Returns: Number of characters written (not including trailing
+ * '\0'). If the output was truncated due to the buffer being too
+ * small, buf_size will be returned. Thus, a return value of buf_size
+ * or more indicates that the output was truncated (see snprintf(3))
+ * or an error occured. If the name cannot be found, -1 will be
+ * returned.
+ *
+ * Since: 0.7
+ */
+int
+polkit_sysdeps_get_exe_for_pid (pid_t pid, char *out_buf, size_t buf_size)
+{
+ int ret;
+ char proc_name[32];
+
+ ret = 0;
+
+ snprintf (proc_name, sizeof (proc_name), "/proc/%d/exe", pid);
+ ret = readlink (proc_name, out_buf, buf_size - 1);
+ if (ret == -1) {
+ goto out;
+ }
+ g_assert (ret >= 0 && ret < (int) buf_size - 1);
+ out_buf[ret] = '\0';
+
+out:
+ return ret;
+}
diff --git a/src/polkit/polkit-sysdeps.h b/src/polkit/polkit-sysdeps.h
new file mode 100644
index 0000000..b4b62b0
--- /dev/null
+++ b/src/polkit/polkit-sysdeps.h
@@ -0,0 +1,45 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-sysdeps.h : Various platform specific utility functions
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_SYSDEPS_H
+#define POLKIT_SYSDEPS_H
+
+#include <sys/types.h>
+#include <polkit/polkit-types.h>
+
+POLKIT_BEGIN_DECLS
+
+polkit_uint64_t polkit_sysdeps_get_start_time_for_pid (pid_t pid);
+
+int polkit_sysdeps_get_exe_for_pid (pid_t pid, char *out_buf, size_t buf_size);
+
+
+POLKIT_END_DECLS
+
+#endif
diff --git a/src/polkit/polkit-test.c b/src/polkit/polkit-test.c
new file mode 100644
index 0000000..e1124bc
--- /dev/null
+++ b/src/polkit/polkit-test.c
@@ -0,0 +1,112 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-test.c : PolicyKit test
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <polkit/polkit-test.h>
+#include <polkit/polkit-memory.h>
+#include <polkit/polkit-private.h>
+
+#define MAX_TESTS 64
+
+static PolKitTest *tests[] = {
+ &_test_list,
+ &_test_hash,
+ &_test_action,
+ &_test_error,
+ &_test_result,
+ &_test_seat,
+ &_test_session,
+ &_test_caller,
+ &_test_policy_default,
+ &_test_policy_file_entry,
+ &_test_policy_file,
+};
+
+int
+main (int argc, char *argv[])
+{
+ int ret;
+ int n;
+ int num_tests;
+
+ ret = 0;
+
+ num_tests = sizeof (tests) / sizeof (PolKitTest*);
+
+ printf ("Running %d unit tests\n", num_tests);
+ for (n = 0; n < num_tests; n++) {
+ int m;
+ int total_allocs;
+ int delta;
+ PolKitTest *test = tests[n];
+
+ _polkit_memory_reset ();
+
+ if (test->setup != NULL)
+ test->setup ();
+
+ printf ("Running: %s\n", test->name);
+ if (!test->run ()) {
+ printf ("Failed\n");
+ ret = 1;
+ goto test_done;
+ }
+
+ total_allocs = _polkit_memory_get_total_allocations ();
+ printf (" Unit test made %d allocations in total\n", total_allocs);
+
+ delta = _polkit_memory_get_current_allocations ();
+ if (delta != 0) {
+ printf (" Unit test leaked %d allocations\n", delta);
+ ret = 1;
+ }
+
+ for (m = 0; m < total_allocs; m++) {
+ printf (" Failing allocation %d of %d\n", m + 1, total_allocs);
+
+ _polkit_memory_reset ();
+ _polkit_memory_fail_nth_alloc (m);
+
+ if (!test->run ()) {
+ printf (" Failed\n");
+ ret = 1;
+ continue;
+ }
+
+ delta = _polkit_memory_get_current_allocations ();
+ if (delta != 0) {
+ printf (" Unit test leaked %d allocations\n", delta);
+ ret = 1;
+ }
+ }
+
+ test_done:
+ if (test->teardown != NULL)
+ test->teardown ();
+ }
+
+ return ret;
+}
diff --git a/src/polkit/polkit-test.h b/src/polkit/polkit-test.h
new file mode 100644
index 0000000..9f938de
--- /dev/null
+++ b/src/polkit/polkit-test.h
@@ -0,0 +1,69 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-test.h : PolicyKit test
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION)
+#error "polkit-test.h is a private file"
+#endif
+
+#ifndef POLKIT_TEST_H
+#define POLKIT_TEST_H
+
+#include <polkit/polkit-types.h>
+
+POLKIT_BEGIN_DECLS
+
+polkit_bool_t _test_polkit_action (void);
+polkit_bool_t _test_polkit_error (void);
+
+/**
+ * PolKitTest:
+ *
+ * Test suite abstraction.
+ */
+typedef struct {
+ /*< private >*/
+ const char *name;
+ void (*setup) (void);
+ void (*teardown) (void);
+ polkit_bool_t (*run) (void);
+} PolKitTest;
+
+extern PolKitTest _test_action;
+extern PolKitTest _test_error;
+extern PolKitTest _test_result;
+extern PolKitTest _test_seat;
+extern PolKitTest _test_session;
+extern PolKitTest _test_caller;
+extern PolKitTest _test_policy_default;
+extern PolKitTest _test_policy_file_entry;
+extern PolKitTest _test_hash;
+extern PolKitTest _test_policy_file;
+extern PolKitTest _test_list;
+
+POLKIT_END_DECLS
+
+#endif /* POLKIT_TEST_H */
+
+
diff --git a/src/polkit/polkit-types.h b/src/polkit/polkit-types.h
new file mode 100644
index 0000000..969af78
--- /dev/null
+++ b/src/polkit/polkit-types.h
@@ -0,0 +1,105 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-types.h : fundamental types such as polkit_bool_t
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_TYPES_H
+#define POLKIT_TYPES_H
+
+#ifdef __cplusplus
+# define POLKIT_BEGIN_DECLS extern "C" {
+# define POLKIT_END_DECLS }
+#else
+/**
+ * POLKIT_BEGIN_DECLS:
+ *
+ * C++ include header guard.
+ */
+# define POLKIT_BEGIN_DECLS
+/**
+ * POLKIT_END_DECLS:
+ *
+ * C++ include header guard.
+ */
+# define POLKIT_END_DECLS
+#endif
+
+#if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1)
+#define POLKIT_GNUC_DEPRECATED \
+ __attribute__((__deprecated__))
+#else
+/**
+ * POLKIT_GNUC_DEPRECATED:
+ *
+ * Used in front of deprecated functions.
+ */
+#define POLKIT_GNUC_DEPRECATED
+#endif /* __GNUC__ */
+
+POLKIT_BEGIN_DECLS
+
+/**
+ * SECTION:polkit-types
+ * @title: Basic types
+ * @short_description: Type definitions for common primitive types.
+ *
+ * Type definitions for common primitive types.
+ **/
+
+/**
+ * polkit_bool_t:
+ *
+ * A boolean, valid values are #TRUE and #FALSE.
+ */
+typedef int polkit_bool_t;
+
+/**
+ * polkit_uint32_t:
+ *
+ * Type for unsigned 32 bit integer.
+ */
+typedef unsigned int polkit_uint32_t;
+
+/**
+ * polkit_uint64_t:
+ *
+ * Type for unsigned 64 bit integer.
+ */
+typedef unsigned long long polkit_uint64_t;
+
+#ifndef TRUE
+# define TRUE 1
+#endif
+#ifndef FALSE
+# define FALSE 0
+#endif
+
+POLKIT_END_DECLS
+
+#endif /* POLKIT_TYPES_H */
+
+
diff --git a/src/polkit/polkit-utils.c b/src/polkit/polkit-utils.c
new file mode 100644
index 0000000..9b51a53
--- /dev/null
+++ b/src/polkit/polkit-utils.c
@@ -0,0 +1,153 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-utils.c : internal utilities used in polkit
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <sys/time.h>
+#include <time.h>
+#include <glib.h>
+#include <string.h>
+
+#include "polkit-utils.h"
+#include "polkit-debug.h"
+
+/**
+ * SECTION:polkit-utils
+ * @short_description: Internal utility functions for polkit.
+ *
+ * Internal utility functions for polkit.
+ **/
+
+/**
+ * _pk_validate_identifier:
+ * @identifier: the NUL-terminated string to validate
+ *
+ * Validates strings used for an identifier; PolicyKit conventions
+ * state that identifiers must be NUL-terminated ASCII strings less
+ * than 256 bytes and only contain the characters "[a-z][A-Z]0-9]._-:/"
+ *
+ * Returns: #TRUE iff the identifier validates
+ **/
+polkit_bool_t
+_pk_validate_identifier (const char *identifier)
+{
+ unsigned int n;
+ polkit_bool_t ret;
+
+ g_return_val_if_fail (identifier != NULL, FALSE);
+
+ ret = FALSE;
+ for (n = 0; identifier[n] != '\0'; n++) {
+ char c = identifier[n];
+
+ if (n >= 255) {
+ _pk_debug ("identifier too long");
+ goto out;
+ }
+
+ if ((c >= 'a' && c <= 'z') ||
+ (c >= 'A' && c <= 'Z') ||
+ (c >= '0' && c <= '9') ||
+ c == '.' ||
+ c == '_' ||
+ c == '-' ||
+ c == ':' ||
+ c == '/')
+ continue;
+
+ _pk_debug ("invalid character in identifier");
+ goto out;
+ }
+
+ ret = TRUE;
+out:
+ return ret;
+}
+
+
+/* Determine wether the given character is valid as a second or later character in a bus name */
+#define VALID_BUS_NAME_CHARACTER(c) \
+ ( ((c) >= '0' && (c) <= '9') || \
+ ((c) >= 'A' && (c) <= 'Z') || \
+ ((c) >= 'a' && (c) <= 'z') || \
+ ((c) == '_') || ((c) == '-'))
+
+polkit_bool_t
+_pk_validate_unique_bus_name (const char *unique_bus_name)
+{
+ int len;
+ const char *s;
+ const char *end;
+ const char *last_dot;
+ polkit_bool_t ret;
+
+ ret = FALSE;
+
+ if (unique_bus_name == NULL)
+ goto error;
+
+ len = strlen (unique_bus_name);
+ if (len == 0)
+ goto error;
+
+ end = unique_bus_name + len;
+ last_dot = NULL;
+
+ s = unique_bus_name;
+
+ /* check special cases of first char so it doesn't have to be done
+ * in the loop. Note we know len > 0
+ */
+ if (*s == ':') {
+ /* unique name */
+ ++s;
+ while (s != end) {
+ if (*s == '.') {
+ if (G_UNLIKELY ((s + 1) == end))
+ goto error;
+ if (G_UNLIKELY (!VALID_BUS_NAME_CHARACTER (*(s + 1))))
+ goto error;
+ ++s; /* we just validated the next char, so skip two */
+ } else if (G_UNLIKELY (!VALID_BUS_NAME_CHARACTER (*s))) {
+ goto error;
+ }
+ ++s;
+ }
+ } else {
+ goto error;
+ }
+
+ ret = TRUE;
+
+error:
+ if (!ret)
+ _pk_debug ("name '%s' did not validate", unique_bus_name);
+ return ret;
+}
diff --git a/src/polkit/polkit-utils.h b/src/polkit/polkit-utils.h
new file mode 100644
index 0000000..910033a
--- /dev/null
+++ b/src/polkit/polkit-utils.h
@@ -0,0 +1,41 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-utils.h : internal utilities used in polkit
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#ifndef POLKIT_UTILS_H
+#define POLKIT_UTILS_H
+
+#include <polkit/polkit-types.h>
+
+POLKIT_BEGIN_DECLS
+
+polkit_bool_t _pk_validate_identifier (const char *identifier);
+
+polkit_bool_t _pk_validate_unique_bus_name (const char *unique_bus_name);
+
+POLKIT_END_DECLS
+
+#endif /* POLKIT_UTILS_H */
+
+
diff --git a/src/polkit/polkit.h b/src/polkit/polkit.h
new file mode 100644
index 0000000..0836d4c
--- /dev/null
+++ b/src/polkit/polkit.h
@@ -0,0 +1,52 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit.h : library for querying system-wide policy
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ **************************************************************************/
+
+#ifndef POLKIT_H
+#define POLKIT_H
+
+#define _POLKIT_INSIDE_POLKIT_H 1
+#include <polkit/polkit-types.h>
+#include <polkit/polkit-memory.h>
+#include <polkit/polkit-hash.h>
+#include <polkit/polkit-sysdeps.h>
+#include <polkit/polkit-error.h>
+#include <polkit/polkit-result.h>
+#include <polkit/polkit-context.h>
+#include <polkit/polkit-action.h>
+#include <polkit/polkit-seat.h>
+#include <polkit/polkit-session.h>
+#include <polkit/polkit-caller.h>
+#include <polkit/polkit-policy-file-entry.h>
+#include <polkit/polkit-policy-file.h>
+#include <polkit/polkit-policy-cache.h>
+#include <polkit/polkit-policy-default.h>
+#include <polkit/polkit-config.h>
+#include <polkit/polkit-authorization.h>
+#include <polkit/polkit-authorization-db.h>
+#undef _POLKIT_INSIDE_POLKIT_H
+
+#endif /* POLKIT_H */
+
+
More information about the hal-commit
mailing list