PolicyKit: Branch 'master'
David Zeuthen
david at kemper.freedesktop.org
Fri Aug 15 14:48:33 PDT 2008
polkit-backendd/Makefile.am | 4
polkit-backendd/org.freedesktop.PolicyKit.Backend.xml | 5
polkit-backendd/polkit-daemon-backend.c | 34
polkit-backendd/polkit-daemon-backend.h | 3
src/polkit/Makefile.am | 14
src/polkit/polkit-action-description.c | 1398 ++++++++++++++++++
src/polkit/polkit-action-description.h | 92 +
src/polkit/polkit-authorization-db.c | 16
src/polkit/polkit-context.c | 738 ++-------
src/polkit/polkit-context.h | 108 -
src/polkit/polkit-implicit-authorization.c | 572 +++++++
src/polkit/polkit-implicit-authorization.h | 80 +
src/polkit/polkit-policy-cache.c | 541 ------
src/polkit/polkit-policy-cache.h | 81 -
src/polkit/polkit-policy-default.c | 572 -------
src/polkit/polkit-policy-default.h | 80 -
src/polkit/polkit-policy-file-entry.c | 759 ---------
src/polkit/polkit-policy-file-entry.h | 92 -
src/polkit/polkit-policy-file.c | 964 ------------
src/polkit/polkit-policy-file.h | 73
src/polkit/polkit-private.h | 27
src/polkit/polkit.h | 6
tools/Makefile.am | 2
tools/polkit-action.c | 120 -
tools/polkit-auth.c | 32
tools/polkit-policy-file-validate.c | 18
26 files changed, 2506 insertions(+), 3925 deletions(-)
New commits:
commit 20d7b8fe88fe39b68ed6622d63d6914678b6d0ec
Author: David Zeuthen <davidz at redhat.com>
Date: Fri Aug 15 17:47:06 2008 -0400
api cleanup (part 1)
diff --git a/polkit-backendd/Makefile.am b/polkit-backendd/Makefile.am
index 7505b43..f35c178 100644
--- a/polkit-backendd/Makefile.am
+++ b/polkit-backendd/Makefile.am
@@ -36,7 +36,9 @@ polkit_backendd_CPPFLAGS = \
$(AM_CPPFLAGS)
polkit_backendd_LDADD = \
- $(DBUS_GLIB_LIBS) $(top_builddir)/src/polkit/libpolkit-1.la
+ $(DBUS_GLIB_LIBS) \
+ $(top_builddir)/src/kit/libkit.la \
+ $(top_builddir)/src/polkit/libpolkit-1.la
servicedir = $(datadir)/dbus-1/system-services
diff --git a/polkit-backendd/org.freedesktop.PolicyKit.Backend.xml b/polkit-backendd/org.freedesktop.PolicyKit.Backend.xml
index e1dc167..017e9e3 100644
--- a/polkit-backendd/org.freedesktop.PolicyKit.Backend.xml
+++ b/polkit-backendd/org.freedesktop.PolicyKit.Backend.xml
@@ -9,5 +9,10 @@
<arg name="result" direction="out" type="s"/>
</method>
+ <method name="GetPolicyEntries">
+ <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
+ <arg name="result" direction="out" type="as"/>
+ </method>
+
</interface>
</node>
diff --git a/polkit-backendd/polkit-daemon-backend.c b/polkit-backendd/polkit-daemon-backend.c
index 9e56b15..d0ad546 100644
--- a/polkit-backendd/polkit-daemon-backend.c
+++ b/polkit-backendd/polkit-daemon-backend.c
@@ -49,6 +49,9 @@
#include "polkit-daemon-backend.h"
+#include <polkit/polkit.h>
+#include <polkit/polkit-private.h>
+
static gboolean no_exit = FALSE;
/*--------------------------------------------------------------------------------------------------------------*/
@@ -253,6 +256,37 @@ polkit_daemon_backend_hello (PolKitDaemonBackend *daemon,
s = g_strdup_printf ("You said '%s'", message);
dbus_g_method_return (context, s);
+ g_free (s);
return TRUE;
}
+
+/*--------------------------------------------------------------------------------------------------------------*/
+
+
+
+gboolean
+polkit_daemon_backend_get_policy_entries (PolKitDaemonBackend *daemon,
+ DBusGMethodInvocation *context)
+{
+ GPtrArray *a;
+ PolKitPolicyCache *c;
+
+ c = _polkit_policy_cache_new (PACKAGE_DATA_DIR "polkit-1/actions", TRUE, NULL);
+ polkit_policy_cache_unref (c);
+
+ a = g_ptr_array_new ();
+ g_ptr_array_add (a, g_strdup ("foo"));
+ g_ptr_array_add (a, g_strdup ("bar"));
+ g_ptr_array_add (a, g_strdup ("baz"));
+
+ g_ptr_array_add (a, NULL);
+ dbus_g_method_return (context, a->pdata);
+
+ g_ptr_array_foreach (a, (GFunc) g_free, NULL);
+ g_ptr_array_free (a, TRUE);
+
+ return TRUE;
+}
+
+/*--------------------------------------------------------------------------------------------------------------*/
diff --git a/polkit-backendd/polkit-daemon-backend.h b/polkit-backendd/polkit-daemon-backend.h
index aeb3feb..65d0d1a 100644
--- a/polkit-backendd/polkit-daemon-backend.h
+++ b/polkit-backendd/polkit-daemon-backend.h
@@ -73,6 +73,9 @@ gboolean polkit_daemon_backend_hello (PolKitDaemonBackend *daemon,
const char *message,
DBusGMethodInvocation *context);
+gboolean polkit_daemon_backend_get_policy_entries (PolKitDaemonBackend *daemon,
+ DBusGMethodInvocation *context);
+
G_END_DECLS
#endif /* __POLKIT_DAEMON_BACKEND_H__ */
diff --git a/src/polkit/Makefile.am b/src/polkit/Makefile.am
index 9c200a1..ad07c9e 100644
--- a/src/polkit/Makefile.am
+++ b/src/polkit/Makefile.am
@@ -31,17 +31,15 @@ libpolkit_1include_HEADERS = \
polkit-seat.h \
polkit-session.h \
polkit-caller.h \
- polkit-policy-file-entry.h \
- polkit-policy-file.h \
- polkit-policy-cache.h \
- polkit-policy-default.h \
+ polkit-action-description.h \
+ polkit-implicit-authorization.h \
polkit-authorization.h \
polkit-authorization-constraint.h \
polkit-authorization-db.h \
polkit-tracker.h \
polkit-simple.h
-libpolkit_1_la_SOURCES = \
+libpolkit_1_la_SOURCES = \
polkit.h \
polkit-private.h \
polkit-types.h \
@@ -53,10 +51,8 @@ libpolkit_1_la_SOURCES = \
polkit-seat.h polkit-seat.c \
polkit-session.h polkit-session.c \
polkit-caller.h polkit-caller.c \
- polkit-policy-file-entry.h polkit-policy-file-entry.c \
- polkit-policy-file.h polkit-policy-file.c \
- polkit-policy-cache.h polkit-policy-cache.c \
- polkit-policy-default.h polkit-policy-default.c \
+ polkit-action-description.h polkit-action-description.c \
+ polkit-implicit-authorization.h polkit-implicit-authorization.c \
polkit-debug.h polkit-debug.c \
polkit-utils.h polkit-utils.c \
polkit-authorization.h polkit-authorization.c \
diff --git a/src/polkit/polkit-action-description.c b/src/polkit/polkit-action-description.c
new file mode 100644
index 0000000..7f26ee8
--- /dev/null
+++ b/src/polkit/polkit-action-description.c
@@ -0,0 +1,1398 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-action-description.c : Description of an action
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use, copy,
+ * modify, merge, publish, distribute, sublicense, and/or sell copies
+ * of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include "polkit-debug.h"
+#include "polkit-error.h"
+#include "polkit-result.h"
+#include "polkit-action-description.h"
+#include "polkit-authorization-db.h"
+#include "polkit-private.h"
+#include "polkit-test.h"
+#include "polkit-private.h"
+
+/**
+ * SECTION:polkit-action-description
+ * @title: Action Description
+ * @short_description: Represents a declared action in a policy file.
+ *
+ * This class is used to represent a entries in policy files.
+ **/
+
+/**
+ * PolKitActionDescription:
+ *
+ * Objects of this class are used to record information about a
+ * policy.
+ **/
+struct _PolKitActionDescription
+{
+ int refcount;
+ char *action;
+ PolKitImplicitAuthorization *implicit_authorization_factory;
+ PolKitImplicitAuthorization *implicit_authorization;
+
+ char *policy_description;
+ char *policy_message;
+ char *vendor;
+ char *vendor_url;
+ char *icon_name;
+ KitHash *annotations;
+};
+
+
+/* NOTE: we take ownership of the annotations object */
+PolKitActionDescription *
+_polkit_action_description_new (const char *action_id,
+ const char *vendor,
+ const char *vendor_url,
+ const char *icon_name,
+ PolKitResult implicit_authorization_allow_any,
+ PolKitResult implicit_authorization_allow_inactive,
+ PolKitResult implicit_authorization_allow_active,
+ KitHash *annotations)
+{
+ char *path;
+ char *contents;
+ size_t contents_size;
+ PolKitActionDescription *pfe;
+
+ path = NULL;
+ contents = NULL;
+
+ kit_return_val_if_fail (action_id != NULL && polkit_action_validate_id (action_id), NULL);
+
+ pfe = kit_new0 (PolKitActionDescription, 1);
+ if (pfe == NULL)
+ goto error;
+ pfe->refcount = 1;
+ pfe->action = kit_strdup (action_id);
+ if (pfe->action == NULL)
+ goto error;
+
+ pfe->vendor = NULL;
+ pfe->vendor_url = NULL;
+ pfe->icon_name = NULL;
+ if (vendor != NULL && (pfe->vendor = kit_strdup (vendor)) == NULL)
+ goto error;
+ if (vendor_url != NULL && (pfe->vendor_url = kit_strdup (vendor_url)) == NULL)
+ goto error;
+ if (icon_name != NULL && (pfe->icon_name = kit_strdup (icon_name)) == NULL)
+ goto error;
+
+ if (! (polkit_authorization_db_get_capabilities () & POLKIT_AUTHORIZATION_DB_CAPABILITY_CAN_OBTAIN)) {
+ /* if we don't support obtaining authorizations
+ * through authenticating, then make the implicit_authorization
+ * reflect this ...*/
+ implicit_authorization_allow_any = POLKIT_RESULT_NO;
+ implicit_authorization_allow_inactive = POLKIT_RESULT_NO;
+ implicit_authorization_allow_active = POLKIT_RESULT_NO;
+ }
+
+ pfe->implicit_authorization_factory = _polkit_implicit_authorization_new (implicit_authorization_allow_any,
+ implicit_authorization_allow_inactive,
+ implicit_authorization_allow_active);
+ if (pfe->implicit_authorization_factory == NULL)
+ goto error;
+
+ pfe->implicit_authorization = polkit_implicit_authorization_clone (pfe->implicit_authorization_factory);
+ if (pfe->implicit_authorization == NULL)
+ goto error;
+
+#ifdef POLKIT_AUTHDB_DEFAULT
+ /* read override file */
+ path = kit_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/polkit-public-1/%s.defaults-override", action_id);
+ if (path == NULL)
+ goto error;
+ if (!kit_file_get_contents (path, &contents, &contents_size)) {
+ /* it's not a failure if the file doesn't exist */
+ if (errno != ENOENT)
+ goto error;
+
+ errno = 0;
+ contents = NULL;
+ }
+
+ if (contents != NULL) {
+ char **tokens;
+ size_t num_tokens;
+ PolKitResult any;
+ PolKitResult inactive;
+ PolKitResult active;
+
+ tokens = kit_strsplit (contents, ':', &num_tokens);
+ if (num_tokens != 3)
+ goto error;
+
+ if (!polkit_result_from_string_representation (tokens[0], &any)) {
+ goto error;
+ }
+ if (!polkit_result_from_string_representation (tokens[1], &inactive)) {
+ goto error;
+ }
+ if (!polkit_result_from_string_representation (tokens[2], &active)) {
+ goto error;
+ }
+
+ polkit_implicit_authorization_set_allow_any (pfe->implicit_authorization, any);
+ polkit_implicit_authorization_set_allow_inactive (pfe->implicit_authorization, inactive);
+ polkit_implicit_authorization_set_allow_active (pfe->implicit_authorization, active);
+ }
+#endif
+
+ pfe->annotations = annotations;
+
+ kit_free (path);
+ kit_free (contents);
+
+ return pfe;
+error:
+ kit_free (path);
+ kit_free (contents);
+ if (pfe != NULL)
+ polkit_action_description_unref (pfe);
+ return NULL;
+}
+
+polkit_bool_t
+_polkit_action_description_set_descriptions (PolKitActionDescription *pfe,
+ const char *policy_description,
+ const char *policy_message)
+{
+ kit_return_val_if_fail (pfe != NULL, FALSE);
+
+ if (pfe->policy_description != NULL)
+ kit_free (pfe->policy_description);
+ if (pfe->policy_message != NULL)
+ kit_free (pfe->policy_message);
+
+ pfe->policy_description = kit_strdup (policy_description);
+ pfe->policy_message = kit_strdup (policy_message);
+
+ if (policy_description != NULL && pfe->policy_description == NULL)
+ return FALSE;
+
+ if (policy_message != NULL && pfe->policy_message == NULL)
+ return FALSE;
+
+ return TRUE;
+}
+
+/**
+ * polkit_action_description_get_action_description:
+ * @action_description: the object
+ *
+ * Get the description of the action that this policy entry describes. This
+ * is intended to be used in policy editors, for example "Mount internal
+ * volumes". Contrast with polkit_action_description_get_action_message(). The
+ * textual string will be returned in the current locale.
+ *
+ * Note, if polkit_context_set_load_descriptions() on the
+ * #PolKitContext object used to get this object wasn't called, this
+ * method will return #NULL.
+ *
+ * Returns: string or #NULL if descriptions are not loaded - caller shall not free this string
+ **/
+const char *
+polkit_action_description_get_action_description (PolKitActionDescription *action_description)
+{
+ kit_return_val_if_fail (action_description != NULL, NULL);
+ return action_description->policy_description;
+}
+
+/**
+ * polkit_action_description_get_action_message:
+ * @action_description: the object
+ *
+ * Get the message describing the action that this policy entry
+ * describes. This is to be used in dialogs, for example "System
+ * Policy prevents mounting this volume". Contrast with
+ * polkit_action_description_get_action_description(). The textual string
+ * will be returned in the current locale.
+ *
+ * Note, if polkit_context_set_load_descriptions() on the
+ * #PolKitContext object used to get this object wasn't called, this
+ * method will return #NULL.
+ *
+ * Returns: string or #NULL if descriptions are not loaded - caller shall not free this string
+ **/
+const char *
+polkit_action_description_get_action_message (PolKitActionDescription *action_description)
+{
+ kit_return_val_if_fail (action_description != NULL, NULL);
+ return action_description->policy_message;
+}
+
+/**
+ * polkit_action_description_get_action_vendor:
+ * @action_description: the object
+ *
+ * Get the name of the vendor of this action.
+ *
+ * Note, if polkit_context_set_load_descriptions() on the
+ * #PolKitContext object used to get this object wasn't called, this
+ * method will return #NULL.
+ *
+ * Returns: string or #NULL if descriptions are not loaded or vendor
+ * tag isn't set - caller shall not free this string
+ *
+ * Since: 0.7
+ */
+const char *
+polkit_action_description_get_action_vendor (PolKitActionDescription *action_description)
+{
+ kit_return_val_if_fail (action_description != NULL, NULL);
+ return action_description->vendor;
+}
+
+/**
+ * polkit_action_description_get_action_vendor_url:
+ * @action_description: the object
+ *
+ * Get the URL of the vendor of this action.
+ *
+ * Note, if polkit_context_set_load_descriptions() on the
+ * #PolKitContext object used to get this object wasn't called, this
+ * method will return #NULL.
+ *
+ * Returns: string or #NULL if descriptions are not loaded or vendor
+ * url isn't set - caller shall not free this string
+ *
+ * Since: 0.7
+ */
+const char *
+polkit_action_description_get_action_vendor_url (PolKitActionDescription *action_description)
+{
+ kit_return_val_if_fail (action_description != NULL, NULL);
+ return action_description->vendor_url;
+}
+
+/**
+ * polkit_action_description_get_action_icon_name:
+ * @action_description: the object
+ *
+ * Get the name of the icon that represents the action. This name
+ * conforms to the freedesktop.org icon naming specification.
+ *
+ * Note, if polkit_context_set_load_descriptions() on the
+ * #PolKitContext object used to get this object wasn't called, this
+ * method will return #NULL.
+ *
+ * Returns: string or #NULL if descriptions are not loaded or icon
+ * tag isn't set - caller shall not free this string
+ *
+ * Since: 0.7
+ */
+const char *
+polkit_action_description_get_action_icon_name (PolKitActionDescription *action_description)
+{
+ kit_return_val_if_fail (action_description != NULL, NULL);
+ return action_description->icon_name;
+}
+
+
+/**
+ * polkit_action_description_ref:
+ * @action_description: the policy file object
+ *
+ * Increase reference count.
+ *
+ * Returns: the object
+ **/
+PolKitActionDescription *
+polkit_action_description_ref (PolKitActionDescription *action_description)
+{
+ kit_return_val_if_fail (action_description != NULL, action_description);
+ action_description->refcount++;
+ return action_description;
+}
+
+/**
+ * polkit_action_description_unref:
+ * @action_description: the policy file object
+ *
+ * Decreases the reference count of the object. If it becomes zero,
+ * the object is freed. Before freeing, reference counts on embedded
+ * objects are decresed by one.
+ **/
+void
+polkit_action_description_unref (PolKitActionDescription *action_description)
+{
+ kit_return_if_fail (action_description != NULL);
+ action_description->refcount--;
+ if (action_description->refcount > 0)
+ return;
+
+ kit_free (action_description->action);
+
+ if (action_description->implicit_authorization_factory != NULL)
+ polkit_implicit_authorization_unref (action_description->implicit_authorization_factory);
+
+ if (action_description->implicit_authorization != NULL)
+ polkit_implicit_authorization_unref (action_description->implicit_authorization);
+
+ if (action_description->annotations != NULL)
+ kit_hash_unref (action_description->annotations);
+
+ kit_free (action_description->policy_description);
+ kit_free (action_description->policy_message);
+ kit_free (action_description->vendor);
+ kit_free (action_description->vendor_url);
+ kit_free (action_description->icon_name);
+
+ kit_free (action_description);
+}
+
+/**
+ * polkit_action_description_debug:
+ * @action_description: the entry
+ *
+ * Print debug information about object
+ **/
+void
+polkit_action_description_debug (PolKitActionDescription *action_description)
+{
+ kit_return_if_fail (action_description != NULL);
+ polkit_debug ("PolKitActionDescription: refcount=%d action=%s",
+ action_description->refcount,
+ action_description->action);
+ polkit_implicit_authorization_debug (action_description->implicit_authorization);
+}
+
+/**
+ * polkit_action_description_get_id:
+ * @action_description: the file entry
+ *
+ * Get the action identifier.
+ *
+ * Returns: A string - caller shall not free this string.
+ **/
+const char *
+polkit_action_description_get_id (PolKitActionDescription *action_description)
+{
+ kit_return_val_if_fail (action_description != NULL, NULL);
+ return action_description->action;
+}
+
+/**
+ * polkit_action_description_get_implicit_authorization:
+ * @action_description: the file entry
+ *
+ * Get the the default policy for this policy.
+ *
+ * Returns: A #PolKitImplicitAuthorization object - caller shall not unref or modify this object.
+ **/
+PolKitImplicitAuthorization *
+polkit_action_description_get_implicit_authorization (PolKitActionDescription *action_description)
+{
+ kit_return_val_if_fail (action_description != NULL, NULL);
+ return action_description->implicit_authorization;
+}
+
+/**
+ * polkit_action_description_get_implicit_authorization_factory:
+ * @action_description: the file entry
+ *
+ * Get the factory defaults for the entry. This may be different that
+ * what polkit_action_description_get_implicit_authorization() returns if the function
+ * polkit_action_description_set_implicit_authorization() have been used to change the
+ * defaults.
+ *
+ * Returns: A #PolKitImplicitAuthorization object - caller shall not unref or modify this object.
+ *
+ * Since: 0.7
+ */
+PolKitImplicitAuthorization *
+polkit_action_description_get_implicit_authorization_factory (PolKitActionDescription *action_description)
+{
+ kit_return_val_if_fail (action_description != NULL, NULL);
+ return action_description->implicit_authorization_factory;
+}
+
+/**
+ * polkit_action_description_set_implicit_authorization:
+ * @action_description: the file entry
+ * @implicit_authorization: the new defaults to set
+ * @error: return location for error or #NULL
+ *
+ * Set new defaults for a given policy file entry; subsequent calls to
+ * polkit_policy_file_get_default() will return these values. Note
+ * that the old defaults are not modified; they are still available via
+ * polkit_action_description_get_default_factory().
+ *
+ * This operation requires the
+ * org.freedesktop.policykit.modify-defaults authorization and will
+ * fail if the caller lacks it.
+ *
+ * Returns: %TRUE if the given defaults was set; %FALSE if @error is set.
+ *
+ * Since: 0.7
+ */
+polkit_bool_t
+polkit_action_description_set_implicit_authorization (PolKitActionDescription *action_description,
+ PolKitImplicitAuthorization *implicit_authorization,
+ PolKitError **error)
+{
+ polkit_bool_t ret;
+
+ ret = FALSE;
+
+ kit_return_val_if_fail (action_description != NULL, FALSE);
+ kit_return_val_if_fail (implicit_authorization != NULL, FALSE);
+
+#ifndef POLKIT_AUTHDB_DEFAULT
+ polkit_error_set_error (error, POLKIT_ERROR_NOT_SUPPORTED, "Not supported");
+#else
+ char *helper_argv[7] = {PACKAGE_LIBEXEC_DIR "/polkit-set-default-helper-1",
+ NULL, /* arg1: action_id */
+ NULL, /* arg2: "clear" or "set" */
+ NULL, /* arg3: result_any */
+ NULL, /* arg4: result_inactive */
+ NULL, /* arg5: result_active */
+ NULL};
+ int exit_status;
+ PolKitResult any;
+ PolKitResult inactive;
+ PolKitResult active;
+
+ if (polkit_implicit_authorization_equals (action_description->implicit_authorization, implicit_authorization)) {
+ /* no point in doing extra work.. */
+ ret = TRUE;
+ goto out;
+ }
+
+ any = polkit_implicit_authorization_get_allow_any (implicit_authorization);
+ inactive = polkit_implicit_authorization_get_allow_inactive (implicit_authorization);
+ active = polkit_implicit_authorization_get_allow_active (implicit_authorization);
+
+ helper_argv[1] = action_description->action;
+
+ if (polkit_implicit_authorization_equals (action_description->implicit_authorization_factory, implicit_authorization)) {
+ helper_argv[2] = "clear";
+ helper_argv[3] = NULL;
+ } else {
+ helper_argv[2] = "set";
+ helper_argv[3] = (char *) polkit_result_to_string_representation (any);
+ helper_argv[4] = (char *) polkit_result_to_string_representation (inactive);
+ helper_argv[5] = (char *) polkit_result_to_string_representation (active);
+ helper_argv[6] = NULL;
+ }
+
+ if (!kit_spawn_sync (NULL, /* const char *working_directory */
+ 0, /* flags */
+ helper_argv, /* char **argv */
+ NULL, /* char **envp */
+ NULL, /* char *stdin */
+ NULL, /* char **stdout */
+ NULL, /* char **stderr */
+ &exit_status)) { /* int *exit_status */
+ polkit_error_set_error (error,
+ POLKIT_ERROR_GENERAL_ERROR,
+ "Error spawning set-default helper: %m");
+ goto out;
+ }
+
+ if (!WIFEXITED (exit_status)) {
+ kit_warning ("Set-default helper crashed!");
+ polkit_error_set_error (error,
+ POLKIT_ERROR_GENERAL_ERROR,
+ "set-default helper crashed!");
+ goto out;
+ } else if (WEXITSTATUS(exit_status) != 0) {
+ polkit_error_set_error (error,
+ POLKIT_ERROR_NOT_AUTHORIZED_TO_MODIFY_DEFAULTS,
+ "uid %d is not authorized to modify defaults for implicit authorization for action %s (requires org.freedesktop.policykit.modify-defaults)",
+ getuid (), action_description->action);
+ } else {
+ ret = TRUE;
+ }
+out:
+#endif /* POLKIT_AUTHDB_DEFAULT */
+ return ret;
+}
+
+
+typedef struct {
+ PolKitActionDescription *pfe;
+ PolKitActionDescriptionAnnotationsForeachFunc cb;
+ void *user_data;
+} _AnnotationsClosure;
+
+static polkit_bool_t
+_annotations_cb (void *key,
+ void *value,
+ void *user_data,
+ KitHash *hash)
+{
+ _AnnotationsClosure *closure = user_data;
+ return closure->cb (closure->pfe, (const char *) key, (const char *) value, closure->user_data);
+}
+
+/**
+ * polkit_action_description_annotations_foreach:
+ * @action_description: the policy file entry
+ * @cb: callback function
+ * @user_data: user data to pass to the callback function
+ *
+ * Iterate over all annotations on the policy file entry.
+ *
+ * Returns: #TRUE only if the iteration was short-circuited
+ */
+polkit_bool_t
+polkit_action_description_annotations_foreach (PolKitActionDescription *action_description,
+ PolKitActionDescriptionAnnotationsForeachFunc cb,
+ void *user_data)
+{
+ _AnnotationsClosure closure;
+
+ kit_return_val_if_fail (action_description != NULL, FALSE);
+ if (action_description->annotations == NULL)
+ return FALSE;
+
+ closure.pfe = action_description;
+ closure.cb = cb;
+ closure.user_data = user_data;
+
+ return kit_hash_foreach (action_description->annotations,
+ _annotations_cb,
+ &closure);
+}
+
+/**
+ * polkit_action_description_get_annotation:
+ * @action_description: the policy file entry
+ * @key: the key of the annotation
+ *
+ * Look of the value of a given annotation.
+ *
+ * Returns: The value of the annotation or #NULL if not found.
+ */
+const char *
+polkit_action_description_get_annotation (PolKitActionDescription *action_description,
+ const char *key)
+{
+ const char *value;
+ kit_return_val_if_fail (action_description != NULL, NULL);
+ kit_return_val_if_fail (key != NULL, NULL);
+
+ value = NULL;
+ if (action_description->annotations != NULL) {
+ value = kit_hash_lookup (action_description->annotations, (void *) key, NULL);
+ }
+ return value;
+}
+
+
+#ifdef POLKIT_BUILD_TESTS
+
+static polkit_bool_t
+_pfe_cb (PolKitActionDescription *pfe,
+ const char *key,
+ const char *value,
+ void *user_data)
+{
+ int *count = (int *) user_data;
+
+ if (strcmp (key, "a1") == 0 && strcmp (value, "v1") == 0)
+ *count += 1;
+ else if (strcmp (key, "a2") == 0 && strcmp (value, "v2") == 0)
+ *count += 1;
+
+ return FALSE;
+}
+
+static polkit_bool_t
+_pfe_cb2 (PolKitActionDescription *pfe,
+ const char *key,
+ const char *value,
+ void *user_data)
+{
+ int *count = (int *) user_data;
+ *count += 1;
+
+ return FALSE;
+}
+
+
+static polkit_bool_t
+_run_test (void)
+{
+ PolKitActionDescription *pfe;
+ PolKitImplicitAuthorization *d;
+ KitHash *a;
+ int count;
+
+ a = NULL;
+ pfe = NULL;
+
+ if ((a = kit_hash_new (kit_hash_str_hash_func,
+ kit_hash_str_equal_func,
+ NULL, NULL,
+ NULL, NULL)) == NULL)
+ goto oom;
+
+ if (!kit_hash_insert (a, "a1", "v1"))
+ goto oom;
+
+ if (!kit_hash_insert (a, "a2", "v2"))
+ goto oom;
+
+ if ((pfe = _polkit_action_description_new ("org.example-action",
+ NULL,
+ NULL,
+ NULL,
+ POLKIT_RESULT_NO,
+ POLKIT_RESULT_ONLY_VIA_SELF_AUTH,
+ POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH,
+ a)) == NULL)
+ goto oom;
+ /* _file_entry_new assumes ownership of the passed a variable */
+ a = NULL;
+
+ kit_assert (strcmp (polkit_action_description_get_id (pfe), "org.example-action") == 0);
+
+ if (_polkit_action_description_set_descriptions (pfe,
+ "the desc",
+ "the msg")) {
+ kit_assert (strcmp (polkit_action_description_get_action_description (pfe), "the desc") == 0);
+ kit_assert (strcmp (polkit_action_description_get_action_message (pfe), "the msg") == 0);
+ }
+
+ if (_polkit_action_description_set_descriptions (pfe,
+ "the desc2",
+ "the msg2")) {
+ kit_assert (strcmp (polkit_action_description_get_action_description (pfe), "the desc2") == 0);
+ kit_assert (strcmp (polkit_action_description_get_action_message (pfe), "the msg2") == 0);
+ }
+
+ kit_assert ((d = polkit_action_description_get_default (pfe)) != NULL);
+
+#ifdef POLKIT_AUTHDB_DEFAULT
+ kit_assert (polkit_implicit_authorization_get_allow_any (d) == POLKIT_RESULT_NO);
+ kit_assert (polkit_implicit_authorization_get_allow_inactive (d) == POLKIT_RESULT_ONLY_VIA_SELF_AUTH);
+ kit_assert (polkit_implicit_authorization_get_allow_active (d) == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH);
+#endif
+
+ polkit_action_description_ref (pfe);
+ polkit_action_description_unref (pfe);
+ polkit_action_description_debug (pfe);
+
+ kit_assert (strcmp (polkit_action_description_get_annotation (pfe, "a1"), "v1") == 0);
+ kit_assert (strcmp (polkit_action_description_get_annotation (pfe, "a2"), "v2") == 0);
+ kit_assert (polkit_action_description_get_annotation (pfe, "a3") == NULL);
+
+ count = 0;
+ polkit_action_description_annotations_foreach (pfe, _pfe_cb, &count);
+ kit_assert (count == 2);
+
+ polkit_action_description_unref (pfe);
+ if ((pfe = _polkit_action_description_new ("org.example-action-2",
+ NULL,
+ NULL,
+ NULL,
+ POLKIT_RESULT_NO,
+ POLKIT_RESULT_ONLY_VIA_SELF_AUTH,
+ POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH,
+ NULL)) == NULL)
+ goto oom;
+ count = 0;
+ polkit_action_description_annotations_foreach (pfe, _pfe_cb2, &count);
+ kit_assert (count == 0);
+ _pfe_cb2 (pfe, NULL, NULL, &count); /* want to get coverage of _pfe_cb2 */
+ kit_assert (count == 1);
+
+oom:
+ if (pfe != NULL)
+ polkit_action_description_unref (pfe);
+
+ if (a != NULL)
+ kit_hash_unref (a);
+
+ return TRUE;
+}
+
+KitTest _test_action_description = {
+ "polkit_action_description",
+ NULL,
+ NULL,
+ _run_test
+};
+
+#endif /* POLKIT_BUILD_TESTS */
+
+
+
+#include <expat.h>
+#include "polkit-context.h"
+
+enum {
+ STATE_NONE,
+ STATE_UNKNOWN_TAG,
+ STATE_IN_POLICY_CONFIG,
+ STATE_IN_POLICY_VENDOR,
+ STATE_IN_POLICY_VENDOR_URL,
+ STATE_IN_POLICY_ICON_NAME,
+ STATE_IN_ACTION,
+ STATE_IN_ACTION_DESCRIPTION,
+ STATE_IN_ACTION_MESSAGE,
+ STATE_IN_ACTION_VENDOR,
+ STATE_IN_ACTION_VENDOR_URL,
+ STATE_IN_ACTION_ICON_NAME,
+ STATE_IN_DEFAULTS,
+ STATE_IN_DEFAULTS_ALLOW_ANY,
+ STATE_IN_DEFAULTS_ALLOW_INACTIVE,
+ STATE_IN_DEFAULTS_ALLOW_ACTIVE,
+ STATE_IN_ANNOTATE
+};
+
+#define PARSER_MAX_DEPTH 32
+
+typedef struct {
+ XML_Parser parser;
+ int state;
+ int state_stack[PARSER_MAX_DEPTH];
+ int stack_depth;
+
+ const char *path;
+
+ char *global_vendor;
+ char *global_vendor_url;
+ char *global_icon_name;
+
+ char *action_id;
+ char *vendor;
+ char *vendor_url;
+ char *icon_name;
+
+ PolKitResult defaults_allow_any;
+ PolKitResult defaults_allow_inactive;
+ PolKitResult defaults_allow_active;
+
+ KitHash *policy_descriptions;
+ KitHash *policy_messages;
+
+ char *policy_description_nolang;
+ char *policy_message_nolang;
+
+ /* the language according to $LANG (e.g. en_US, da_DK, fr, en_CA minus the encoding) */
+ char *lang;
+
+ /* the value of xml:lang for the thing we're reading in _cdata() */
+ char *elem_lang;
+
+ char *annotate_key;
+ KitHash *annotations;
+
+ polkit_bool_t is_oom;
+
+ PolKitActionDescriptionForeachFunc cb;
+ void *user_data;
+} ParserData;
+
+static void
+pd_unref_action_data (ParserData *pd)
+{
+ kit_free (pd->action_id);
+ pd->action_id = NULL;
+
+ kit_free (pd->vendor);
+ pd->vendor = NULL;
+ kit_free (pd->vendor_url);
+ pd->vendor_url = NULL;
+ kit_free (pd->icon_name);
+ pd->icon_name = NULL;
+
+ kit_free (pd->policy_description_nolang);
+ pd->policy_description_nolang = NULL;
+ kit_free (pd->policy_message_nolang);
+ pd->policy_message_nolang = NULL;
+ if (pd->policy_descriptions != NULL) {
+ kit_hash_unref (pd->policy_descriptions);
+ pd->policy_descriptions = NULL;
+ }
+ if (pd->policy_messages != NULL) {
+ kit_hash_unref (pd->policy_messages);
+ pd->policy_messages = NULL;
+ }
+ kit_free (pd->annotate_key);
+ pd->annotate_key = NULL;
+ if (pd->annotations != NULL) {
+ kit_hash_unref (pd->annotations);
+ pd->annotations = NULL;
+ }
+ kit_free (pd->elem_lang);
+ pd->elem_lang = NULL;
+}
+
+static void
+pd_unref_data (ParserData *pd)
+{
+ pd_unref_action_data (pd);
+ kit_free (pd->lang);
+ pd->lang = NULL;
+
+ kit_free (pd->global_vendor);
+ pd->global_vendor = NULL;
+ kit_free (pd->global_vendor_url);
+ pd->global_vendor_url = NULL;
+ kit_free (pd->global_icon_name);
+ pd->global_icon_name = NULL;
+}
+
+static void
+_start (void *data, const char *el, const char **attr)
+{
+ int state;
+ int num_attr;
+ ParserData *pd = data;
+
+ for (num_attr = 0; attr[num_attr] != NULL; num_attr++)
+ ;
+
+ state = STATE_NONE;
+
+ switch (pd->state) {
+ case STATE_NONE:
+ if (strcmp (el, "policyconfig") == 0) {
+ state = STATE_IN_POLICY_CONFIG;
+ }
+ break;
+ case STATE_IN_POLICY_CONFIG:
+ if (strcmp (el, "action") == 0) {
+ if (num_attr != 2 || strcmp (attr[0], "id") != 0)
+ goto error;
+ state = STATE_IN_ACTION;
+
+ if (!polkit_action_validate_id (attr[1]))
+ goto error;
+
+ pd_unref_action_data (pd);
+ pd->action_id = kit_strdup (attr[1]);
+ if (pd->action_id == NULL)
+ goto oom;
+ pd->policy_descriptions = kit_hash_new (kit_hash_str_hash_func,
+ kit_hash_str_equal_func,
+ kit_hash_str_copy, kit_hash_str_copy,
+ kit_free, kit_free);
+ pd->policy_messages = kit_hash_new (kit_hash_str_hash_func,
+ kit_hash_str_equal_func,
+ kit_hash_str_copy, kit_hash_str_copy,
+ kit_free, kit_free);
+
+ /* initialize defaults */
+ pd->defaults_allow_any = POLKIT_RESULT_NO;
+ pd->defaults_allow_inactive = POLKIT_RESULT_NO;
+ pd->defaults_allow_active = POLKIT_RESULT_NO;
+ } else if (strcmp (el, "vendor") == 0 && num_attr == 0) {
+ state = STATE_IN_POLICY_VENDOR;
+ } else if (strcmp (el, "vendor_url") == 0 && num_attr == 0) {
+ state = STATE_IN_POLICY_VENDOR_URL;
+ } else if (strcmp (el, "icon_name") == 0 && num_attr == 0) {
+ state = STATE_IN_POLICY_ICON_NAME;
+ }
+ break;
+ case STATE_IN_ACTION:
+ if (strcmp (el, "defaults") == 0) {
+ state = STATE_IN_DEFAULTS;
+ } else if (strcmp (el, "description") == 0) {
+ if (num_attr == 2 && strcmp (attr[0], "xml:lang") == 0) {
+ pd->elem_lang = kit_strdup (attr[1]);
+ if (pd->elem_lang == NULL)
+ goto oom;
+ }
+ state = STATE_IN_ACTION_DESCRIPTION;
+ } else if (strcmp (el, "message") == 0) {
+ if (num_attr == 2 && strcmp (attr[0], "xml:lang") == 0) {
+ pd->elem_lang = kit_strdup (attr[1]);
+ if (pd->elem_lang == NULL)
+ goto oom;
+ }
+ state = STATE_IN_ACTION_MESSAGE;
+ } else if (strcmp (el, "vendor") == 0 && num_attr == 0) {
+ state = STATE_IN_ACTION_VENDOR;
+ } else if (strcmp (el, "vendor_url") == 0 && num_attr == 0) {
+ state = STATE_IN_ACTION_VENDOR_URL;
+ } else if (strcmp (el, "icon_name") == 0 && num_attr == 0) {
+ state = STATE_IN_ACTION_ICON_NAME;
+ } else if (strcmp (el, "annotate") == 0) {
+ if (num_attr != 2 || strcmp (attr[0], "key") != 0)
+ goto error;
+ state = STATE_IN_ANNOTATE;
+
+ kit_free (pd->annotate_key);
+ pd->annotate_key = kit_strdup (attr[1]);
+ if (pd->annotate_key == NULL)
+ goto oom;
+ }
+ break;
+ case STATE_IN_DEFAULTS:
+ if (strcmp (el, "allow_any") == 0)
+ state = STATE_IN_DEFAULTS_ALLOW_ANY;
+ else if (strcmp (el, "allow_inactive") == 0)
+ state = STATE_IN_DEFAULTS_ALLOW_INACTIVE;
+ else if (strcmp (el, "allow_active") == 0)
+ state = STATE_IN_DEFAULTS_ALLOW_ACTIVE;
+ break;
+ default:
+ break;
+ }
+
+ if (state == STATE_NONE) {
+ //kit_warning ("skipping unknown tag <%s> at line %d of %s",
+ // el, (int) XML_GetCurrentLineNumber (pd->parser), pd->path);
+ state = STATE_UNKNOWN_TAG;
+ }
+
+ pd->state = state;
+ pd->state_stack[pd->stack_depth] = pd->state;
+ pd->stack_depth++;
+ return;
+oom:
+ pd->is_oom = TRUE;
+error:
+ XML_StopParser (pd->parser, FALSE);
+}
+
+static polkit_bool_t
+_validate_icon_name (const char *icon_name)
+{
+ unsigned int n;
+ polkit_bool_t ret;
+ size_t len;
+
+ ret = FALSE;
+
+ len = strlen (icon_name);
+
+ /* check for common suffixes */
+ if (kit_str_has_suffix (icon_name, ".png"))
+ goto out;
+ if (kit_str_has_suffix (icon_name, ".jpg"))
+ goto out;
+
+ /* icon name cannot be a path */
+ for (n = 0; n < len; n++) {
+ if (icon_name [n] == '/') {
+ goto out;
+ }
+ }
+
+ ret = TRUE;
+
+out:
+ return ret;
+}
+
+static void
+_cdata (void *data, const char *s, int len)
+{
+ char *str;
+ ParserData *pd = data;
+
+ str = kit_strndup (s, len);
+ if (str == NULL)
+ goto oom;
+
+ switch (pd->state) {
+
+ case STATE_IN_ACTION_DESCRIPTION:
+ if (pd->elem_lang == NULL) {
+ kit_free (pd->policy_description_nolang);
+ pd->policy_description_nolang = str;
+ str = NULL;
+ } else {
+ if (!kit_hash_insert (pd->policy_descriptions, pd->elem_lang, str))
+ goto oom;
+ }
+ break;
+
+ case STATE_IN_ACTION_MESSAGE:
+ if (pd->elem_lang == NULL) {
+ kit_free (pd->policy_message_nolang);
+ pd->policy_message_nolang = str;
+ str = NULL;
+ } else {
+ if (!kit_hash_insert (pd->policy_messages, pd->elem_lang, str))
+ goto oom;
+ }
+ break;
+
+ case STATE_IN_POLICY_VENDOR:
+ kit_free (pd->global_vendor);
+ pd->global_vendor = str;
+ str = NULL;
+ break;
+
+ case STATE_IN_POLICY_VENDOR_URL:
+ kit_free (pd->global_vendor_url);
+ pd->global_vendor_url = str;
+ str = NULL;
+ break;
+
+ case STATE_IN_POLICY_ICON_NAME:
+ if (! _validate_icon_name (str)) {
+ kit_warning ("Icon name '%s' is invalid", str);
+ goto error;
+ }
+
+ kit_free (pd->global_icon_name);
+ pd->global_icon_name = str;
+ str = NULL;
+ break;
+
+ case STATE_IN_ACTION_VENDOR:
+ kit_free (pd->vendor);
+ pd->vendor = str;
+ str = NULL;
+ break;
+
+ case STATE_IN_ACTION_VENDOR_URL:
+ kit_free (pd->vendor_url);
+ pd->vendor_url = str;
+ str = NULL;
+ break;
+
+ case STATE_IN_ACTION_ICON_NAME:
+ if (! _validate_icon_name (str)) {
+ kit_warning ("Icon name '%s' is invalid", str);
+ goto error;
+ }
+
+ kit_free (pd->icon_name);
+ pd->icon_name = str;
+ str = NULL;
+ break;
+
+ case STATE_IN_DEFAULTS_ALLOW_ANY:
+ if (!polkit_result_from_string_representation (str, &pd->defaults_allow_any))
+ goto error;
+ break;
+ case STATE_IN_DEFAULTS_ALLOW_INACTIVE:
+ if (!polkit_result_from_string_representation (str, &pd->defaults_allow_inactive))
+ goto error;
+ break;
+ case STATE_IN_DEFAULTS_ALLOW_ACTIVE:
+ if (!polkit_result_from_string_representation (str, &pd->defaults_allow_active))
+ goto error;
+ break;
+
+ case STATE_IN_ANNOTATE:
+ if (pd->annotations == NULL) {
+ pd->annotations = kit_hash_new (kit_hash_str_hash_func,
+ kit_hash_str_equal_func,
+ kit_hash_str_copy, kit_hash_str_copy,
+ kit_free, kit_free);
+ if (pd->annotations == NULL)
+ goto oom;
+ }
+ if (!kit_hash_insert (pd->annotations, pd->annotate_key, str))
+ goto oom;
+ break;
+
+ default:
+ break;
+ }
+ kit_free (str);
+ return;
+oom:
+ pd->is_oom = TRUE;
+error:
+ kit_free (str);
+ XML_StopParser (pd->parser, FALSE);
+}
+
+/**
+ * _localize:
+ * @translations: a mapping from xml:lang to the value, e.g. 'da' -> 'Smadre', 'en_CA' -> 'Punch, Aye!'
+ * @untranslated: the untranslated value, e.g. 'Punch'
+ * @lang: the locale we're interested in, e.g. 'da_DK', 'da', 'en_CA', 'en_US'; basically just $LANG
+ * with the encoding cut off. Maybe be NULL.
+ *
+ * Pick the correct translation to use.
+ *
+ * Returns: the localized string to use
+ */
+static const char *
+_localize (KitHash *translations, const char *untranslated, const char *lang)
+{
+ const char *result;
+ char lang2[256];
+ int n;
+
+ if (lang == NULL) {
+ result = untranslated;
+ goto out;
+ }
+
+ /* first see if we have the translation */
+ result = (const char *) kit_hash_lookup (translations, (void *) lang, NULL);
+ if (result != NULL)
+ goto out;
+
+ /* we could have a translation for 'da' but lang=='da_DK'; cut off the last part and try again */
+ strncpy (lang2, lang, sizeof (lang2));
+ for (n = 0; lang2[n] != '\0'; n++) {
+ if (lang2[n] == '_') {
+ lang2[n] = '\0';
+ break;
+ }
+ }
+ result = (const char *) kit_hash_lookup (translations, (void *) lang2, NULL);
+ if (result != NULL)
+ goto out;
+
+ /* fall back to untranslated */
+ result = untranslated;
+out:
+ return result;
+}
+
+static void
+_end (void *data, const char *el)
+{
+ ParserData *pd = data;
+
+ kit_free (pd->elem_lang);
+ pd->elem_lang = NULL;
+
+ switch (pd->state) {
+ case STATE_IN_ACTION:
+ {
+ const char *policy_description;
+ const char *policy_message;
+ PolKitActionDescription *pfe;
+ char *vendor;
+ char *vendor_url;
+ char *icon_name;
+
+ vendor = pd->vendor;
+ if (vendor == NULL)
+ vendor = pd->global_vendor;
+
+ vendor_url = pd->vendor_url;
+ if (vendor_url == NULL)
+ vendor_url = pd->global_vendor_url;
+
+ icon_name = pd->icon_name;
+ if (icon_name == NULL)
+ icon_name = pd->global_icon_name;
+
+ /* NOTE: caller takes ownership of the annotations object */
+ pfe = _polkit_action_description_new (pd->action_id,
+ vendor,
+ vendor_url,
+ icon_name,
+ pd->defaults_allow_any,
+ pd->defaults_allow_inactive,
+ pd->defaults_allow_active,
+ pd->annotations);
+ if (pfe == NULL)
+ goto oom;
+ pd->annotations = NULL;
+
+ policy_description = _localize (pd->policy_descriptions, pd->policy_description_nolang, pd->lang);
+ policy_message = _localize (pd->policy_messages, pd->policy_message_nolang, pd->lang);
+
+ if (!_polkit_action_description_set_descriptions (pfe,
+ policy_description,
+ policy_message)) {
+ polkit_action_description_unref (pfe);
+ goto oom;
+ }
+
+ if (pd->cb (pfe, pd->user_data)) {
+ /* TODO: short-circuit */
+ }
+
+ /* and now throw it all away! (eh, don't worry, the user have probably reffed it!) */
+ polkit_action_description_unref (pfe);
+ break;
+ }
+ default:
+ break;
+ }
+
+ --pd->stack_depth;
+ if (pd->stack_depth < 0 || pd->stack_depth >= PARSER_MAX_DEPTH) {
+ polkit_debug ("reached max depth?");
+ goto error;
+ }
+ if (pd->stack_depth > 0)
+ pd->state = pd->state_stack[pd->stack_depth - 1];
+ else
+ pd->state = STATE_NONE;
+
+ return;
+oom:
+ pd->is_oom = 1;
+error:
+ XML_StopParser (pd->parser, FALSE);
+}
+
+
+/**
+ * polkit_action_description_get_from_file:
+ * @path: path to file, e.g. <literal>/usr/share/polkit-1/actions/org.freedesktop.policykit.policy</literal>
+ * @cb: callback function
+ * @user_data: user data
+ * @error: return location for error
+ *
+ * Load a .policy file and iterate over all entries.
+ *
+ * Returns: #TRUE if @cb short-circuited the iteration. If there was
+ * an error parsing @file, then @error will be set.
+ **/
+polkit_bool_t
+polkit_action_description_get_from_file (const char *path,
+ PolKitActionDescriptionForeachFunc cb,
+ void *user_data,
+ PolKitError **error)
+{
+ ParserData pd;
+ int xml_res;
+ char *lang;
+ char *buf;
+ size_t buflen;
+
+ buf = NULL;
+
+ /* clear parser data */
+ memset (&pd, 0, sizeof (ParserData));
+
+ if (!kit_str_has_suffix (path, ".policy")) {
+ polkit_error_set_error (error,
+ POLKIT_ERROR_POLICY_FILE_INVALID,
+ "Policy files must have extension .policy; file '%s' doesn't", path);
+ goto error;
+ }
+
+ if (!kit_file_get_contents (path, &buf, &buflen)) {
+ if (errno == ENOMEM) {
+ polkit_error_set_error (error, POLKIT_ERROR_OUT_OF_MEMORY,
+ "Cannot load PolicyKit policy file at '%s': %s",
+ path,
+ "No memory for parser");
+ } else {
+ polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID,
+ "Cannot load PolicyKit policy file at '%s': %m",
+ path);
+ }
+ goto error;
+ }
+
+ pd.path = path;
+ pd.cb = cb;
+ pd.user_data = user_data;
+
+/* #ifdef POLKIT_BUILD_TESTS
+ TODO: expat appears to leak on certain OOM paths
+*/
+#if 0
+ XML_Memory_Handling_Suite memsuite = {p_malloc, p_realloc, kit_free};
+ pd.parser = XML_ParserCreate_MM (NULL, &memsuite, NULL);
+#else
+ pd.parser = XML_ParserCreate (NULL);
+#endif
+ pd.stack_depth = 0;
+ if (pd.parser == NULL) {
+ polkit_error_set_error (error, POLKIT_ERROR_OUT_OF_MEMORY,
+ "Cannot load PolicyKit policy file at '%s': %s",
+ path,
+ "No memory for parser");
+ goto error;
+ }
+ XML_SetUserData (pd.parser, &pd);
+ XML_SetElementHandler (pd.parser, _start, _end);
+ XML_SetCharacterDataHandler (pd.parser, _cdata);
+
+ /* init parser data */
+ pd.state = STATE_NONE;
+ lang = getenv ("LANG");
+ if (lang != NULL) {
+ int n;
+ pd.lang = kit_strdup (lang);
+ if (pd.lang == NULL) {
+ polkit_error_set_error (error, POLKIT_ERROR_OUT_OF_MEMORY,
+ "Cannot load PolicyKit policy file at '%s': No memory for lang",
+ path);
+ goto error;
+ }
+ for (n = 0; pd.lang[n] != '\0'; n++) {
+ if (pd.lang[n] == '.') {
+ pd.lang[n] = '\0';
+ break;
+ }
+ }
+ }
+
+ xml_res = XML_Parse (pd.parser, buf, buflen, 1);
+
+ if (xml_res == 0) {
+ if (XML_GetErrorCode (pd.parser) == XML_ERROR_NO_MEMORY) {
+ polkit_error_set_error (error, POLKIT_ERROR_OUT_OF_MEMORY,
+ "Out of memory parsing %s",
+ path);
+ } else if (pd.is_oom) {
+ polkit_error_set_error (error, POLKIT_ERROR_OUT_OF_MEMORY,
+ "Out of memory parsing %s",
+ path);
+ } else {
+ polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID,
+ "%s:%d: parse error: %s",
+ path,
+ (int) XML_GetCurrentLineNumber (pd.parser),
+ XML_ErrorString (XML_GetErrorCode (pd.parser)));
+ }
+ XML_ParserFree (pd.parser);
+ goto error;
+ }
+
+ XML_ParserFree (pd.parser);
+ kit_free (buf);
+ pd_unref_data (&pd);
+
+ return FALSE; /* TODO */
+error:
+ pd_unref_data (&pd);
+ kit_free (buf);
+ return FALSE; /* TODO */
+}
diff --git a/src/polkit/polkit-action-description.h b/src/polkit/polkit-action-description.h
new file mode 100644
index 0000000..e95865c
--- /dev/null
+++ b/src/polkit/polkit-action-description.h
@@ -0,0 +1,92 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-policy-file-entry.h : entries in policy files
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use, copy,
+ * modify, merge, publish, distribute, sublicense, and/or sell copies
+ * of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_ACTION_DESCRIPTION_H
+#define POLKIT_ACTION_DESCRIPTION_H
+
+#include <polkit/polkit-types.h>
+#include <polkit/polkit-result.h>
+#include <polkit/polkit-implicit-authorization.h>
+#include <polkit/polkit-error.h>
+
+POLKIT_BEGIN_DECLS
+
+struct _PolKitActionDescription;
+typedef struct _PolKitActionDescription PolKitActionDescription;
+
+/**
+ * PolKitActionDescriptionAnnotationsForeachFunc:
+ * @action_description: the policy file entry
+ * @key: key of the annotation
+ * @value: corrosponding value of the annotation
+ * @user_data: user data passed to polkit_action_description_annotations_foreach()
+ *
+ * Callback function for polkit_action_description_annotations_foreach().
+ *
+ * Returns: Pass #TRUE to short-circuit, e.g. stop the iteration
+ **/
+typedef polkit_bool_t (*PolKitActionDescriptionAnnotationsForeachFunc) (PolKitActionDescription *action_description,
+ const char *key,
+ const char *value,
+ void *user_data);
+
+PolKitActionDescription *polkit_action_description_ref (PolKitActionDescription *action_description);
+void polkit_action_description_unref (PolKitActionDescription *action_description);
+void polkit_action_description_debug (PolKitActionDescription *action_description);
+
+const char *polkit_action_description_get_id (PolKitActionDescription *action_description);
+PolKitImplicitAuthorization *polkit_action_description_get_implicit_authorization (PolKitActionDescription *action_description);
+
+const char *polkit_action_description_get_action_description (PolKitActionDescription *action_description);
+const char *polkit_action_description_get_action_message (PolKitActionDescription *action_description);
+
+const char *polkit_action_description_get_action_vendor (PolKitActionDescription *action_description);
+const char *polkit_action_description_get_action_vendor_url (PolKitActionDescription *action_description);
+const char *polkit_action_description_get_action_icon_name (PolKitActionDescription *action_description);
+
+polkit_bool_t polkit_action_description_annotations_foreach (PolKitActionDescription *action_description,
+ PolKitActionDescriptionAnnotationsForeachFunc cb,
+ void *user_data);
+const char *polkit_action_description_get_annotation (PolKitActionDescription *action_description,
+ const char *key);
+
+PolKitImplicitAuthorization *polkit_action_description_get_implicit_authorization_factory (PolKitActionDescription *action_description);
+polkit_bool_t polkit_action_description_set_implicit_authorization (PolKitActionDescription *action_description,
+ PolKitImplicitAuthorization *implicit_authorzation,
+ PolKitError **error);
+
+POLKIT_END_DECLS
+
+#endif /* POLKIT_ACTION_DESCRIPTION_H */
+
+
diff --git a/src/polkit/polkit-authorization-db.c b/src/polkit/polkit-authorization-db.c
index 37529a3..2797b31 100644
--- a/src/polkit/polkit-authorization-db.c
+++ b/src/polkit/polkit-authorization-db.c
@@ -134,22 +134,6 @@ oom:
return authdb;
}
-polkit_bool_t
-_polkit_authorization_db_pfe_foreach (PolKitPolicyCache *policy_cache,
- PolKitPolicyCacheForeachFunc callback,
- void *user_data)
-{
- return FALSE;
-}
-
-PolKitPolicyFileEntry*
-_polkit_authorization_db_pfe_get_by_id (PolKitPolicyCache *policy_cache,
- const char *action_id)
-{
- return NULL;
-}
-
-
/**
* polkit_authorization_db_ref:
* @authdb: the object
diff --git a/src/polkit/polkit-context.c b/src/polkit/polkit-context.c
index 1417b77..fac4f12 100644
--- a/src/polkit/polkit-context.c
+++ b/src/polkit/polkit-context.c
@@ -31,31 +31,25 @@
# include <config.h>
#endif
+#define _GNU_SOURCE
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
+#if HAVE_SOLARIS
+#include <sys/stat.h>
+#endif
#include <pwd.h>
#include <grp.h>
#include <unistd.h>
#include <errno.h>
-#ifdef HAVE_SOLARIS
-#include <port.h>
-#include <sys/stat.h>
-#else
-#ifdef HAVE_INOTIFY
-#include <sys/inotify.h>
-#elif HAVE_KQUEUE
-#include <sys/event.h>
-#include <sys/time.h>
-#include <fcntl.h>
-#endif
-#endif
#include <syslog.h>
+#include <fcntl.h>
+#include <dirent.h>
#include "polkit-debug.h"
#include "polkit-context.h"
-#include "polkit-policy-cache.h"
#include "polkit-private.h"
#include "polkit-test.h"
@@ -103,28 +97,11 @@ struct _PolKitContext
PolKitContextConfigChangedCB config_changed_cb;
void *config_changed_user_data;
- PolKitContextAddIOWatch io_add_watch_func;
- PolKitContextRemoveIOWatch io_remove_watch_func;
-
char *policy_dir;
- PolKitPolicyCache *priv_cache;
-
PolKitAuthorizationDB *authdb;
- polkit_bool_t load_descriptions;
-
-#ifdef HAVE_INOTIFY
- int inotify_fd;
- int inotify_fd_watch_id;
- int inotify_policy_wd;
- int inotify_grant_perm_wd;
-#elif HAVE_KQUEUE
- int kqueue_fd;
- int kqueue_fd_watch_id;
- int kqueue_policy_fd;
- int kqueue_grant_perm_fd;
-#endif
+ KitList *action_descriptions;
};
/**
@@ -158,230 +135,16 @@ polkit_context_new (void)
polkit_bool_t
polkit_context_init (PolKitContext *pk_context, PolKitError **error)
{
-#ifdef HAVE_KQUEUE
- struct kevent ev;
-#endif
kit_return_val_if_fail (pk_context != NULL, FALSE);
pk_context->policy_dir = kit_strdup (PACKAGE_DATA_DIR "/polkit-1/actions");
polkit_debug ("Using policy files from directory %s", pk_context->policy_dir);
- /* NOTE: we don't populate the cache until it's needed.. */
-
- /* NOTE: we don't load the configuration file until it's needed */
-
-#ifdef HAVE_SOLARIS
- if (pk_context->io_add_watch_func != NULL) {
- pk_context->inotify_fd = port_create ();
- if (pk_context->inotify_fd < 0) {
- polkit_debug ("failed to port_create: %s", strerror (errno));
- /* TODO: set error */
- goto error;
- }
-
- /* Watch the /usr/share/polkit-1/actions directory */
- pk_context->inotify_policy_wd = port_add_watch (pk_context->inotify_fd,
- PACKAGE_DATA_DIR "/polkit-1/actions",
- FILE_MODIFIED | FILE_ATTRIB);
- if (pk_context->inotify_policy_wd < 0) {
- polkit_debug ("failed to add watch on directory '" PACKAGE_DATA_DIR "/polkit-1/actions': %s",
- strerror (errno));
- /* TODO: set error */
- goto error;
- }
-
-#ifdef POLKIT_AUTHDB_DEFAULT
- /* Watch the /var/lib/misc/polkit-1.reload file */
- pk_context->inotify_grant_perm_wd = port_add_watch (pk_context->inotify_fd,
- PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload",
- FILE_MODIFIED | FILE_ATTRIB);
- if (pk_context->inotify_grant_perm_wd < 0) {
- polkit_debug ("failed to add watch on file '" PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload': %s",
- strerror (errno));
- /* TODO: set error */
- goto error;
- }
-#endif
-
- pk_context->inotify_fd_watch_id = pk_context->io_add_watch_func (pk_context, pk_context->inotify_fd);
- if (pk_context->inotify_fd_watch_id == 0) {
- polkit_debug ("failed to add io watch");
- /* TODO: set error */
- goto error;
- }
- }
-#elif HAVE_KQUEUE
- if (pk_context->io_add_watch_func != NULL) {
- pk_context->kqueue_fd = kqueue ();
- if (pk_context->kqueue_fd < 0) {
- polkit_debug ("failed to initialize kqueue: %s", strerror (errno));
- /* TODO: set error */
- goto error;
- }
-
- /* Watch the /usr/share/polkit-1/actions directory */
- pk_context->kqueue_policy_fd = open (PACKAGE_DATA_DIR "/polkit-1/actions", O_RDONLY);
- if (pk_context->kqueue_policy_fd < 0) {
- polkit_debug ("failed to open '" PACKAGE_DATA_DIR "/polkit-1/actions for reading: %s",
- strerror (errno));
- /* TODO: set error */
- goto error;
- }
-
- EV_SET (&ev, pk_context->kqueue_policy_fd, EVFILT_VNODE,
- EV_ADD | EV_ENABLE | EV_CLEAR,
- NOTE_DELETE | NOTE_EXTEND | NOTE_WRITE | NOTE_RENAME,
- 0, 0);
- if (kevent (pk_context->kqueue_fd, &ev, 1, NULL, 0, NULL) == -1) {
- polkit_debug ("failed to add watch on directory '" PACKAGE_DATA_DIR "/polkit-1/actions': %s",
- strerror (errno));
- close (pk_context->kqueue_policy_fd);
- /* TODO: set error */
- goto error;
- }
-
-#ifdef POLKIT_AUTHDB_DEFAULT
- /* Watch the /var/lib/misc/polkit-1.reload file */
- pk_context->kqueue_grant_perm_fd = open (PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload", O_RDONLY);
- if (pk_context->kqueue_grant_perm_fd < 0) {
- polkit_debug ("failed to open '" PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload' for reading: %s",
- strerror (errno));
- /* TODO: set error */
- goto error;
- }
-
- EV_SET (&ev, pk_context->kqueue_grant_perm_fd, EVFILT_VNODE,
- EV_ADD | EV_ENABLE | EV_CLEAR,
- NOTE_DELETE | NOTE_EXTEND | NOTE_WRITE | NOTE_RENAME | NOTE_ATTRIB,
- 0, 0);
- if (kevent (pk_context->kqueue_fd, &ev, 1, NULL, 0, NULL) == -1) {
- polkit_debug ("failed to add watch on file '" PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload': %s",
- strerror (errno));
- close (pk_context->kqueue_grant_perm_fd);
- /* TODO: set error */
- goto error;
- }
-#endif
-
- pk_context->kqueue_fd_watch_id = pk_context->io_add_watch_func (pk_context, pk_context->kqueue_fd);
- if (pk_context->kqueue_fd_watch_id == 0) {
- polkit_debug ("failed to add io watch");
- /* TODO: set error */
- goto error;
- }
- }
-#else
- if (pk_context->io_add_watch_func != NULL) {
- pk_context->inotify_fd = inotify_init ();
- if (pk_context->inotify_fd < 0) {
- polkit_debug ("failed to initialize inotify: %s", strerror (errno));
- /* TODO: set error */
- goto error;
- }
-
- /* Watch the /usr/share/polkit-1/actions directory */
- pk_context->inotify_policy_wd = inotify_add_watch (pk_context->inotify_fd,
- PACKAGE_DATA_DIR "/polkit-1/actions",
- IN_MODIFY | IN_CREATE | IN_DELETE | IN_ATTRIB);
- if (pk_context->inotify_policy_wd < 0) {
- polkit_debug ("failed to add watch on directory '" PACKAGE_DATA_DIR "/polkit-1/actions': %s",
- strerror (errno));
- /* TODO: set error */
- goto error;
- }
-
-#ifdef POLKIT_AUTHDB_DEFAULT
- /* Watch the /var/lib/misc/polkit-1.reload file */
- pk_context->inotify_grant_perm_wd = inotify_add_watch (pk_context->inotify_fd,
- PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload",
- IN_MODIFY | IN_CREATE | IN_ATTRIB);
- if (pk_context->inotify_grant_perm_wd < 0) {
- polkit_debug ("failed to add watch on file '" PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload': %s",
- strerror (errno));
- /* TODO: set error */
- goto error;
- }
-#endif
-
- pk_context->inotify_fd_watch_id = pk_context->io_add_watch_func (pk_context, pk_context->inotify_fd);
- if (pk_context->inotify_fd_watch_id == 0) {
- polkit_debug ("failed to add io watch");
- /* TODO: set error */
- goto error;
- }
- }
-#endif
-
return TRUE;
-error:
- return FALSE;
-}
-
-#ifdef HAVE_SOLARIS
-
-struct fileportinfo {
- struct file_obj fobj;
- int events;
- int port;
-};
-
-/**
- * port_add_watch:
- * @port: the port object
- * @name: filename which will be added to the port
- * @events: the event which will be watched for
- *
- * add file watch .
- *
- * Returns: the object
- **/
-int
-port_add_watch (int port, const char *name, uint32_t events)
-{
- struct fileportinfo *fpi;
-
- if ( (fpi = kit_malloc (sizeof(struct fileportinfo)) ) == NULL ) {
- polkit_debug ("Faile to kit_malloc!");
- /* TODO: set error */
- return -1;
- }
-
- fpi->fobj.fo_name = strdup (name);
- fpi->events = events;
- fpi->port = port;
-
- if ( file_associate (fpi, events) < 0 ) {
- polkit_debug ("Failed to associate with file %s: %s", fpi->fobj.fo_name, strerror (errno));
- /* TODO: set error */
- return -1;
- }
- return 0;
-}
-
-int
-file_associate (struct fileportinfo *fpinfo, int events)
-{
- struct stat sb;
-
- if ( stat (fpinfo->fobj.fo_name, &sb) == -1) {
- polkit_debug ("Failed to stat file %s: %s", fpinfo->fobj.fo_name, strerror (errno));
- /* TODO: set error */
- return -1;
- }
-
- fpinfo->fobj.fo_atime = sb.st_atim;
- fpinfo->fobj.fo_mtime = sb.st_mtim;
- fpinfo->fobj.fo_ctime = sb.st_ctim;
-
- if ( port_associate (fpinfo->port, PORT_SOURCE_FILE, (uintptr_t)&(fpinfo->fobj), events, (void *)fpinfo ) == -1) {
- polkit_debug ("Failed to register file %s: %s", fpinfo->fobj.fo_name, strerror (errno));
- /* TODO: set error */
- return -1;
- }
- return 0;
+ //error:
+ //return FALSE;
}
-#endif
/**
* polkit_context_ref:
@@ -451,224 +214,6 @@ polkit_context_set_config_changed (PolKitContext *pk_context,
}
/**
- * polkit_context_io_func:
- * @pk_context: the object
- * @fd: the file descriptor passed to the supplied function of type #PolKitContextAddIOWatch.
- *
- * Method that the application must call when there is data to read
- * from a file descriptor registered with the supplied function of
- * type #PolKitContextAddIOWatch.
- **/
-void
-polkit_context_io_func (PolKitContext *pk_context, int fd)
-{
- polkit_bool_t config_changed;
-
- kit_return_if_fail (pk_context != NULL);
-
- polkit_debug ("polkit_context_io_func: data on fd %d", fd);
-
- config_changed = FALSE;
-
-#ifdef HAVE_SOLARIS
- if (fd == pk_context->inotify_fd) {
- port_event_t pe;
- struct file_obj *fobjp;
- struct fileportinfo *fpip;
-
- while ( !port_get (fd, &pe, NULL) ) {
- switch (pe.portev_source) {
- case PORT_SOURCE_FILE:
- fpip = (struct fileportinfo *)pe.portev_object;
- fobjp = &fpip->fobj;
- polkit_debug ("filename = %s, events = %d", fobjp->fo_name, pe.portev_events);
- config_changed = TRUE;
- polkit_debug ("Config changed");
- file_associate ((struct fileportinfo *)pe.portev_object, pe.portev_events);
- break;
- default:
- polkit_debug ("Event from unexpected source");
- }
- if ( config_changed )
- break;
- }
- }
-
-#elif HAVE_KQUEUE
- if (fd == pk_context->kqueue_fd) {
- struct kevent ev[1024];
- struct timespec nullts = { 0, 0 };
- int res;
- int i = 0;
-
- res = kevent (fd, NULL, 0, ev, 1024, &nullts);
-
- if (res > 0) {
- /* Sleep for a half-second to avoid potential races
- * during install/uninstall. */
- usleep (500000);
-
- while (i < res) {
- struct kevent *evptr;
-
- evptr = &ev[i];
- polkit_debug ("ident=%d filter=%d flags=%u fflags=%u",
- evptr->ident, evptr->filter, evptr->flags, evptr->fflags);
- polkit_debug ("config changed!");
- config_changed = TRUE;
-
- i++;
- }
- } else {
- polkit_debug ("failed to read kqueue event: %s", strerror (errno));
- }
- }
-#else
- if (fd == pk_context->inotify_fd) {
-/* size of the event structure, not counting name */
-#define EVENT_SIZE (sizeof (struct inotify_event))
-/* reasonable guess as to size of 1024 events */
-#define BUF_LEN (1024 * (EVENT_SIZE + 16))
- char buf[BUF_LEN];
- int len;
- int i = 0;
-again:
- len = read (fd, buf, BUF_LEN);
- if (len < 0) {
- if (errno == EINTR) {
- goto again;
- } else {
- polkit_debug ("read: %s", strerror (errno));
- }
- } else if (len > 0) {
- /* BUF_LEN too small? */
- }
- while (i < len) {
- struct inotify_event *event;
- event = (struct inotify_event *) &buf[i];
- polkit_debug ("wd=%d mask=%u cookie=%u len=%u",
- event->wd, event->mask, event->cookie, event->len);
-
- polkit_debug ("config changed!");
- config_changed = TRUE;
-
- i += EVENT_SIZE + event->len;
- }
- }
-#endif
-
- if (config_changed) {
- polkit_context_force_reload (pk_context);
-
- if (pk_context->config_changed_cb != NULL) {
- pk_context->config_changed_cb (pk_context,
- pk_context->config_changed_user_data);
- }
- }
-}
-
-/**
- * polkit_context_force_reload:
- * @pk_context: context
- *
- * Force a reload.
- *
- * Note that there is no reason to call this method in response to a
- * config changed callback.
- *
- * Since: 0.7
- */
-void
-polkit_context_force_reload (PolKitContext *pk_context)
-{
- kit_return_if_fail (pk_context != NULL);
-
- /* purge existing policy files */
- polkit_debug ("purging policy files");
- if (pk_context->priv_cache != NULL) {
- polkit_policy_cache_unref (pk_context->priv_cache);
- pk_context->priv_cache = NULL;
- }
-
-
- /* Purge authorization entries from the cache */
- _polkit_authorization_db_invalidate_cache (pk_context->authdb);
-}
-
-
-/**
- * polkit_context_set_io_watch_functions:
- * @pk_context: the context object
- * @io_add_watch_func: the function that the PolicyKit library can invoke to start watching a file descriptor
- * @io_remove_watch_func: the function that the PolicyKit library can invoke to stop watching a file descriptor
- *
- * Register a functions that PolicyKit can use for watching IO descriptors.
- *
- * This method must be called before polkit_context_init().
- **/
-void
-polkit_context_set_io_watch_functions (PolKitContext *pk_context,
- PolKitContextAddIOWatch io_add_watch_func,
- PolKitContextRemoveIOWatch io_remove_watch_func)
-{
- kit_return_if_fail (pk_context != NULL);
- pk_context->io_add_watch_func = io_add_watch_func;
- pk_context->io_remove_watch_func = io_remove_watch_func;
-}
-
-/**
- * polkit_context_set_load_descriptions:
- * @pk_context: the context
- *
- * Set whether policy descriptions should be loaded. By default these
- * are not loaded to keep memory use down. TODO: specify whether they
- * are localized and how.
- *
- * This method must be called before polkit_context_init().
- **/
-void
-polkit_context_set_load_descriptions (PolKitContext *pk_context)
-{
- kit_return_if_fail (pk_context != NULL);
- pk_context->load_descriptions = TRUE;
-}
-
-/**
- * polkit_context_get_policy_cache:
- * @pk_context: the context
- *
- * Get the #PolKitPolicyCache object that holds all the defined policies as well as their defaults.
- *
- * Returns: the #PolKitPolicyCache object. Caller shall not unref it.
- **/
-PolKitPolicyCache *
-polkit_context_get_policy_cache (PolKitContext *pk_context)
-{
- kit_return_val_if_fail (pk_context != NULL, NULL);
-
- if (pk_context->priv_cache == NULL) {
- PolKitError *error;
-
- polkit_debug ("Populating cache from directory %s", pk_context->policy_dir);
-
- error = NULL;
- pk_context->priv_cache = _polkit_policy_cache_new (pk_context->policy_dir,
- pk_context->load_descriptions,
- &error);
- if (pk_context->priv_cache == NULL) {
- kit_warning ("Error loading policy files from %s: %s",
- pk_context->policy_dir, polkit_error_get_error_message (error));
- polkit_error_free (error);
- } else {
- polkit_policy_cache_debug (pk_context->priv_cache);
- }
- }
-
- return pk_context->priv_cache;
-}
-
-
-/**
* polkit_context_is_session_authorized:
* @pk_context: the PolicyKit context
* @action: the type of access to check for
@@ -689,7 +234,7 @@ polkit_context_is_session_authorized (PolKitContext *pk_context,
PolKitSession *session,
PolKitError **error)
{
- PolKitPolicyCache *cache;
+ //PolKitPolicyCache *cache;
PolKitResult result_from_grantdb;
polkit_bool_t from_authdb;
polkit_bool_t from_authdb_negative;
@@ -707,9 +252,9 @@ polkit_context_is_session_authorized (PolKitContext *pk_context,
if (!polkit_session_validate (session))
goto out;
- cache = polkit_context_get_policy_cache (pk_context);
- if (cache == NULL)
- goto out;
+ //cache = polkit_context_get_policy_cache (pk_context);
+ //if (cache == NULL)
+ // goto out;
result_from_grantdb = POLKIT_RESULT_UNKNOWN;
from_authdb_negative = FALSE;
@@ -731,15 +276,15 @@ polkit_context_is_session_authorized (PolKitContext *pk_context,
/* Otherwise, unless we found a negative auth, fall back to defaults as specified in the .policy file */
if (!from_authdb_negative) {
- PolKitPolicyFileEntry *pfe;
+ PolKitActionDescription *pfe;
- pfe = polkit_policy_cache_get_entry (cache, action);
+ pfe = NULL; //pfe = polkit_policy_cache_get_entry (cache, action);
if (pfe != NULL) {
- PolKitPolicyDefault *policy_default;
+ PolKitImplicitAuthorization *implicit_authorization;
- policy_default = polkit_policy_file_entry_get_default (pfe);
- if (policy_default != NULL) {
- result = polkit_policy_default_can_session_do_action (policy_default, action, session);
+ implicit_authorization = polkit_action_description_get_implicit_authorization (pfe);
+ if (implicit_authorization != NULL) {
+ result = polkit_implicit_authorization_can_session_do_action (implicit_authorization, action, session);
}
}
}
@@ -797,7 +342,7 @@ polkit_context_is_caller_authorized (PolKitContext *pk_context,
polkit_bool_t revoke_if_one_shot,
PolKitError **error)
{
- PolKitPolicyCache *cache;
+ //PolKitPolicyCache *cache;
PolKitResult result;
PolKitResult result_from_grantdb;
polkit_bool_t from_authdb;
@@ -809,9 +354,9 @@ polkit_context_is_caller_authorized (PolKitContext *pk_context,
if (action == NULL || caller == NULL)
goto out;
- cache = polkit_context_get_policy_cache (pk_context);
- if (cache == NULL)
- goto out;
+ //cache = polkit_context_get_policy_cache (pk_context);
+ //if (cache == NULL)
+ // goto out;
/* now validate the incoming objects */
if (!polkit_action_validate (action))
@@ -840,15 +385,15 @@ polkit_context_is_caller_authorized (PolKitContext *pk_context,
/* Otherwise, unless we found a negative auth, fall back to defaults as specified in the .policy file */
if (!from_authdb_negative) {
- PolKitPolicyFileEntry *pfe;
+ PolKitActionDescription *pfe;
- pfe = polkit_policy_cache_get_entry (cache, action);
+ pfe = NULL; //pfe = polkit_policy_cache_get_entry (cache, action);
if (pfe != NULL) {
- PolKitPolicyDefault *policy_default;
+ PolKitImplicitAuthorization *implicit_authorization;
- policy_default = polkit_policy_file_entry_get_default (pfe);
- if (policy_default != NULL) {
- result = polkit_policy_default_can_caller_do_action (policy_default, action, caller);
+ implicit_authorization = polkit_action_description_get_implicit_authorization (pfe);
+ if (implicit_authorization != NULL) {
+ result = polkit_implicit_authorization_can_caller_do_action (implicit_authorization, action, caller);
}
}
}
@@ -864,51 +409,6 @@ out:
}
/**
- * polkit_context_can_session_do_action:
- * @pk_context: the PolicyKit context
- * @action: the type of access to check for
- * @session: the session in question
- *
- * Determine if a given session can do a given action.
- *
- * This can fail with the following errors:
- * #POLKIT_ERROR_NOT_AUTHORIZED_TO_READ_AUTHORIZATIONS_FOR_OTHER_USERS
- *
- * Returns: A #PolKitResult - can only be one of
- * #POLKIT_RESULT_YES, #POLKIT_RESULT_NO.
- *
- * Deprecated: 0.7: use polkit_context_is_session_authorized() instead.
- */
-PolKitResult
-polkit_context_can_session_do_action (PolKitContext *pk_context,
- PolKitAction *action,
- PolKitSession *session)
-{
- return polkit_context_is_session_authorized (pk_context, action, session, NULL);
-}
-
-/**
- * polkit_context_can_caller_do_action:
- * @pk_context: the PolicyKit context
- * @action: the type of access to check for
- * @caller: the caller in question
- *
- * Determine if a given caller can do a given action.
- *
- * Returns: A #PolKitResult specifying if, and how, the caller can
- * do a specific action
- *
- * Deprecated: 0.7: use polkit_context_is_caller_authorized() instead.
- */
-PolKitResult
-polkit_context_can_caller_do_action (PolKitContext *pk_context,
- PolKitAction *action,
- PolKitCaller *caller)
-{
- return polkit_context_is_caller_authorized (pk_context, action, caller, FALSE, NULL);
-}
-
-/**
* polkit_context_get_authorization_db:
* @pk_context: the PolicyKit context
*
@@ -941,4 +441,182 @@ KitTest _test_context = {
_run_test
};
+
#endif /* POLKIT_BUILD_TESTS */
+
+
+static polkit_bool_t
+_prepend_entry (PolKitActionDescription *action_description,
+ void *user_data)
+{
+ KitList *l;
+ PolKitContext *pk_context = user_data;
+
+ polkit_action_description_ref (action_description);
+ l = kit_list_prepend (pk_context->action_descriptions, action_description);
+ if (l == NULL) {
+ polkit_action_description_unref (action_description);
+ goto oom;
+ }
+ pk_context->action_descriptions = l;
+ return FALSE;
+oom:
+ return TRUE;
+}
+
+static void
+get_descriptions (PolKitContext *pk_context, PolKitError **error)
+{
+ DIR *dir;
+#ifdef HAVE_READDIR64
+ struct dirent64 *d;
+#else
+ struct dirent *d;
+#endif
+ struct stat statbuf;
+ const char *dirname = PACKAGE_DATA_DIR "/polkit-1/actions";
+
+ dir = NULL;
+
+ dir = opendir (dirname);
+ if (dir == NULL) {
+ polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID,
+ "Cannot load policy files from directory %s: %m",
+ dirname);
+ goto out;
+ }
+
+#ifdef HAVE_READDIR64
+ while ((d = readdir64 (dir)) != NULL) {
+#else
+ while ((d = readdir (dir)) != NULL) {
+#endif
+ char *path;
+ PolKitError *pk_error;
+ size_t name_len;
+ char *filename;
+ static const char suffix[] = ".policy";
+
+ path = kit_strdup_printf ("%s/%s", dirname, d->d_name);
+ if (path == NULL) {
+ polkit_error_set_error (error, POLKIT_ERROR_OUT_OF_MEMORY, "Out of memory");
+ goto out;
+ }
+
+ if (stat (path, &statbuf) != 0) {
+ polkit_error_set_error (error, POLKIT_ERROR_GENERAL_ERROR, "stat()");
+ kit_free (path);
+ goto out;
+ }
+
+ if (!S_ISREG (statbuf.st_mode)) {
+ kit_free (path);
+ continue;
+ }
+
+ filename = d->d_name;
+ name_len = strlen (filename);
+ if (name_len < sizeof (suffix) || strcmp ((filename + name_len - sizeof (suffix) + 1), suffix) != 0) {
+ kit_free (path);
+ continue;
+ }
+
+ polkit_debug ("Loading %s", path);
+ pk_error = NULL;
+
+ if (polkit_action_description_get_from_file (path, _prepend_entry, pk_context, &pk_error)) {
+ /* OOM failure from _prepend_entry */
+ polkit_error_set_error (error, POLKIT_ERROR_OUT_OF_MEMORY, "Out of memory");
+ goto out;
+ }
+
+ if (polkit_error_is_set (pk_error)) {
+ if (polkit_error_get_error_code (pk_error) == POLKIT_ERROR_OUT_OF_MEMORY) {
+ if (error != NULL)
+ *error = pk_error;
+ else
+ polkit_error_free (pk_error);
+ goto out;
+ }
+
+ kit_warning ("ignoring malformed policy file: %s",
+ polkit_error_get_error_message (pk_error));
+ polkit_error_free (pk_error);
+ }
+
+ }
+ closedir (dir);
+
+ return;
+
+out:
+ if (dir != NULL)
+ closedir(dir);
+}
+
+static void
+ensure_descriptions (PolKitContext *pk_context)
+{
+ PolKitError *error;
+ error = NULL;
+
+ if (pk_context->action_descriptions != NULL)
+ goto out;
+
+ get_descriptions (pk_context, &error);
+ if (polkit_error_is_set (error)) {
+ kit_warning ("Error loading policy files: %s: %s",
+ polkit_error_get_error_name (error),
+ polkit_error_get_error_message (error));
+ polkit_error_free (error);
+ goto out;
+ }
+
+ out:
+ ;
+}
+
+polkit_bool_t
+polkit_context_action_description_foreach (PolKitContext *pk_context,
+ PolKitActionDescriptionForeachFunc cb,
+ void *user_data)
+{
+ KitList *l;
+ polkit_bool_t short_circuit;
+
+ ensure_descriptions (pk_context);
+
+ short_circuit = FALSE;
+ for (l = pk_context->action_descriptions; l != NULL; l = l->next) {
+ PolKitActionDescription *action_description = l->data;
+
+ if (cb (action_description, user_data)) {
+ short_circuit = TRUE;
+ break;
+ }
+ }
+
+ return short_circuit;
+}
+
+PolKitActionDescription *
+polkit_context_get_action_description (PolKitContext *pk_context,
+ const char *action_id)
+{
+ KitList *l;
+ PolKitActionDescription *action_description;
+
+ ensure_descriptions (pk_context);
+
+ action_description = NULL;
+
+ for (l = pk_context->action_descriptions; l != NULL; l = l->next) {
+ PolKitActionDescription *ad = l->data;
+ if (strcmp (polkit_action_description_get_id (ad), action_id) == 0) {
+ action_description = ad;
+ break;
+ }
+ }
+
+ return action_description;
+}
diff --git a/src/polkit/polkit-context.h b/src/polkit/polkit-context.h
index 9c90a9c..3c14e4f 100644
--- a/src/polkit/polkit-context.h
+++ b/src/polkit/polkit-context.h
@@ -39,10 +39,10 @@
#include <polkit/polkit-result.h>
#include <polkit/polkit-context.h>
#include <polkit/polkit-action.h>
+#include <polkit/polkit-action-description.h>
#include <polkit/polkit-seat.h>
#include <polkit/polkit-session.h>
#include <polkit/polkit-caller.h>
-#include <polkit/polkit-policy-cache.h>
#include <polkit/polkit-authorization-db.h>
POLKIT_BEGIN_DECLS
@@ -75,104 +75,26 @@ typedef void (*PolKitContextConfigChangedCB) (PolKitContext *pk_context,
void *user_data);
/**
- * PolKitContextAddIOWatch:
- * @pk_context: the polkit context
- * @fd: the file descriptor to watch
- *
- * Type for function supplied by the application to integrate a watch
- * on a file descriptor into the applications main loop. The
- * application must call polkit_context_io_func() when there is data
- * to read from the file descriptor.
- *
- * For glib mainloop, the function will typically look like this:
- *
- * <programlisting>
- * static gboolean
- * io_watch_have_data (GIOChannel *channel, GIOCondition condition, gpointer user_data)
- * {
- * int fd;
- * PolKitContext *pk_context = user_data;
- * fd = g_io_channel_unix_get_fd (channel);
- * polkit_context_io_func (pk_context, fd);
- * return TRUE;
- * }
- *
- * static int
- * io_add_watch (PolKitContext *pk_context, int fd)
- * {
- * guint id = 0;
- * GIOChannel *channel;
- * channel = g_io_channel_unix_new (fd);
- * if (channel == NULL)
- * goto out;
- * id = g_io_add_watch (channel, G_IO_IN, io_watch_have_data, pk_context);
- * if (id == 0) {
- * g_io_channel_unref (channel);
- * goto out;
- * }
- * g_io_channel_unref (channel);
- * out:
- * return id;
- * }
- * </programlisting>
- *
- * Returns: 0 if the watch couldn't be set up; otherwise an unique
- * identifier for the watch.
- **/
-typedef int (*PolKitContextAddIOWatch) (PolKitContext *pk_context, int fd);
-
-/**
- * PolKitContextRemoveIOWatch:
- * @pk_context: the context object
- * @watch_id: the id obtained from using the supplied function
- * of type #PolKitContextAddIOWatch
- *
- * Type for function supplied by the application to remove a watch set
- * up via the supplied function of type #PolKitContextAddIOWatch
- *
- * For the glib mainloop, the function will typically look like this:
+ * PolKitActionDescriptionForeachFunc:
+ * @action_description: the entry
+ * @user_data: user data
*
- * <programlisting>
- * static void
- * io_remove_watch (PolKitContext *pk_context, int watch_id)
- * {
- * g_source_remove (watch_id);
- * }
- * </programlisting>
+ * Type for function used in to iterate over action descriptions.
*
+ * Returns: #TRUE to short-circuit, e.g. stop the iteration
**/
-typedef void (*PolKitContextRemoveIOWatch) (PolKitContext *pk_context, int watch_id);
-
+typedef polkit_bool_t (*PolKitActionDescriptionForeachFunc) (PolKitActionDescription *action_description,
+ void *user_data);
PolKitContext *polkit_context_new (void);
void polkit_context_set_config_changed (PolKitContext *pk_context,
PolKitContextConfigChangedCB cb,
void *user_data);
-void polkit_context_set_io_watch_functions (PolKitContext *pk_context,
- PolKitContextAddIOWatch io_add_watch_func,
- PolKitContextRemoveIOWatch io_remove_watch_func);
-void polkit_context_set_load_descriptions (PolKitContext *pk_context);
polkit_bool_t polkit_context_init (PolKitContext *pk_context,
PolKitError **error);
PolKitContext *polkit_context_ref (PolKitContext *pk_context);
void polkit_context_unref (PolKitContext *pk_context);
-void polkit_context_force_reload (PolKitContext *pk_context);
-
-void polkit_context_io_func (PolKitContext *pk_context, int fd);
-
-PolKitPolicyCache *polkit_context_get_policy_cache (PolKitContext *pk_context);
-
-POLKIT_GNUC_DEPRECATED
-PolKitResult polkit_context_can_session_do_action (PolKitContext *pk_context,
- PolKitAction *action,
- PolKitSession *session);
-
-POLKIT_GNUC_DEPRECATED
-PolKitResult polkit_context_can_caller_do_action (PolKitContext *pk_context,
- PolKitAction *action,
- PolKitCaller *caller);
-
PolKitResult polkit_context_is_caller_authorized (PolKitContext *pk_context,
PolKitAction *action,
PolKitCaller *caller,
@@ -184,6 +106,20 @@ PolKitResult polkit_context_is_session_authorized (PolKitContext *pk_con
PolKitSession *session,
PolKitError **error);
+polkit_bool_t polkit_context_action_description_foreach (PolKitContext *pk_context,
+ PolKitActionDescriptionForeachFunc cb,
+ void *user_data);
+
+PolKitActionDescription *polkit_context_get_action_description (PolKitContext *pk_context,
+ const char *action_id);
+
+/* TODO: move to private static lib */
+polkit_bool_t polkit_action_description_get_from_file (const char *path,
+ PolKitActionDescriptionForeachFunc cb,
+ void *user_data,
+ PolKitError **error);
+
+
PolKitAuthorizationDB *polkit_context_get_authorization_db (PolKitContext *pk_context);
POLKIT_END_DECLS
diff --git a/src/polkit/polkit-implicit-authorization.c b/src/polkit/polkit-implicit-authorization.c
new file mode 100644
index 0000000..68aac21
--- /dev/null
+++ b/src/polkit/polkit-implicit-authorization.c
@@ -0,0 +1,572 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-implicit-authorization.c : policy definition for the defaults
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use, copy,
+ * modify, merge, publish, distribute, sublicense, and/or sell copies
+ * of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#include <errno.h>
+
+#include "polkit-debug.h"
+#include "polkit-error.h"
+#include "polkit-implicit-authorization.h"
+#include "polkit-private.h"
+#include "polkit-test.h"
+#include "polkit-private.h"
+
+/**
+ * SECTION:polkit-implicit-authorization
+ * @title: Defaults
+ * @short_description: Models the default policy for an action.
+ *
+ * This class records the default policy of an action.
+ **/
+
+/**
+ * PolKitImplicitAuthorization:
+ *
+ * Objects of this class are used to record information about a
+ * default policy for an action.
+ **/
+struct _PolKitImplicitAuthorization
+{
+ int refcount;
+ PolKitResult default_any;
+ PolKitResult default_inactive;
+ PolKitResult default_active;
+};
+
+/**
+ * polkit_implicit_authorization_new:
+ *
+ * Construct a new object with all defaults set as restrictive as possible.
+ *
+ * Returns: a new object or #NULL on OOM.
+ *
+ * Since: 0.7
+ */
+PolKitImplicitAuthorization *
+polkit_implicit_authorization_new (void)
+{
+ PolKitImplicitAuthorization *pd;
+
+ pd = kit_new0 (PolKitImplicitAuthorization, 1);
+ if (pd == NULL)
+ goto out;
+ pd->refcount = 1;
+ pd->default_any = POLKIT_RESULT_NO;
+ pd->default_inactive = POLKIT_RESULT_NO;
+ pd->default_active = POLKIT_RESULT_NO;
+out:
+ return pd;
+}
+
+/**
+ * polkit_implicit_authorization_clone:
+ * @implicit_authorization: object to clone
+ *
+ * Create a new object with the same value as the given object
+ *
+ * Returns: a new object or #NULL on OOM.
+ *
+ * Since: 0.7
+ */
+PolKitImplicitAuthorization *
+polkit_implicit_authorization_clone (PolKitImplicitAuthorization *implicit_authorization)
+{
+ PolKitImplicitAuthorization *pd;
+
+ kit_return_val_if_fail (implicit_authorization != NULL, NULL);
+
+ pd = polkit_implicit_authorization_new ();
+ if (pd == NULL)
+ goto out;
+ pd->refcount = 1;
+ pd->default_any = implicit_authorization->default_any;
+ pd->default_inactive = implicit_authorization->default_inactive;
+ pd->default_active = implicit_authorization->default_active;
+out:
+ return pd;
+}
+
+
+/**
+ * polkit_implicit_authorization_equals:
+ * @a: a #PolKitImplicitAuthorization object
+ * @b: a #PolKitImplicitAuthorization object
+ *
+ * Compare if two objects are equal.
+ *
+ * Returns: %TRUE only if the objects are equal
+ */
+polkit_bool_t
+polkit_implicit_authorization_equals (PolKitImplicitAuthorization *a, PolKitImplicitAuthorization *b)
+{
+ polkit_bool_t ret;
+
+ kit_return_val_if_fail (a != NULL, FALSE);
+ kit_return_val_if_fail (b != NULL, FALSE);
+
+ if (a->default_any == b->default_any &&
+ a->default_inactive == b->default_inactive &&
+ a->default_active == b->default_active) {
+ ret = TRUE;
+ } else {
+ ret = FALSE;
+ }
+
+ return ret;
+}
+
+PolKitImplicitAuthorization *
+_polkit_implicit_authorization_new (PolKitResult defaults_allow_any,
+ PolKitResult defaults_allow_inactive,
+ PolKitResult defaults_allow_active)
+{
+ PolKitImplicitAuthorization *pd;
+
+ pd = kit_new0 (PolKitImplicitAuthorization, 1);
+ if (pd == NULL)
+ goto out;
+ pd->refcount = 1;
+ pd->default_any = defaults_allow_any;
+ pd->default_inactive = defaults_allow_inactive;
+ pd->default_active = defaults_allow_active;
+out:
+ return pd;
+}
+
+/**
+ * polkit_implicit_authorization_ref:
+ * @implicit_authorization: the policy object
+ *
+ * Increase reference count.
+ *
+ * Returns: the object
+ **/
+PolKitImplicitAuthorization *
+polkit_implicit_authorization_ref (PolKitImplicitAuthorization *implicit_authorization)
+{
+ kit_return_val_if_fail (implicit_authorization != NULL, implicit_authorization);
+ implicit_authorization->refcount++;
+ return implicit_authorization;
+}
+
+/**
+ * polkit_implicit_authorization_unref:
+ * @implicit_authorization: the object
+ *
+ * Decreases the reference count of the object. If it becomes zero,
+ * the object is freed. Before freeing, reference counts on embedded
+ * objects are decresed by one.
+ **/
+void
+polkit_implicit_authorization_unref (PolKitImplicitAuthorization *implicit_authorization)
+{
+ kit_return_if_fail (implicit_authorization != NULL);
+ implicit_authorization->refcount--;
+ if (implicit_authorization->refcount > 0)
+ return;
+ kit_free (implicit_authorization);
+}
+
+/**
+ * polkit_implicit_authorization_debug:
+ * @implicit_authorization: the object
+ *
+ * Print debug details
+ **/
+void
+polkit_implicit_authorization_debug (PolKitImplicitAuthorization *implicit_authorization)
+{
+ kit_return_if_fail (implicit_authorization != NULL);
+ polkit_debug ("PolKitImplicitAuthorization: refcount=%d\n"
+ " default_any=%s\n"
+ " default_inactive=%s\n"
+ " default_active=%s",
+ implicit_authorization->refcount,
+ polkit_result_to_string_representation (implicit_authorization->default_any),
+ polkit_result_to_string_representation (implicit_authorization->default_inactive),
+ polkit_result_to_string_representation (implicit_authorization->default_active));
+}
+
+
+/**
+ * polkit_implicit_authorization_can_session_do_action:
+ * @implicit_authorization: the object
+ * @action: the type of access to check for
+ * @session: the session in question
+ *
+ * Using the default policy for an action, determine if a given
+ * session can do a given action.
+ *
+ * Returns: A #PolKitResult - can only be one of
+ * #POLKIT_RESULT_YES, #POLKIT_RESULT_NO.
+ **/
+PolKitResult
+polkit_implicit_authorization_can_session_do_action (PolKitImplicitAuthorization *implicit_authorization,
+ PolKitAction *action,
+ PolKitSession *session)
+{
+ polkit_bool_t is_local;
+ polkit_bool_t is_active;
+ PolKitResult ret;
+
+ ret = POLKIT_RESULT_NO;
+
+ kit_return_val_if_fail (implicit_authorization != NULL, ret);
+ kit_return_val_if_fail (action != NULL, ret);
+ kit_return_val_if_fail (session != NULL, ret);
+
+ ret = implicit_authorization->default_any;
+
+ polkit_session_get_ck_is_local (session, &is_local);
+ polkit_session_get_ck_is_active (session, &is_active);
+
+ if (!is_local)
+ goto out;
+
+ if (is_active) {
+ ret = implicit_authorization->default_active;
+ } else {
+ ret = implicit_authorization->default_inactive;
+ }
+out:
+ return ret;
+}
+
+/**
+ * polkit_implicit_authorization_can_caller_do_action:
+ * @implicit_authorization: the object
+ * @action: the type of access to check for
+ * @caller: the caller in question
+ *
+ * Using the default policy for an action, determine if a given
+ * caller can do a given action.
+ *
+ * Returns: A #PolKitResult specifying if, and how, the caller can
+ * do the given action.
+ **/
+PolKitResult
+polkit_implicit_authorization_can_caller_do_action (PolKitImplicitAuthorization *implicit_authorization,
+ PolKitAction *action,
+ PolKitCaller *caller)
+{
+ polkit_bool_t is_local;
+ polkit_bool_t is_active;
+ PolKitSession *session;
+ PolKitResult ret;
+
+ ret = POLKIT_RESULT_NO;
+
+ kit_return_val_if_fail (implicit_authorization != NULL, ret);
+ kit_return_val_if_fail (action != NULL, ret);
+ kit_return_val_if_fail (caller != NULL, ret);
+
+ ret = implicit_authorization->default_any;
+
+ polkit_caller_get_ck_session (caller, &session);
+ if (session == NULL)
+ goto out;
+
+ polkit_session_get_ck_is_local (session, &is_local);
+ polkit_session_get_ck_is_active (session, &is_active);
+
+ if (!is_local)
+ goto out;
+
+ if (is_active) {
+ ret = implicit_authorization->default_active;
+ } else {
+ ret = implicit_authorization->default_inactive;
+ }
+
+out:
+ return ret;
+}
+
+/**
+ * polkit_implicit_authorization_set_allow_any:
+ * @implicit_authorization: the object
+ * @value: the value to set
+ *
+ * Set default policy.
+ *
+ **/
+void
+polkit_implicit_authorization_set_allow_any (PolKitImplicitAuthorization *implicit_authorization, PolKitResult value)
+{
+ kit_return_if_fail (implicit_authorization != NULL);
+ implicit_authorization->default_any = value;
+}
+
+/**
+ * polkit_implicit_authorization_set_allow_inactive:
+ * @implicit_authorization: the object
+ * @value: the value to set
+ *
+ * Set default policy.
+ *
+ **/
+void
+polkit_implicit_authorization_set_allow_inactive (PolKitImplicitAuthorization *implicit_authorization, PolKitResult value)
+{
+ kit_return_if_fail (implicit_authorization != NULL);
+ implicit_authorization->default_inactive = value;
+}
+
+/**
+ * polkit_implicit_authorization_set_allow_active:
+ * @implicit_authorization: the object
+ * @value: the value to set
+ *
+ * Set default policy.
+ *
+ **/
+void
+polkit_implicit_authorization_set_allow_active (PolKitImplicitAuthorization *implicit_authorization, PolKitResult value)
+{
+ kit_return_if_fail (implicit_authorization != NULL);
+ implicit_authorization->default_active = value;
+}
+
+/**
+ * polkit_implicit_authorization_get_allow_any:
+ * @implicit_authorization: the object
+ *
+ * Get default policy.
+ *
+ * Returns: default policy
+ **/
+PolKitResult
+polkit_implicit_authorization_get_allow_any (PolKitImplicitAuthorization *implicit_authorization)
+{
+ kit_return_val_if_fail (implicit_authorization != NULL, POLKIT_RESULT_NO);
+ return implicit_authorization->default_any;
+}
+
+/**
+ * polkit_implicit_authorization_get_allow_inactive:
+ * @implicit_authorization: the object
+ *
+ * Get default policy.
+ *
+ * Returns: default policy
+ **/
+PolKitResult
+polkit_implicit_authorization_get_allow_inactive (PolKitImplicitAuthorization *implicit_authorization)
+{
+ kit_return_val_if_fail (implicit_authorization != NULL, POLKIT_RESULT_NO);
+ return implicit_authorization->default_inactive;
+}
+
+/**
+ * polkit_implicit_authorization_get_allow_active:
+ * @implicit_authorization: the object
+ *
+ * Get default policy.
+ *
+ * Returns: default policy
+ **/
+PolKitResult
+polkit_implicit_authorization_get_allow_active (PolKitImplicitAuthorization *implicit_authorization)
+{
+ kit_return_val_if_fail (implicit_authorization != NULL, POLKIT_RESULT_NO);
+ return implicit_authorization->default_active;
+}
+
+
+#ifdef POLKIT_BUILD_TESTS
+
+static polkit_bool_t
+_ts (PolKitSession *s, PolKitResult any, PolKitResult inactive, PolKitResult active, PolKitResult *ret)
+{
+ PolKitAction *a;
+ PolKitImplicitAuthorization *d;
+ polkit_bool_t oom;
+
+ oom = TRUE;
+
+ if (s == NULL)
+ goto out;
+
+ if ((a = polkit_action_new ()) != NULL) {
+ if (polkit_action_set_action_id (a, "org.dummy")) {
+ if ((d = _polkit_implicit_authorization_new (any,
+ inactive,
+ active)) != NULL) {
+ PolKitCaller *c;
+
+ *ret = polkit_implicit_authorization_can_session_do_action (d, a, s);
+ oom = FALSE;
+
+ if ((c = polkit_caller_new ()) != NULL) {
+ kit_assert (polkit_implicit_authorization_can_caller_do_action (d, a, c) == any);
+
+ kit_assert (polkit_caller_set_ck_session (c, s));
+ kit_assert (polkit_implicit_authorization_can_caller_do_action (d, a, c) == *ret);
+ polkit_caller_unref (c);
+ }
+
+ polkit_implicit_authorization_ref (d);
+ polkit_implicit_authorization_get_allow_any (d);
+ polkit_implicit_authorization_get_allow_inactive (d);
+ polkit_implicit_authorization_get_allow_active (d);
+ polkit_implicit_authorization_unref (d);
+ polkit_implicit_authorization_debug (d);
+ polkit_implicit_authorization_unref (d);
+ }
+ }
+ polkit_action_unref (a);
+ }
+
+out:
+ return oom;
+}
+
+static polkit_bool_t
+_run_test (void)
+{
+ PolKitResult ret;
+ PolKitSession *s_active;
+ PolKitSession *s_inactive;
+ PolKitSession *s_active_remote;
+ PolKitSession *s_inactive_remote;
+
+ if ((s_active = polkit_session_new ()) != NULL) {
+ if (!polkit_session_set_ck_objref (s_active, "/session1")) {
+ polkit_session_unref (s_active);
+ s_active = NULL;
+ } else {
+ kit_assert (polkit_session_set_ck_is_local (s_active, TRUE));
+ kit_assert (polkit_session_set_ck_is_active (s_active, TRUE));
+ }
+ }
+
+ if ((s_inactive = polkit_session_new ()) != NULL) {
+ if (!polkit_session_set_ck_objref (s_inactive, "/session2")) {
+ polkit_session_unref (s_inactive);
+ s_inactive = NULL;
+ } else {
+ kit_assert (polkit_session_set_ck_is_local (s_inactive, TRUE));
+ kit_assert (polkit_session_set_ck_is_active (s_inactive, FALSE));
+ }
+ }
+
+ if ((s_active_remote = polkit_session_new ()) != NULL) {
+ if (!polkit_session_set_ck_objref (s_active_remote, "/session3") ||
+ !polkit_session_set_ck_remote_host (s_active_remote, "remotehost.com")) {
+ polkit_session_unref (s_active_remote);
+ s_active_remote = NULL;
+ } else {
+ kit_assert (polkit_session_set_ck_is_local (s_active_remote, FALSE));
+ kit_assert (polkit_session_set_ck_is_active (s_active_remote, TRUE));
+ }
+ }
+
+ if ((s_inactive_remote = polkit_session_new ()) != NULL) {
+ if (!polkit_session_set_ck_objref (s_inactive_remote, "/session4") ||
+ !polkit_session_set_ck_remote_host (s_inactive_remote, "remotehost.com")) {
+ polkit_session_unref (s_inactive_remote);
+ s_inactive_remote = NULL;
+ } else {
+ kit_assert (polkit_session_set_ck_is_local (s_inactive_remote, FALSE));
+ kit_assert (polkit_session_set_ck_is_active (s_inactive_remote, FALSE));
+ }
+ }
+
+ kit_assert (_ts (s_active,
+ POLKIT_RESULT_NO, POLKIT_RESULT_NO, POLKIT_RESULT_YES, &ret) ||
+ ret == POLKIT_RESULT_YES);
+ kit_assert (_ts (s_inactive,
+ POLKIT_RESULT_NO, POLKIT_RESULT_NO, POLKIT_RESULT_YES, &ret) ||
+ ret == POLKIT_RESULT_NO);
+ kit_assert (_ts (s_active_remote,
+ POLKIT_RESULT_NO, POLKIT_RESULT_NO, POLKIT_RESULT_YES, &ret) ||
+ ret == POLKIT_RESULT_NO);
+ kit_assert (_ts (s_inactive_remote,
+ POLKIT_RESULT_NO, POLKIT_RESULT_NO, POLKIT_RESULT_YES, &ret) ||
+ ret == POLKIT_RESULT_NO);
+
+ kit_assert (_ts (s_active,
+ POLKIT_RESULT_NO, POLKIT_RESULT_YES, POLKIT_RESULT_YES, &ret) ||
+ ret == POLKIT_RESULT_YES);
+ kit_assert (_ts (s_inactive,
+ POLKIT_RESULT_NO, POLKIT_RESULT_YES, POLKIT_RESULT_YES, &ret) ||
+ ret == POLKIT_RESULT_YES);
+ kit_assert (_ts (s_active_remote,
+ POLKIT_RESULT_NO, POLKIT_RESULT_YES, POLKIT_RESULT_YES, &ret) ||
+ ret == POLKIT_RESULT_NO);
+ kit_assert (_ts (s_inactive_remote,
+ POLKIT_RESULT_NO, POLKIT_RESULT_YES, POLKIT_RESULT_YES, &ret) ||
+ ret == POLKIT_RESULT_NO);
+
+ kit_assert (_ts (s_active,
+ POLKIT_RESULT_YES, POLKIT_RESULT_YES, POLKIT_RESULT_YES, &ret) ||
+ ret == POLKIT_RESULT_YES);
+ kit_assert (_ts (s_inactive,
+ POLKIT_RESULT_YES, POLKIT_RESULT_YES, POLKIT_RESULT_YES, &ret) ||
+ ret == POLKIT_RESULT_YES);
+ kit_assert (_ts (s_active_remote,
+ POLKIT_RESULT_YES, POLKIT_RESULT_YES, POLKIT_RESULT_YES, &ret) ||
+ ret == POLKIT_RESULT_YES);
+ kit_assert (_ts (s_inactive_remote,
+ POLKIT_RESULT_YES, POLKIT_RESULT_YES, POLKIT_RESULT_YES, &ret) ||
+ ret == POLKIT_RESULT_YES);
+
+ if (s_active != NULL)
+ polkit_session_unref (s_active);
+
+ if (s_inactive != NULL)
+ polkit_session_unref (s_inactive);
+
+ if (s_active_remote != NULL)
+ polkit_session_unref (s_active_remote);
+
+ if (s_inactive_remote != NULL)
+ polkit_session_unref (s_inactive_remote);
+
+ return TRUE;
+}
+
+KitTest _test_implicit_authorization = {
+ "polkit_implicit_authorization",
+ NULL,
+ NULL,
+ _run_test
+};
+
+#endif /* POLKIT_BUILD_TESTS */
diff --git a/src/polkit/polkit-implicit-authorization.h b/src/polkit/polkit-implicit-authorization.h
new file mode 100644
index 0000000..3bc55e3
--- /dev/null
+++ b/src/polkit/polkit-implicit-authorization.h
@@ -0,0 +1,80 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * polkit-implicit-authorization.h : policy definition for the defaults
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use, copy,
+ * modify, merge, publish, distribute, sublicense, and/or sell copies
+ * of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ **************************************************************************/
+
+#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef POLKIT_IMPLICIT_AUTHORIZATION_H
+#define POLKIT_IMPLICIT_AUTHORIZATION_H
+
+#include <polkit/polkit-types.h>
+#include <polkit/polkit-result.h>
+#include <polkit/polkit-action.h>
+#include <polkit/polkit-session.h>
+#include <polkit/polkit-caller.h>
+#include <polkit/polkit-error.h>
+
+POLKIT_BEGIN_DECLS
+
+struct _PolKitImplicitAuthorization;
+typedef struct _PolKitImplicitAuthorization PolKitImplicitAuthorization;
+
+PolKitImplicitAuthorization *polkit_implicit_authorization_new (void);
+PolKitImplicitAuthorization *polkit_implicit_authorization_ref (PolKitImplicitAuthorization *implicit_authorization);
+void polkit_implicit_authorization_unref (PolKitImplicitAuthorization *implicit_authorization);
+void polkit_implicit_authorization_debug (PolKitImplicitAuthorization *implicit_authorization);
+PolKitImplicitAuthorization *polkit_implicit_authorization_clone (PolKitImplicitAuthorization *implicit_authorization);
+
+polkit_bool_t polkit_implicit_authorization_equals (PolKitImplicitAuthorization *a, PolKitImplicitAuthorization *b);
+
+PolKitResult polkit_implicit_authorization_can_session_do_action (PolKitImplicitAuthorization *implicit_authorization,
+ PolKitAction *action,
+ PolKitSession *session);
+
+PolKitResult polkit_implicit_authorization_can_caller_do_action (PolKitImplicitAuthorization *implicit_authorization,
+ PolKitAction *action,
+ PolKitCaller *caller);
+
+PolKitResult polkit_implicit_authorization_get_allow_any (PolKitImplicitAuthorization *implicit_authorization);
+PolKitResult polkit_implicit_authorization_get_allow_inactive (PolKitImplicitAuthorization *implicit_authorization);
+PolKitResult polkit_implicit_authorization_get_allow_active (PolKitImplicitAuthorization *implicit_authorization);
+
+void polkit_implicit_authorization_set_allow_any (PolKitImplicitAuthorization *implicit_authorization, PolKitResult value);
+void polkit_implicit_authorization_set_allow_inactive (PolKitImplicitAuthorization *implicit_authorization, PolKitResult value);
+void polkit_implicit_authorization_set_allow_active (PolKitImplicitAuthorization *implicit_authorization, PolKitResult value);
+
+
+/* TODO: export knobs for "default policy" */
+
+POLKIT_END_DECLS
+
+#endif /* POLKIT_IMPLICIT_AUTHORIZATION_H */
+
+
diff --git a/src/polkit/polkit-policy-cache.c b/src/polkit/polkit-policy-cache.c
deleted file mode 100644
index 1378759..0000000
--- a/src/polkit/polkit-policy-cache.c
+++ /dev/null
@@ -1,541 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-policy-cache.c : policy cache
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without
- * restriction, including without limitation the rights to use, copy,
- * modify, merge, publish, distribute, sublicense, and/or sell copies
- * of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be
- * included in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
- * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#define _GNU_SOURCE
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#if HAVE_SOLARIS
-#include <sys/stat.h>
-#endif
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-#include <syslog.h>
-#include <fcntl.h>
-#include <dirent.h>
-
-#include "polkit-debug.h"
-#include "polkit-policy-file.h"
-#include "polkit-policy-cache.h"
-#include "polkit-private.h"
-#include "polkit-test.h"
-
-/**
- * SECTION:polkit-policy-cache
- * @title: Policy Cache
- * @short_description: Holds the actions defined on the system.
- *
- * This class is used to hold all policy objects (stemming from policy
- * files) and provide look-up functions.
- **/
-
-/**
- * PolKitPolicyCache:
- *
- * Instances of this class are used to hold all policy objects
- * (stemming from policy files) and provide look-up functions.
- **/
-struct _PolKitPolicyCache
-{
- int refcount;
-
- KitList *priv_entries;
-};
-
-
-static polkit_bool_t
-_prepend_entry (PolKitPolicyFile *policy_file,
- PolKitPolicyFileEntry *policy_file_entry,
- void *user_data)
-{
- KitList *l;
- PolKitPolicyCache *policy_cache = user_data;
-
- polkit_policy_file_entry_ref (policy_file_entry);
- l = kit_list_prepend (policy_cache->priv_entries, policy_file_entry);
- if (l == NULL) {
- polkit_policy_file_entry_unref (policy_file_entry);
- goto oom;
- }
- policy_cache->priv_entries = l;
- return FALSE;
-oom:
- return TRUE;
-}
-
-PolKitPolicyCache *
-_polkit_policy_cache_new (const char *dirname, polkit_bool_t load_descriptions, PolKitError **error)
-{
- DIR *dir;
-#ifdef HAVE_READDIR64
- struct dirent64 *d;
-#else
- struct dirent *d;
-#endif
- PolKitPolicyCache *pc;
- struct stat statbuf;
-
- dir = NULL;
-
- pc = kit_new0 (PolKitPolicyCache, 1);
- if (pc == NULL) {
- polkit_error_set_error (error, POLKIT_ERROR_OUT_OF_MEMORY, "Out of memory");
- goto out;
- }
-
- pc->refcount = 1;
-
- dir = opendir (dirname);
- if (dir == NULL) {
- polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID,
- "Cannot load policy files from directory %s: %m",
- dirname);
- goto out;
- }
-
-#ifdef HAVE_READDIR64
- while ((d = readdir64 (dir)) != NULL) {
-#else
- while ((d = readdir (dir)) != NULL) {
-#endif
- char *path;
- PolKitPolicyFile *pf;
- PolKitError *pk_error;
- size_t name_len;
- char *filename;
- static const char suffix[] = ".policy";
-
- path = kit_strdup_printf ("%s/%s", dirname, d->d_name);
- if (path == NULL) {
- polkit_error_set_error (error, POLKIT_ERROR_OUT_OF_MEMORY, "Out of memory");
- goto out;
- }
-
- if (stat (path, &statbuf) != 0) {
- polkit_error_set_error (error, POLKIT_ERROR_GENERAL_ERROR, "stat()");
- kit_free (path);
- goto out;
- }
-
- if (!S_ISREG (statbuf.st_mode)) {
- kit_free (path);
- continue;
- }
-
- filename = d->d_name;
- name_len = strlen (filename);
- if (name_len < sizeof (suffix) || strcmp ((filename + name_len - sizeof (suffix) + 1), suffix) != 0) {
- kit_free (path);
- continue;
- }
-
- polkit_debug ("Loading %s", path);
- pk_error = NULL;
- pf = polkit_policy_file_new (path, load_descriptions, &pk_error);
- kit_free (path);
-
- if (pf == NULL) {
- if (polkit_error_get_error_code (pk_error) == POLKIT_ERROR_OUT_OF_MEMORY) {
- if (error != NULL)
- *error = pk_error;
- else
- polkit_error_free (pk_error);
- goto out;
- }
-
- kit_warning ("libpolkit: ignoring malformed policy file: %s",
- polkit_error_get_error_message (pk_error));
- polkit_error_free (pk_error);
- continue;
- }
-
- /* steal entries */
- if (polkit_policy_file_entry_foreach (pf, _prepend_entry, pc)) {
- /* OOM failure */
- polkit_policy_file_unref (pf);
- polkit_error_set_error (error, POLKIT_ERROR_OUT_OF_MEMORY, "Out of memory");
- goto out;
- }
- polkit_policy_file_unref (pf);
- }
- closedir (dir);
-
- return pc;
-out:
- if (dir != NULL)
- closedir(dir);
-
- if (pc != NULL)
- polkit_policy_cache_unref (pc);
- return NULL;
-}
-
-/**
- * polkit_policy_cache_ref:
- * @policy_cache: the policy cache object
- *
- * Increase reference count.
- *
- * Returns: the object
- **/
-PolKitPolicyCache *
-polkit_policy_cache_ref (PolKitPolicyCache *policy_cache)
-{
- kit_return_val_if_fail (policy_cache != NULL, policy_cache);
- policy_cache->refcount++;
- return policy_cache;
-}
-
-/**
- * polkit_policy_cache_unref:
- * @policy_cache: the policy cache object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-polkit_policy_cache_unref (PolKitPolicyCache *policy_cache)
-{
- KitList *i;
-
- kit_return_if_fail (policy_cache != NULL);
- policy_cache->refcount--;
- if (policy_cache->refcount > 0)
- return;
-
- for (i = policy_cache->priv_entries; i != NULL; i = i->next) {
- PolKitPolicyFileEntry *pfe = i->data;
- polkit_policy_file_entry_unref (pfe);
- }
- if (policy_cache->priv_entries != NULL)
- kit_list_free (policy_cache->priv_entries);
-
- kit_free (policy_cache);
-}
-
-/**
- * polkit_policy_cache_debug:
- * @policy_cache: the cache
- *
- * Print debug information about object
- **/
-void
-polkit_policy_cache_debug (PolKitPolicyCache *policy_cache)
-{
- KitList *i;
- kit_return_if_fail (policy_cache != NULL);
-
- polkit_debug ("PolKitPolicyCache: refcount=%d num_entries=%d ...",
- policy_cache->refcount,
- policy_cache->priv_entries == NULL ? 0 : kit_list_length (policy_cache->priv_entries));
-
- for (i = policy_cache->priv_entries; i != NULL; i = i->next) {
- PolKitPolicyFileEntry *pfe = i->data;
- polkit_policy_file_entry_debug (pfe);
- }
-}
-
-/**
- * polkit_policy_cache_get_entry_by_id:
- * @policy_cache: the cache
- * @action_id: the action identifier
- *
- * Given a action identifier, find the object describing the
- * definition of the policy; e.g. data stemming from files in
- * /usr/share/polkit-1/actions.
- *
- * Returns: A #PolKitPolicyFileEntry entry on sucess; otherwise
- * #NULL if the action wasn't identified. Caller shall not unref
- * this object.
- **/
-PolKitPolicyFileEntry*
-polkit_policy_cache_get_entry_by_id (PolKitPolicyCache *policy_cache, const char *action_id)
-{
- KitList *i;
- PolKitPolicyFileEntry *pfe;
-
- kit_return_val_if_fail (policy_cache != NULL, NULL);
- kit_return_val_if_fail (action_id != NULL, NULL);
-
- pfe = NULL;
-
- for (i = policy_cache->priv_entries; i != NULL; i = i->next) {
- pfe = i->data;
- if (strcmp (polkit_policy_file_entry_get_id (pfe), action_id) == 0) {
- goto out;
- }
- }
- pfe = NULL;
-
- if (pfe == NULL) {
- /* the authdb backend may want to synthesize pfe's */
- pfe = _polkit_authorization_db_pfe_get_by_id (policy_cache, action_id);
- }
-
-out:
- return pfe;
-}
-
-/**
- * polkit_policy_cache_get_entry:
- * @policy_cache: the cache
- * @action: the action
- *
- * Given a action, find the object describing the definition of the
- * policy; e.g. data stemming from files in
- * /usr/share/polkit-1/actions.
- *
- * Returns: A #PolKitPolicyFileEntry entry on sucess; otherwise
- * #NULL if the action wasn't identified. Caller shall not unref
- * this object.
- **/
-PolKitPolicyFileEntry*
-polkit_policy_cache_get_entry (PolKitPolicyCache *policy_cache,
- PolKitAction *action)
-{
- char *action_id;
- PolKitPolicyFileEntry *pfe;
-
- /* I'm sure it would be easy to make this O(1)... */
-
- kit_return_val_if_fail (policy_cache != NULL, NULL);
- kit_return_val_if_fail (action != NULL, NULL);
-
- pfe = NULL;
-
- if (!polkit_action_get_action_id (action, &action_id))
- goto out;
-
- pfe = polkit_policy_cache_get_entry_by_id (policy_cache, action_id);
-
-out:
- return pfe;
-}
-
-/**
- * polkit_policy_cache_foreach:
- * @policy_cache: the policy cache
- * @callback: callback function
- * @user_data: user data to pass to callback function
- *
- * Visit all entries in the policy cache.
- *
- * Returns: #TRUE only if iteration was short-circuited
- **/
-polkit_bool_t
-polkit_policy_cache_foreach (PolKitPolicyCache *policy_cache,
- PolKitPolicyCacheForeachFunc callback,
- void *user_data)
-{
- KitList *i;
- PolKitPolicyFileEntry *pfe;
-
- kit_return_val_if_fail (policy_cache != NULL, FALSE);
- kit_return_val_if_fail (callback != NULL, FALSE);
-
- for (i = policy_cache->priv_entries; i != NULL; i = i->next) {
- pfe = i->data;
- if (callback (policy_cache, pfe, user_data))
- return TRUE;
- }
-
- /* the authdb backend may also want to return synthesized pfe's */
- return _polkit_authorization_db_pfe_foreach (policy_cache,
- callback,
- user_data);
-}
-
-/**
- * polkit_policy_cache_get_entry_by_annotation:
- * @policy_cache: the policy cache
- * @annotation_key: the key to check for
- * @annotation_value: the value to check for
- *
- * Find the first policy file entry where a given annotation matches a
- * given value. Note that there is nothing preventing the existence of
- * multiple policy file entries matching this criteria; it would
- * however be a packaging bug if this situation occured.
- *
- * Returns: The first #PolKitPolicyFileEntry matching the search
- * criteria. The caller shall not unref this object. Returns #NULL if
- * there are no policy file entries matching the search criteria.
- *
- * Since: 0.7
- */
-PolKitPolicyFileEntry*
-polkit_policy_cache_get_entry_by_annotation (PolKitPolicyCache *policy_cache,
- const char *annotation_key,
- const char *annotation_value)
-{
- KitList *i;
-
- kit_return_val_if_fail (policy_cache != NULL, NULL);
- kit_return_val_if_fail (annotation_key != NULL, NULL);
- kit_return_val_if_fail (annotation_value != NULL, NULL);
-
- for (i = policy_cache->priv_entries; i != NULL; i = i->next) {
- const char *value;
- PolKitPolicyFileEntry *pfe = i->data;
-
- value = polkit_policy_file_entry_get_annotation (pfe, annotation_key);
- if (value == NULL)
- continue;
-
- if (strcmp (annotation_value, value) == 0) {
- return pfe;
- }
- }
-
- return NULL;
-}
-
-#ifdef POLKIT_BUILD_TESTS
-
-static polkit_bool_t
-_test_count (PolKitPolicyCache *pc, PolKitPolicyFileEntry *pfe, void *user_data)
-{
- int *counter = (int *) user_data;
- const char *action_id;
-
- action_id = polkit_policy_file_entry_get_id (pfe);
- if (action_id != NULL && (strcmp (action_id, "org.example.valid1") == 0 ||
- strcmp (action_id, "org.example.valid2") == 0 ||
- strcmp (action_id, "org.example.valid2b") == 0 ||
- strcmp (action_id, "org.example.valid3") == 0 ||
- strcmp (action_id, "org.example.valid3b") == 0 ||
- strcmp (action_id, "org.example.valid4") == 0)) {
- *counter += 1;
- }
-
- return FALSE;
-}
-
-static polkit_bool_t
-_test_short_circuit (PolKitPolicyCache *pc, PolKitPolicyFileEntry *pfe, void *user_data)
-{
- int *counter = (int *) user_data;
- *counter += 1;
- return TRUE;
-}
-
-static polkit_bool_t
-_run_test (void)
-{
- PolKitError *error;
- PolKitPolicyCache *pc;
- PolKitPolicyFileEntry *pfe;
- PolKitAction *a;
- int counter;
-
- error = NULL;
- kit_assert (_polkit_policy_cache_new (TEST_DATA_DIR "/non-existant", TRUE, &error) == NULL);
- kit_assert (polkit_error_is_set (error) &&
- (polkit_error_get_error_code (error) == POLKIT_ERROR_POLICY_FILE_INVALID ||
- polkit_error_get_error_code (error) == POLKIT_ERROR_OUT_OF_MEMORY));
- polkit_error_free (error);
-
- error = NULL;
- if ((pc = _polkit_policy_cache_new (TEST_DATA_DIR "/invalid", TRUE, &error)) == NULL) {
- kit_assert (polkit_error_is_set (error) &&
- polkit_error_get_error_code (error) == POLKIT_ERROR_OUT_OF_MEMORY);
- polkit_error_free (error);
- } else {
- polkit_policy_cache_unref (pc);
- }
-
- error = NULL;
- if ((pc = _polkit_policy_cache_new (TEST_DATA_DIR "/valid", TRUE, &error)) == NULL) {
- kit_assert (polkit_error_is_set (error) &&
- polkit_error_get_error_code (error) == POLKIT_ERROR_OUT_OF_MEMORY);
- polkit_error_free (error);
- goto out;
- }
-
- kit_assert (polkit_policy_cache_get_entry_by_id (pc, "org.example.valid1") != NULL);
- kit_assert (polkit_policy_cache_get_entry_by_id (pc, "org.example.non-existant") == NULL);
-
- pfe = polkit_policy_cache_get_entry_by_annotation (pc, "the.key1", "Some Value 1");
- kit_assert (pfe != NULL && strcmp (polkit_policy_file_entry_get_id (pfe), "org.example.valid2") == 0);
- pfe = polkit_policy_cache_get_entry_by_annotation (pc, "the.key2", "Some Value 2");
- kit_assert (pfe != NULL && strcmp (polkit_policy_file_entry_get_id (pfe), "org.example.valid2") == 0);
- pfe = polkit_policy_cache_get_entry_by_annotation (pc, "the.key1", "Some Value 1b");
- kit_assert (pfe != NULL && strcmp (polkit_policy_file_entry_get_id (pfe), "org.example.valid2b") == 0);
- pfe = polkit_policy_cache_get_entry_by_annotation (pc, "the.key1", "NON-EXISTANT VALUE");
- kit_assert (pfe == NULL);
- pfe = polkit_policy_cache_get_entry_by_annotation (pc, "NON_EXISTANT KEY", "NON-EXISTANT VALUE");
- kit_assert (pfe == NULL);
-
- if ((a = polkit_action_new ()) != NULL) {
- pfe = polkit_policy_cache_get_entry (pc, a);
- kit_assert (pfe == NULL);
- if (polkit_action_set_action_id (a, "org.example.valid1")) {
- pfe = polkit_policy_cache_get_entry (pc, a);
- kit_assert (pfe != NULL && strcmp (polkit_policy_file_entry_get_id (pfe), "org.example.valid1") == 0);
- }
- if (polkit_action_set_action_id (a, "org.example.non-existant")) {
- pfe = polkit_policy_cache_get_entry (pc, a);
- kit_assert (pfe == NULL);
- }
-
- polkit_action_unref (a);
- }
-
- counter = 0;
- polkit_policy_cache_foreach (pc, _test_count, &counter);
- kit_assert (counter == 6);
-
- counter = 0;
- polkit_policy_cache_foreach (pc, _test_short_circuit, &counter);
- kit_assert (counter == 1);
-
- polkit_policy_cache_debug (pc);
- polkit_policy_cache_ref (pc);
- polkit_policy_cache_unref (pc);
- polkit_policy_cache_unref (pc);
-out:
- return TRUE;
-}
-
-KitTest _test_policy_cache = {
- "polkit_policy_cache",
- NULL,
- NULL,
- _run_test
-};
-
-#endif /* POLKIT_BUILD_TESTS */
diff --git a/src/polkit/polkit-policy-cache.h b/src/polkit/polkit-policy-cache.h
deleted file mode 100644
index d351f13..0000000
--- a/src/polkit/polkit-policy-cache.h
+++ /dev/null
@@ -1,81 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-policy-cache.h : policy cache
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without
- * restriction, including without limitation the rights to use, copy,
- * modify, merge, publish, distribute, sublicense, and/or sell copies
- * of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be
- * included in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
- * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_POLICY_CACHE_H
-#define POLKIT_POLICY_CACHE_H
-
-#include <polkit/polkit-types.h>
-#include <polkit/polkit-error.h>
-#include <polkit/polkit-action.h>
-#include <polkit/polkit-policy-file-entry.h>
-
-POLKIT_BEGIN_DECLS
-
-struct _PolKitPolicyCache;
-typedef struct _PolKitPolicyCache PolKitPolicyCache;
-
-/**
- * PolKitPolicyCacheForeachFunc:
- * @policy_cache: the policy cache
- * @entry: an entry in the cache - do not unref
- * @user_data: user data passed to polkit_policy_cache_foreach()
- *
- * Callback function for polkit_policy_cache_foreach().
- *
- * Returns: #TRUE to short-circuit; e.g. stop the iteration
- **/
-typedef polkit_bool_t (*PolKitPolicyCacheForeachFunc) (PolKitPolicyCache *policy_cache,
- PolKitPolicyFileEntry *entry,
- void *user_data);
-
-PolKitPolicyCache *polkit_policy_cache_ref (PolKitPolicyCache *policy_cache);
-void polkit_policy_cache_unref (PolKitPolicyCache *policy_cache);
-void polkit_policy_cache_debug (PolKitPolicyCache *policy_cache);
-PolKitPolicyFileEntry* polkit_policy_cache_get_entry (PolKitPolicyCache *policy_cache,
- PolKitAction *action);
-PolKitPolicyFileEntry* polkit_policy_cache_get_entry_by_id (PolKitPolicyCache *policy_cache,
- const char *action_id);
-
-PolKitPolicyFileEntry* polkit_policy_cache_get_entry_by_annotation (PolKitPolicyCache *policy_cache,
- const char *annotation_key,
- const char *annotation_value);
-
-polkit_bool_t polkit_policy_cache_foreach (PolKitPolicyCache *policy_cache,
- PolKitPolicyCacheForeachFunc callback,
- void *user_data);
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_POLICY_CACHE_H */
-
-
diff --git a/src/polkit/polkit-policy-default.c b/src/polkit/polkit-policy-default.c
deleted file mode 100644
index f331669..0000000
--- a/src/polkit/polkit-policy-default.c
+++ /dev/null
@@ -1,572 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-policy-default.c : policy definition for the defaults
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without
- * restriction, including without limitation the rights to use, copy,
- * modify, merge, publish, distribute, sublicense, and/or sell copies
- * of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be
- * included in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
- * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include "polkit-debug.h"
-#include "polkit-error.h"
-#include "polkit-policy-default.h"
-#include "polkit-private.h"
-#include "polkit-test.h"
-#include "polkit-private.h"
-
-/**
- * SECTION:polkit-policy-default
- * @title: Defaults
- * @short_description: Models the default policy for an action.
- *
- * This class records the default policy of an action.
- **/
-
-/**
- * PolKitPolicyDefault:
- *
- * Objects of this class are used to record information about a
- * default policy for an action.
- **/
-struct _PolKitPolicyDefault
-{
- int refcount;
- PolKitResult default_any;
- PolKitResult default_inactive;
- PolKitResult default_active;
-};
-
-/**
- * polkit_policy_default_new:
- *
- * Construct a new object with all defaults set as restrictive as possible.
- *
- * Returns: a new object or #NULL on OOM.
- *
- * Since: 0.7
- */
-PolKitPolicyDefault *
-polkit_policy_default_new (void)
-{
- PolKitPolicyDefault *pd;
-
- pd = kit_new0 (PolKitPolicyDefault, 1);
- if (pd == NULL)
- goto out;
- pd->refcount = 1;
- pd->default_any = POLKIT_RESULT_NO;
- pd->default_inactive = POLKIT_RESULT_NO;
- pd->default_active = POLKIT_RESULT_NO;
-out:
- return pd;
-}
-
-/**
- * polkit_policy_default_clone:
- * @policy_default: object to clone
- *
- * Create a new object with the same value as the given object
- *
- * Returns: a new object or #NULL on OOM.
- *
- * Since: 0.7
- */
-PolKitPolicyDefault *
-polkit_policy_default_clone (PolKitPolicyDefault *policy_default)
-{
- PolKitPolicyDefault *pd;
-
- kit_return_val_if_fail (policy_default != NULL, NULL);
-
- pd = polkit_policy_default_new ();
- if (pd == NULL)
- goto out;
- pd->refcount = 1;
- pd->default_any = policy_default->default_any;
- pd->default_inactive = policy_default->default_inactive;
- pd->default_active = policy_default->default_active;
-out:
- return pd;
-}
-
-
-/**
- * polkit_policy_default_equals:
- * @a: a #PolKitPolicyDefault object
- * @b: a #PolKitPolicyDefault object
- *
- * Compare if two objects are equal.
- *
- * Returns: %TRUE only if the objects are equal
- */
-polkit_bool_t
-polkit_policy_default_equals (PolKitPolicyDefault *a, PolKitPolicyDefault *b)
-{
- polkit_bool_t ret;
-
- kit_return_val_if_fail (a != NULL, FALSE);
- kit_return_val_if_fail (b != NULL, FALSE);
-
- if (a->default_any == b->default_any &&
- a->default_inactive == b->default_inactive &&
- a->default_active == b->default_active) {
- ret = TRUE;
- } else {
- ret = FALSE;
- }
-
- return ret;
-}
-
-PolKitPolicyDefault *
-_polkit_policy_default_new (PolKitResult defaults_allow_any,
- PolKitResult defaults_allow_inactive,
- PolKitResult defaults_allow_active)
-{
- PolKitPolicyDefault *pd;
-
- pd = kit_new0 (PolKitPolicyDefault, 1);
- if (pd == NULL)
- goto out;
- pd->refcount = 1;
- pd->default_any = defaults_allow_any;
- pd->default_inactive = defaults_allow_inactive;
- pd->default_active = defaults_allow_active;
-out:
- return pd;
-}
-
-/**
- * polkit_policy_default_ref:
- * @policy_default: the policy object
- *
- * Increase reference count.
- *
- * Returns: the object
- **/
-PolKitPolicyDefault *
-polkit_policy_default_ref (PolKitPolicyDefault *policy_default)
-{
- kit_return_val_if_fail (policy_default != NULL, policy_default);
- policy_default->refcount++;
- return policy_default;
-}
-
-/**
- * polkit_policy_default_unref:
- * @policy_default: the object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-polkit_policy_default_unref (PolKitPolicyDefault *policy_default)
-{
- kit_return_if_fail (policy_default != NULL);
- policy_default->refcount--;
- if (policy_default->refcount > 0)
- return;
- kit_free (policy_default);
-}
-
-/**
- * polkit_policy_default_debug:
- * @policy_default: the object
- *
- * Print debug details
- **/
-void
-polkit_policy_default_debug (PolKitPolicyDefault *policy_default)
-{
- kit_return_if_fail (policy_default != NULL);
- polkit_debug ("PolKitPolicyDefault: refcount=%d\n"
- " default_any=%s\n"
- " default_inactive=%s\n"
- " default_active=%s",
- policy_default->refcount,
- polkit_result_to_string_representation (policy_default->default_any),
- polkit_result_to_string_representation (policy_default->default_inactive),
- polkit_result_to_string_representation (policy_default->default_active));
-}
-
-
-/**
- * polkit_policy_default_can_session_do_action:
- * @policy_default: the object
- * @action: the type of access to check for
- * @session: the session in question
- *
- * Using the default policy for an action, determine if a given
- * session can do a given action.
- *
- * Returns: A #PolKitResult - can only be one of
- * #POLKIT_RESULT_YES, #POLKIT_RESULT_NO.
- **/
-PolKitResult
-polkit_policy_default_can_session_do_action (PolKitPolicyDefault *policy_default,
- PolKitAction *action,
- PolKitSession *session)
-{
- polkit_bool_t is_local;
- polkit_bool_t is_active;
- PolKitResult ret;
-
- ret = POLKIT_RESULT_NO;
-
- kit_return_val_if_fail (policy_default != NULL, ret);
- kit_return_val_if_fail (action != NULL, ret);
- kit_return_val_if_fail (session != NULL, ret);
-
- ret = policy_default->default_any;
-
- polkit_session_get_ck_is_local (session, &is_local);
- polkit_session_get_ck_is_active (session, &is_active);
-
- if (!is_local)
- goto out;
-
- if (is_active) {
- ret = policy_default->default_active;
- } else {
- ret = policy_default->default_inactive;
- }
-out:
- return ret;
-}
-
-/**
- * polkit_policy_default_can_caller_do_action:
- * @policy_default: the object
- * @action: the type of access to check for
- * @caller: the caller in question
- *
- * Using the default policy for an action, determine if a given
- * caller can do a given action.
- *
- * Returns: A #PolKitResult specifying if, and how, the caller can
- * do the given action.
- **/
-PolKitResult
-polkit_policy_default_can_caller_do_action (PolKitPolicyDefault *policy_default,
- PolKitAction *action,
- PolKitCaller *caller)
-{
- polkit_bool_t is_local;
- polkit_bool_t is_active;
- PolKitSession *session;
- PolKitResult ret;
-
- ret = POLKIT_RESULT_NO;
-
- kit_return_val_if_fail (policy_default != NULL, ret);
- kit_return_val_if_fail (action != NULL, ret);
- kit_return_val_if_fail (caller != NULL, ret);
-
- ret = policy_default->default_any;
-
- polkit_caller_get_ck_session (caller, &session);
- if (session == NULL)
- goto out;
-
- polkit_session_get_ck_is_local (session, &is_local);
- polkit_session_get_ck_is_active (session, &is_active);
-
- if (!is_local)
- goto out;
-
- if (is_active) {
- ret = policy_default->default_active;
- } else {
- ret = policy_default->default_inactive;
- }
-
-out:
- return ret;
-}
-
-/**
- * polkit_policy_default_set_allow_any:
- * @policy_default: the object
- * @value: the value to set
- *
- * Set default policy.
- *
- **/
-void
-polkit_policy_default_set_allow_any (PolKitPolicyDefault *policy_default, PolKitResult value)
-{
- kit_return_if_fail (policy_default != NULL);
- policy_default->default_any = value;
-}
-
-/**
- * polkit_policy_default_set_allow_inactive:
- * @policy_default: the object
- * @value: the value to set
- *
- * Set default policy.
- *
- **/
-void
-polkit_policy_default_set_allow_inactive (PolKitPolicyDefault *policy_default, PolKitResult value)
-{
- kit_return_if_fail (policy_default != NULL);
- policy_default->default_inactive = value;
-}
-
-/**
- * polkit_policy_default_set_allow_active:
- * @policy_default: the object
- * @value: the value to set
- *
- * Set default policy.
- *
- **/
-void
-polkit_policy_default_set_allow_active (PolKitPolicyDefault *policy_default, PolKitResult value)
-{
- kit_return_if_fail (policy_default != NULL);
- policy_default->default_active = value;
-}
-
-/**
- * polkit_policy_default_get_allow_any:
- * @policy_default: the object
- *
- * Get default policy.
- *
- * Returns: default policy
- **/
-PolKitResult
-polkit_policy_default_get_allow_any (PolKitPolicyDefault *policy_default)
-{
- kit_return_val_if_fail (policy_default != NULL, POLKIT_RESULT_NO);
- return policy_default->default_any;
-}
-
-/**
- * polkit_policy_default_get_allow_inactive:
- * @policy_default: the object
- *
- * Get default policy.
- *
- * Returns: default policy
- **/
-PolKitResult
-polkit_policy_default_get_allow_inactive (PolKitPolicyDefault *policy_default)
-{
- kit_return_val_if_fail (policy_default != NULL, POLKIT_RESULT_NO);
- return policy_default->default_inactive;
-}
-
-/**
- * polkit_policy_default_get_allow_active:
- * @policy_default: the object
- *
- * Get default policy.
- *
- * Returns: default policy
- **/
-PolKitResult
-polkit_policy_default_get_allow_active (PolKitPolicyDefault *policy_default)
-{
- kit_return_val_if_fail (policy_default != NULL, POLKIT_RESULT_NO);
- return policy_default->default_active;
-}
-
-
-#ifdef POLKIT_BUILD_TESTS
-
-static polkit_bool_t
-_ts (PolKitSession *s, PolKitResult any, PolKitResult inactive, PolKitResult active, PolKitResult *ret)
-{
- PolKitAction *a;
- PolKitPolicyDefault *d;
- polkit_bool_t oom;
-
- oom = TRUE;
-
- if (s == NULL)
- goto out;
-
- if ((a = polkit_action_new ()) != NULL) {
- if (polkit_action_set_action_id (a, "org.dummy")) {
- if ((d = _polkit_policy_default_new (any,
- inactive,
- active)) != NULL) {
- PolKitCaller *c;
-
- *ret = polkit_policy_default_can_session_do_action (d, a, s);
- oom = FALSE;
-
- if ((c = polkit_caller_new ()) != NULL) {
- kit_assert (polkit_policy_default_can_caller_do_action (d, a, c) == any);
-
- kit_assert (polkit_caller_set_ck_session (c, s));
- kit_assert (polkit_policy_default_can_caller_do_action (d, a, c) == *ret);
- polkit_caller_unref (c);
- }
-
- polkit_policy_default_ref (d);
- polkit_policy_default_get_allow_any (d);
- polkit_policy_default_get_allow_inactive (d);
- polkit_policy_default_get_allow_active (d);
- polkit_policy_default_unref (d);
- polkit_policy_default_debug (d);
- polkit_policy_default_unref (d);
- }
- }
- polkit_action_unref (a);
- }
-
-out:
- return oom;
-}
-
-static polkit_bool_t
-_run_test (void)
-{
- PolKitResult ret;
- PolKitSession *s_active;
- PolKitSession *s_inactive;
- PolKitSession *s_active_remote;
- PolKitSession *s_inactive_remote;
-
- if ((s_active = polkit_session_new ()) != NULL) {
- if (!polkit_session_set_ck_objref (s_active, "/session1")) {
- polkit_session_unref (s_active);
- s_active = NULL;
- } else {
- kit_assert (polkit_session_set_ck_is_local (s_active, TRUE));
- kit_assert (polkit_session_set_ck_is_active (s_active, TRUE));
- }
- }
-
- if ((s_inactive = polkit_session_new ()) != NULL) {
- if (!polkit_session_set_ck_objref (s_inactive, "/session2")) {
- polkit_session_unref (s_inactive);
- s_inactive = NULL;
- } else {
- kit_assert (polkit_session_set_ck_is_local (s_inactive, TRUE));
- kit_assert (polkit_session_set_ck_is_active (s_inactive, FALSE));
- }
- }
-
- if ((s_active_remote = polkit_session_new ()) != NULL) {
- if (!polkit_session_set_ck_objref (s_active_remote, "/session3") ||
- !polkit_session_set_ck_remote_host (s_active_remote, "remotehost.com")) {
- polkit_session_unref (s_active_remote);
- s_active_remote = NULL;
- } else {
- kit_assert (polkit_session_set_ck_is_local (s_active_remote, FALSE));
- kit_assert (polkit_session_set_ck_is_active (s_active_remote, TRUE));
- }
- }
-
- if ((s_inactive_remote = polkit_session_new ()) != NULL) {
- if (!polkit_session_set_ck_objref (s_inactive_remote, "/session4") ||
- !polkit_session_set_ck_remote_host (s_inactive_remote, "remotehost.com")) {
- polkit_session_unref (s_inactive_remote);
- s_inactive_remote = NULL;
- } else {
- kit_assert (polkit_session_set_ck_is_local (s_inactive_remote, FALSE));
- kit_assert (polkit_session_set_ck_is_active (s_inactive_remote, FALSE));
- }
- }
-
- kit_assert (_ts (s_active,
- POLKIT_RESULT_NO, POLKIT_RESULT_NO, POLKIT_RESULT_YES, &ret) ||
- ret == POLKIT_RESULT_YES);
- kit_assert (_ts (s_inactive,
- POLKIT_RESULT_NO, POLKIT_RESULT_NO, POLKIT_RESULT_YES, &ret) ||
- ret == POLKIT_RESULT_NO);
- kit_assert (_ts (s_active_remote,
- POLKIT_RESULT_NO, POLKIT_RESULT_NO, POLKIT_RESULT_YES, &ret) ||
- ret == POLKIT_RESULT_NO);
- kit_assert (_ts (s_inactive_remote,
- POLKIT_RESULT_NO, POLKIT_RESULT_NO, POLKIT_RESULT_YES, &ret) ||
- ret == POLKIT_RESULT_NO);
-
- kit_assert (_ts (s_active,
- POLKIT_RESULT_NO, POLKIT_RESULT_YES, POLKIT_RESULT_YES, &ret) ||
- ret == POLKIT_RESULT_YES);
- kit_assert (_ts (s_inactive,
- POLKIT_RESULT_NO, POLKIT_RESULT_YES, POLKIT_RESULT_YES, &ret) ||
- ret == POLKIT_RESULT_YES);
- kit_assert (_ts (s_active_remote,
- POLKIT_RESULT_NO, POLKIT_RESULT_YES, POLKIT_RESULT_YES, &ret) ||
- ret == POLKIT_RESULT_NO);
- kit_assert (_ts (s_inactive_remote,
- POLKIT_RESULT_NO, POLKIT_RESULT_YES, POLKIT_RESULT_YES, &ret) ||
- ret == POLKIT_RESULT_NO);
-
- kit_assert (_ts (s_active,
- POLKIT_RESULT_YES, POLKIT_RESULT_YES, POLKIT_RESULT_YES, &ret) ||
- ret == POLKIT_RESULT_YES);
- kit_assert (_ts (s_inactive,
- POLKIT_RESULT_YES, POLKIT_RESULT_YES, POLKIT_RESULT_YES, &ret) ||
- ret == POLKIT_RESULT_YES);
- kit_assert (_ts (s_active_remote,
- POLKIT_RESULT_YES, POLKIT_RESULT_YES, POLKIT_RESULT_YES, &ret) ||
- ret == POLKIT_RESULT_YES);
- kit_assert (_ts (s_inactive_remote,
- POLKIT_RESULT_YES, POLKIT_RESULT_YES, POLKIT_RESULT_YES, &ret) ||
- ret == POLKIT_RESULT_YES);
-
- if (s_active != NULL)
- polkit_session_unref (s_active);
-
- if (s_inactive != NULL)
- polkit_session_unref (s_inactive);
-
- if (s_active_remote != NULL)
- polkit_session_unref (s_active_remote);
-
- if (s_inactive_remote != NULL)
- polkit_session_unref (s_inactive_remote);
-
- return TRUE;
-}
-
-KitTest _test_policy_default = {
- "polkit_policy_default",
- NULL,
- NULL,
- _run_test
-};
-
-#endif /* POLKIT_BUILD_TESTS */
diff --git a/src/polkit/polkit-policy-default.h b/src/polkit/polkit-policy-default.h
deleted file mode 100644
index c9ff6f3..0000000
--- a/src/polkit/polkit-policy-default.h
+++ /dev/null
@@ -1,80 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-policy-default.h : policy definition for the defaults
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without
- * restriction, including without limitation the rights to use, copy,
- * modify, merge, publish, distribute, sublicense, and/or sell copies
- * of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be
- * included in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
- * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_POLICY_DEFAULT_H
-#define POLKIT_POLICY_DEFAULT_H
-
-#include <polkit/polkit-types.h>
-#include <polkit/polkit-result.h>
-#include <polkit/polkit-action.h>
-#include <polkit/polkit-session.h>
-#include <polkit/polkit-caller.h>
-#include <polkit/polkit-error.h>
-
-POLKIT_BEGIN_DECLS
-
-struct _PolKitPolicyDefault;
-typedef struct _PolKitPolicyDefault PolKitPolicyDefault;
-
-PolKitPolicyDefault *polkit_policy_default_new (void);
-PolKitPolicyDefault *polkit_policy_default_ref (PolKitPolicyDefault *policy_default);
-void polkit_policy_default_unref (PolKitPolicyDefault *policy_default);
-void polkit_policy_default_debug (PolKitPolicyDefault *policy_default);
-PolKitPolicyDefault *polkit_policy_default_clone (PolKitPolicyDefault *policy_default);
-
-polkit_bool_t polkit_policy_default_equals (PolKitPolicyDefault *a, PolKitPolicyDefault *b);
-
-PolKitResult polkit_policy_default_can_session_do_action (PolKitPolicyDefault *policy_default,
- PolKitAction *action,
- PolKitSession *session);
-
-PolKitResult polkit_policy_default_can_caller_do_action (PolKitPolicyDefault *policy_default,
- PolKitAction *action,
- PolKitCaller *caller);
-
-PolKitResult polkit_policy_default_get_allow_any (PolKitPolicyDefault *policy_default);
-PolKitResult polkit_policy_default_get_allow_inactive (PolKitPolicyDefault *policy_default);
-PolKitResult polkit_policy_default_get_allow_active (PolKitPolicyDefault *policy_default);
-
-void polkit_policy_default_set_allow_any (PolKitPolicyDefault *policy_default, PolKitResult value);
-void polkit_policy_default_set_allow_inactive (PolKitPolicyDefault *policy_default, PolKitResult value);
-void polkit_policy_default_set_allow_active (PolKitPolicyDefault *policy_default, PolKitResult value);
-
-
-/* TODO: export knobs for "default policy" */
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_POLICY_DEFAULT_H */
-
-
diff --git a/src/polkit/polkit-policy-file-entry.c b/src/polkit/polkit-policy-file-entry.c
deleted file mode 100644
index 0432d48..0000000
--- a/src/polkit/polkit-policy-file-entry.c
+++ /dev/null
@@ -1,759 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-policy-file-entry.c : entries in policy files
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without
- * restriction, including without limitation the rights to use, copy,
- * modify, merge, publish, distribute, sublicense, and/or sell copies
- * of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be
- * included in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
- * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include "polkit-debug.h"
-#include "polkit-error.h"
-#include "polkit-result.h"
-#include "polkit-policy-file-entry.h"
-#include "polkit-authorization-db.h"
-#include "polkit-private.h"
-#include "polkit-test.h"
-#include "polkit-private.h"
-
-/**
- * SECTION:polkit-policy-file-entry
- * @title: Policy File Entry
- * @short_description: Represents a declared action in a policy file.
- *
- * This class is used to represent a entries in policy files.
- **/
-
-/**
- * PolKitPolicyFileEntry:
- *
- * Objects of this class are used to record information about a
- * policy.
- **/
-struct _PolKitPolicyFileEntry
-{
- int refcount;
- char *action;
- PolKitPolicyDefault *defaults_factory;
- PolKitPolicyDefault *defaults;
-
- char *policy_description;
- char *policy_message;
- char *vendor;
- char *vendor_url;
- char *icon_name;
- KitHash *annotations;
-};
-
-
-/* NOTE: we take ownership of the annotations object */
-PolKitPolicyFileEntry *
-_polkit_policy_file_entry_new (const char *action_id,
- const char *vendor,
- const char *vendor_url,
- const char *icon_name,
- PolKitResult defaults_allow_any,
- PolKitResult defaults_allow_inactive,
- PolKitResult defaults_allow_active,
- KitHash *annotations)
-{
- char *path;
- char *contents;
- size_t contents_size;
- PolKitPolicyFileEntry *pfe;
-
- path = NULL;
- contents = NULL;
-
- kit_return_val_if_fail (action_id != NULL && polkit_action_validate_id (action_id), NULL);
-
- pfe = kit_new0 (PolKitPolicyFileEntry, 1);
- if (pfe == NULL)
- goto error;
- pfe->refcount = 1;
- pfe->action = kit_strdup (action_id);
- if (pfe->action == NULL)
- goto error;
-
- pfe->vendor = NULL;
- pfe->vendor_url = NULL;
- pfe->icon_name = NULL;
- if (vendor != NULL && (pfe->vendor = kit_strdup (vendor)) == NULL)
- goto error;
- if (vendor_url != NULL && (pfe->vendor_url = kit_strdup (vendor_url)) == NULL)
- goto error;
- if (icon_name != NULL && (pfe->icon_name = kit_strdup (icon_name)) == NULL)
- goto error;
-
- if (! (polkit_authorization_db_get_capabilities () & POLKIT_AUTHORIZATION_DB_CAPABILITY_CAN_OBTAIN)) {
- /* if we don't support obtaining authorizations
- * through authenticating, then make the defaults
- * reflect this ...*/
- defaults_allow_any = POLKIT_RESULT_NO;
- defaults_allow_inactive = POLKIT_RESULT_NO;
- defaults_allow_active = POLKIT_RESULT_NO;
- }
-
- pfe->defaults_factory = _polkit_policy_default_new (defaults_allow_any,
- defaults_allow_inactive,
- defaults_allow_active);
- if (pfe->defaults_factory == NULL)
- goto error;
-
- pfe->defaults = polkit_policy_default_clone (pfe->defaults_factory);
- if (pfe->defaults == NULL)
- goto error;
-
-#ifdef POLKIT_AUTHDB_DEFAULT
- /* read override file */
- path = kit_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/polkit-public-1/%s.defaults-override", action_id);
- if (path == NULL)
- goto error;
- if (!kit_file_get_contents (path, &contents, &contents_size)) {
- /* it's not a failure if the file doesn't exist */
- if (errno != ENOENT)
- goto error;
-
- errno = 0;
- contents = NULL;
- }
-
- if (contents != NULL) {
- char **tokens;
- size_t num_tokens;
- PolKitResult any;
- PolKitResult inactive;
- PolKitResult active;
-
- tokens = kit_strsplit (contents, ':', &num_tokens);
- if (num_tokens != 3)
- goto error;
-
- if (!polkit_result_from_string_representation (tokens[0], &any)) {
- goto error;
- }
- if (!polkit_result_from_string_representation (tokens[1], &inactive)) {
- goto error;
- }
- if (!polkit_result_from_string_representation (tokens[2], &active)) {
- goto error;
- }
-
- polkit_policy_default_set_allow_any (pfe->defaults, any);
- polkit_policy_default_set_allow_inactive (pfe->defaults, inactive);
- polkit_policy_default_set_allow_active (pfe->defaults, active);
- }
-#endif
-
- pfe->annotations = annotations;
-
- kit_free (path);
- kit_free (contents);
-
- return pfe;
-error:
- kit_free (path);
- kit_free (contents);
- if (pfe != NULL)
- polkit_policy_file_entry_unref (pfe);
- return NULL;
-}
-
-polkit_bool_t
-_polkit_policy_file_entry_set_descriptions (PolKitPolicyFileEntry *pfe,
- const char *policy_description,
- const char *policy_message)
-{
- kit_return_val_if_fail (pfe != NULL, FALSE);
-
- if (pfe->policy_description != NULL)
- kit_free (pfe->policy_description);
- if (pfe->policy_message != NULL)
- kit_free (pfe->policy_message);
-
- pfe->policy_description = kit_strdup (policy_description);
- pfe->policy_message = kit_strdup (policy_message);
-
- if (policy_description != NULL && pfe->policy_description == NULL)
- return FALSE;
-
- if (policy_message != NULL && pfe->policy_message == NULL)
- return FALSE;
-
- return TRUE;
-}
-
-/**
- * polkit_policy_file_entry_get_action_description:
- * @policy_file_entry: the object
- *
- * Get the description of the action that this policy entry describes. This
- * is intended to be used in policy editors, for example "Mount internal
- * volumes". Contrast with polkit_policy_file_entry_get_action_message(). The
- * textual string will be returned in the current locale.
- *
- * Note, if polkit_context_set_load_descriptions() on the
- * #PolKitContext object used to get this object wasn't called, this
- * method will return #NULL.
- *
- * Returns: string or #NULL if descriptions are not loaded - caller shall not free this string
- **/
-const char *
-polkit_policy_file_entry_get_action_description (PolKitPolicyFileEntry *policy_file_entry)
-{
- kit_return_val_if_fail (policy_file_entry != NULL, NULL);
- return policy_file_entry->policy_description;
-}
-
-/**
- * polkit_policy_file_entry_get_action_message:
- * @policy_file_entry: the object
- *
- * Get the message describing the action that this policy entry
- * describes. This is to be used in dialogs, for example "System
- * Policy prevents mounting this volume". Contrast with
- * polkit_policy_file_entry_get_action_description(). The textual string
- * will be returned in the current locale.
- *
- * Note, if polkit_context_set_load_descriptions() on the
- * #PolKitContext object used to get this object wasn't called, this
- * method will return #NULL.
- *
- * Returns: string or #NULL if descriptions are not loaded - caller shall not free this string
- **/
-const char *
-polkit_policy_file_entry_get_action_message (PolKitPolicyFileEntry *policy_file_entry)
-{
- kit_return_val_if_fail (policy_file_entry != NULL, NULL);
- return policy_file_entry->policy_message;
-}
-
-/**
- * polkit_policy_file_entry_get_action_vendor:
- * @policy_file_entry: the object
- *
- * Get the name of the vendor of this action.
- *
- * Note, if polkit_context_set_load_descriptions() on the
- * #PolKitContext object used to get this object wasn't called, this
- * method will return #NULL.
- *
- * Returns: string or #NULL if descriptions are not loaded or vendor
- * tag isn't set - caller shall not free this string
- *
- * Since: 0.7
- */
-const char *
-polkit_policy_file_entry_get_action_vendor (PolKitPolicyFileEntry *policy_file_entry)
-{
- kit_return_val_if_fail (policy_file_entry != NULL, NULL);
- return policy_file_entry->vendor;
-}
-
-/**
- * polkit_policy_file_entry_get_action_vendor_url:
- * @policy_file_entry: the object
- *
- * Get the URL of the vendor of this action.
- *
- * Note, if polkit_context_set_load_descriptions() on the
- * #PolKitContext object used to get this object wasn't called, this
- * method will return #NULL.
- *
- * Returns: string or #NULL if descriptions are not loaded or vendor
- * url isn't set - caller shall not free this string
- *
- * Since: 0.7
- */
-const char *
-polkit_policy_file_entry_get_action_vendor_url (PolKitPolicyFileEntry *policy_file_entry)
-{
- kit_return_val_if_fail (policy_file_entry != NULL, NULL);
- return policy_file_entry->vendor_url;
-}
-
-/**
- * polkit_policy_file_entry_get_action_icon_name:
- * @policy_file_entry: the object
- *
- * Get the name of the icon that represents the action. This name
- * conforms to the freedesktop.org icon naming specification.
- *
- * Note, if polkit_context_set_load_descriptions() on the
- * #PolKitContext object used to get this object wasn't called, this
- * method will return #NULL.
- *
- * Returns: string or #NULL if descriptions are not loaded or icon
- * tag isn't set - caller shall not free this string
- *
- * Since: 0.7
- */
-const char *
-polkit_policy_file_entry_get_action_icon_name (PolKitPolicyFileEntry *policy_file_entry)
-{
- kit_return_val_if_fail (policy_file_entry != NULL, NULL);
- return policy_file_entry->icon_name;
-}
-
-
-/**
- * polkit_policy_file_entry_ref:
- * @policy_file_entry: the policy file object
- *
- * Increase reference count.
- *
- * Returns: the object
- **/
-PolKitPolicyFileEntry *
-polkit_policy_file_entry_ref (PolKitPolicyFileEntry *policy_file_entry)
-{
- kit_return_val_if_fail (policy_file_entry != NULL, policy_file_entry);
- policy_file_entry->refcount++;
- return policy_file_entry;
-}
-
-/**
- * polkit_policy_file_entry_unref:
- * @policy_file_entry: the policy file object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-polkit_policy_file_entry_unref (PolKitPolicyFileEntry *policy_file_entry)
-{
- kit_return_if_fail (policy_file_entry != NULL);
- policy_file_entry->refcount--;
- if (policy_file_entry->refcount > 0)
- return;
-
- kit_free (policy_file_entry->action);
-
- if (policy_file_entry->defaults_factory != NULL)
- polkit_policy_default_unref (policy_file_entry->defaults_factory);
-
- if (policy_file_entry->defaults != NULL)
- polkit_policy_default_unref (policy_file_entry->defaults);
-
- if (policy_file_entry->annotations != NULL)
- kit_hash_unref (policy_file_entry->annotations);
-
- kit_free (policy_file_entry->policy_description);
- kit_free (policy_file_entry->policy_message);
- kit_free (policy_file_entry->vendor);
- kit_free (policy_file_entry->vendor_url);
- kit_free (policy_file_entry->icon_name);
-
- kit_free (policy_file_entry);
-}
-
-/**
- * polkit_policy_file_entry_debug:
- * @policy_file_entry: the entry
- *
- * Print debug information about object
- **/
-void
-polkit_policy_file_entry_debug (PolKitPolicyFileEntry *policy_file_entry)
-{
- kit_return_if_fail (policy_file_entry != NULL);
- polkit_debug ("PolKitPolicyFileEntry: refcount=%d action=%s",
- policy_file_entry->refcount,
- policy_file_entry->action);
- polkit_policy_default_debug (policy_file_entry->defaults);
-}
-
-/**
- * polkit_policy_file_entry_get_id:
- * @policy_file_entry: the file entry
- *
- * Get the action identifier.
- *
- * Returns: A string - caller shall not free this string.
- **/
-const char *
-polkit_policy_file_entry_get_id (PolKitPolicyFileEntry *policy_file_entry)
-{
- kit_return_val_if_fail (policy_file_entry != NULL, NULL);
- return policy_file_entry->action;
-}
-
-/**
- * polkit_policy_file_entry_get_default:
- * @policy_file_entry: the file entry
- *
- * Get the the default policy for this policy.
- *
- * Returns: A #PolKitPolicyDefault object - caller shall not unref or modify this object.
- **/
-PolKitPolicyDefault *
-polkit_policy_file_entry_get_default (PolKitPolicyFileEntry *policy_file_entry)
-{
- kit_return_val_if_fail (policy_file_entry != NULL, NULL);
- return policy_file_entry->defaults;
-}
-
-/**
- * polkit_policy_file_entry_get_default_factory:
- * @policy_file_entry: the file entry
- *
- * Get the factory defaults for the entry. This may be different that
- * what polkit_policy_file_entry_get_default() returns if the function
- * polkit_policy_file_entry_set_default() have been used to change the
- * defaults.
- *
- * Returns: A #PolKitPolicyDefault object - caller shall not unref or modify this object.
- *
- * Since: 0.7
- */
-PolKitPolicyDefault *
-polkit_policy_file_entry_get_default_factory (PolKitPolicyFileEntry *policy_file_entry)
-{
- kit_return_val_if_fail (policy_file_entry != NULL, NULL);
- return policy_file_entry->defaults_factory;
-}
-
-/**
- * polkit_policy_file_entry_set_default:
- * @policy_file_entry: the file entry
- * @defaults: the new defaults to set
- * @error: return location for error or #NULL
- *
- * Set new defaults for a given policy file entry; subsequent calls to
- * polkit_policy_file_get_default() will return these values. Note
- * that the old defaults are not modified; they are still available via
- * polkit_policy_file_entry_get_default_factory().
- *
- * This operation requires the
- * org.freedesktop.policykit.modify-defaults authorization and will
- * fail if the caller lacks it.
- *
- * Returns: %TRUE if the given defaults was set; %FALSE if @error is set.
- *
- * Since: 0.7
- */
-polkit_bool_t
-polkit_policy_file_entry_set_default (PolKitPolicyFileEntry *policy_file_entry,
- PolKitPolicyDefault *defaults,
- PolKitError **error)
-{
- polkit_bool_t ret;
-
- ret = FALSE;
-
- kit_return_val_if_fail (policy_file_entry != NULL, FALSE);
- kit_return_val_if_fail (defaults != NULL, FALSE);
-
-#ifndef POLKIT_AUTHDB_DEFAULT
- polkit_error_set_error (error, POLKIT_ERROR_NOT_SUPPORTED, "Not supported");
-#else
- char *helper_argv[7] = {PACKAGE_LIBEXEC_DIR "/polkit-set-default-helper-1",
- NULL, /* arg1: action_id */
- NULL, /* arg2: "clear" or "set" */
- NULL, /* arg3: result_any */
- NULL, /* arg4: result_inactive */
- NULL, /* arg5: result_active */
- NULL};
- int exit_status;
- PolKitResult any;
- PolKitResult inactive;
- PolKitResult active;
-
- if (polkit_policy_default_equals (policy_file_entry->defaults, defaults)) {
- /* no point in doing extra work.. */
- ret = TRUE;
- goto out;
- }
-
- any = polkit_policy_default_get_allow_any (defaults);
- inactive = polkit_policy_default_get_allow_inactive (defaults);
- active = polkit_policy_default_get_allow_active (defaults);
-
- helper_argv[1] = policy_file_entry->action;
-
- if (polkit_policy_default_equals (policy_file_entry->defaults_factory, defaults)) {
- helper_argv[2] = "clear";
- helper_argv[3] = NULL;
- } else {
- helper_argv[2] = "set";
- helper_argv[3] = (char *) polkit_result_to_string_representation (any);
- helper_argv[4] = (char *) polkit_result_to_string_representation (inactive);
- helper_argv[5] = (char *) polkit_result_to_string_representation (active);
- helper_argv[6] = NULL;
- }
-
- if (!kit_spawn_sync (NULL, /* const char *working_directory */
- 0, /* flags */
- helper_argv, /* char **argv */
- NULL, /* char **envp */
- NULL, /* char *stdin */
- NULL, /* char **stdout */
- NULL, /* char **stderr */
- &exit_status)) { /* int *exit_status */
- polkit_error_set_error (error,
- POLKIT_ERROR_GENERAL_ERROR,
- "Error spawning set-default helper: %m");
- goto out;
- }
-
- if (!WIFEXITED (exit_status)) {
- kit_warning ("Set-default helper crashed!");
- polkit_error_set_error (error,
- POLKIT_ERROR_GENERAL_ERROR,
- "set-default helper crashed!");
- goto out;
- } else if (WEXITSTATUS(exit_status) != 0) {
- polkit_error_set_error (error,
- POLKIT_ERROR_NOT_AUTHORIZED_TO_MODIFY_DEFAULTS,
- "uid %d is not authorized to modify defaults for implicit authorization for action %s (requires org.freedesktop.policykit.modify-defaults)",
- getuid (), policy_file_entry->action);
- } else {
- ret = TRUE;
- }
-out:
-#endif /* POLKIT_AUTHDB_DEFAULT */
- return ret;
-}
-
-
-typedef struct {
- PolKitPolicyFileEntry *pfe;
- PolKitPolicyFileEntryAnnotationsForeachFunc cb;
- void *user_data;
-} _AnnotationsClosure;
-
-static polkit_bool_t
-_annotations_cb (void *key,
- void *value,
- void *user_data,
- KitHash *hash)
-{
- _AnnotationsClosure *closure = user_data;
- return closure->cb (closure->pfe, (const char *) key, (const char *) value, closure->user_data);
-}
-
-/**
- * polkit_policy_file_entry_annotations_foreach:
- * @policy_file_entry: the policy file entry
- * @cb: callback function
- * @user_data: user data to pass to the callback function
- *
- * Iterate over all annotations on the policy file entry.
- *
- * Returns: #TRUE only if the iteration was short-circuited
- */
-polkit_bool_t
-polkit_policy_file_entry_annotations_foreach (PolKitPolicyFileEntry *policy_file_entry,
- PolKitPolicyFileEntryAnnotationsForeachFunc cb,
- void *user_data)
-{
- _AnnotationsClosure closure;
-
- kit_return_val_if_fail (policy_file_entry != NULL, FALSE);
- if (policy_file_entry->annotations == NULL)
- return FALSE;
-
- closure.pfe = policy_file_entry;
- closure.cb = cb;
- closure.user_data = user_data;
-
- return kit_hash_foreach (policy_file_entry->annotations,
- _annotations_cb,
- &closure);
-}
-
-/**
- * polkit_policy_file_entry_get_annotation:
- * @policy_file_entry: the policy file entry
- * @key: the key of the annotation
- *
- * Look of the value of a given annotation.
- *
- * Returns: The value of the annotation or #NULL if not found.
- */
-const char *
-polkit_policy_file_entry_get_annotation (PolKitPolicyFileEntry *policy_file_entry,
- const char *key)
-{
- const char *value;
- kit_return_val_if_fail (policy_file_entry != NULL, NULL);
- kit_return_val_if_fail (key != NULL, NULL);
-
- value = NULL;
- if (policy_file_entry->annotations != NULL) {
- value = kit_hash_lookup (policy_file_entry->annotations, (void *) key, NULL);
- }
- return value;
-}
-
-#ifdef POLKIT_BUILD_TESTS
-
-static polkit_bool_t
-_pfe_cb (PolKitPolicyFileEntry *pfe,
- const char *key,
- const char *value,
- void *user_data)
-{
- int *count = (int *) user_data;
-
- if (strcmp (key, "a1") == 0 && strcmp (value, "v1") == 0)
- *count += 1;
- else if (strcmp (key, "a2") == 0 && strcmp (value, "v2") == 0)
- *count += 1;
-
- return FALSE;
-}
-
-static polkit_bool_t
-_pfe_cb2 (PolKitPolicyFileEntry *pfe,
- const char *key,
- const char *value,
- void *user_data)
-{
- int *count = (int *) user_data;
- *count += 1;
-
- return FALSE;
-}
-
-
-static polkit_bool_t
-_run_test (void)
-{
- PolKitPolicyFileEntry *pfe;
- PolKitPolicyDefault *d;
- KitHash *a;
- int count;
-
- a = NULL;
- pfe = NULL;
-
- if ((a = kit_hash_new (kit_hash_str_hash_func,
- kit_hash_str_equal_func,
- NULL, NULL,
- NULL, NULL)) == NULL)
- goto oom;
-
- if (!kit_hash_insert (a, "a1", "v1"))
- goto oom;
-
- if (!kit_hash_insert (a, "a2", "v2"))
- goto oom;
-
- if ((pfe = _polkit_policy_file_entry_new ("org.example-action",
- NULL,
- NULL,
- NULL,
- POLKIT_RESULT_NO,
- POLKIT_RESULT_ONLY_VIA_SELF_AUTH,
- POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH,
- a)) == NULL)
- goto oom;
- /* _file_entry_new assumes ownership of the passed a variable */
- a = NULL;
-
- kit_assert (strcmp (polkit_policy_file_entry_get_id (pfe), "org.example-action") == 0);
-
- if (_polkit_policy_file_entry_set_descriptions (pfe,
- "the desc",
- "the msg")) {
- kit_assert (strcmp (polkit_policy_file_entry_get_action_description (pfe), "the desc") == 0);
- kit_assert (strcmp (polkit_policy_file_entry_get_action_message (pfe), "the msg") == 0);
- }
-
- if (_polkit_policy_file_entry_set_descriptions (pfe,
- "the desc2",
- "the msg2")) {
- kit_assert (strcmp (polkit_policy_file_entry_get_action_description (pfe), "the desc2") == 0);
- kit_assert (strcmp (polkit_policy_file_entry_get_action_message (pfe), "the msg2") == 0);
- }
-
- kit_assert ((d = polkit_policy_file_entry_get_default (pfe)) != NULL);
-
-#ifdef POLKIT_AUTHDB_DEFAULT
- kit_assert (polkit_policy_default_get_allow_any (d) == POLKIT_RESULT_NO);
- kit_assert (polkit_policy_default_get_allow_inactive (d) == POLKIT_RESULT_ONLY_VIA_SELF_AUTH);
- kit_assert (polkit_policy_default_get_allow_active (d) == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH);
-#endif
-
- polkit_policy_file_entry_ref (pfe);
- polkit_policy_file_entry_unref (pfe);
- polkit_policy_file_entry_debug (pfe);
-
- kit_assert (strcmp (polkit_policy_file_entry_get_annotation (pfe, "a1"), "v1") == 0);
- kit_assert (strcmp (polkit_policy_file_entry_get_annotation (pfe, "a2"), "v2") == 0);
- kit_assert (polkit_policy_file_entry_get_annotation (pfe, "a3") == NULL);
-
- count = 0;
- polkit_policy_file_entry_annotations_foreach (pfe, _pfe_cb, &count);
- kit_assert (count == 2);
-
- polkit_policy_file_entry_unref (pfe);
- if ((pfe = _polkit_policy_file_entry_new ("org.example-action-2",
- NULL,
- NULL,
- NULL,
- POLKIT_RESULT_NO,
- POLKIT_RESULT_ONLY_VIA_SELF_AUTH,
- POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH,
- NULL)) == NULL)
- goto oom;
- count = 0;
- polkit_policy_file_entry_annotations_foreach (pfe, _pfe_cb2, &count);
- kit_assert (count == 0);
- _pfe_cb2 (pfe, NULL, NULL, &count); /* want to get coverage of _pfe_cb2 */
- kit_assert (count == 1);
-
-oom:
- if (pfe != NULL)
- polkit_policy_file_entry_unref (pfe);
-
- if (a != NULL)
- kit_hash_unref (a);
-
- return TRUE;
-}
-
-KitTest _test_policy_file_entry = {
- "polkit_policy_file_entry",
- NULL,
- NULL,
- _run_test
-};
-
-#endif /* POLKIT_BUILD_TESTS */
diff --git a/src/polkit/polkit-policy-file-entry.h b/src/polkit/polkit-policy-file-entry.h
deleted file mode 100644
index d1ec204..0000000
--- a/src/polkit/polkit-policy-file-entry.h
+++ /dev/null
@@ -1,92 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-policy-file-entry.h : entries in policy files
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without
- * restriction, including without limitation the rights to use, copy,
- * modify, merge, publish, distribute, sublicense, and/or sell copies
- * of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be
- * included in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
- * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_POLICY_FILE_ENTRY_H
-#define POLKIT_POLICY_FILE_ENTRY_H
-
-#include <polkit/polkit-types.h>
-#include <polkit/polkit-result.h>
-#include <polkit/polkit-policy-default.h>
-#include <polkit/polkit-error.h>
-
-POLKIT_BEGIN_DECLS
-
-struct _PolKitPolicyFileEntry;
-typedef struct _PolKitPolicyFileEntry PolKitPolicyFileEntry;
-
-/**
- * PolKitPolicyFileEntryAnnotationsForeachFunc:
- * @policy_file_entry: the policy file entry
- * @key: key of the annotation
- * @value: corrosponding value of the annotation
- * @user_data: user data passed to polkit_policy_file_entry_annotations_foreach()
- *
- * Callback function for polkit_policy_file_entry_annotations_foreach().
- *
- * Returns: Pass #TRUE to short-circuit, e.g. stop the iteration
- **/
-typedef polkit_bool_t (*PolKitPolicyFileEntryAnnotationsForeachFunc) (PolKitPolicyFileEntry *policy_file_entry,
- const char *key,
- const char *value,
- void *user_data);
-
-PolKitPolicyFileEntry *polkit_policy_file_entry_ref (PolKitPolicyFileEntry *policy_file_entry);
-void polkit_policy_file_entry_unref (PolKitPolicyFileEntry *policy_file_entry);
-void polkit_policy_file_entry_debug (PolKitPolicyFileEntry *policy_file_entry);
-
-const char *polkit_policy_file_entry_get_id (PolKitPolicyFileEntry *policy_file_entry);
-PolKitPolicyDefault *polkit_policy_file_entry_get_default (PolKitPolicyFileEntry *policy_file_entry);
-
-const char *polkit_policy_file_entry_get_action_description (PolKitPolicyFileEntry *policy_file_entry);
-const char *polkit_policy_file_entry_get_action_message (PolKitPolicyFileEntry *policy_file_entry);
-
-const char *polkit_policy_file_entry_get_action_vendor (PolKitPolicyFileEntry *policy_file_entry);
-const char *polkit_policy_file_entry_get_action_vendor_url (PolKitPolicyFileEntry *policy_file_entry);
-const char *polkit_policy_file_entry_get_action_icon_name (PolKitPolicyFileEntry *policy_file_entry);
-
-polkit_bool_t polkit_policy_file_entry_annotations_foreach (PolKitPolicyFileEntry *policy_file_entry,
- PolKitPolicyFileEntryAnnotationsForeachFunc cb,
- void *user_data);
-const char *polkit_policy_file_entry_get_annotation (PolKitPolicyFileEntry *policy_file_entry,
- const char *key);
-
-PolKitPolicyDefault *polkit_policy_file_entry_get_default_factory (PolKitPolicyFileEntry *policy_file_entry);
-polkit_bool_t polkit_policy_file_entry_set_default (PolKitPolicyFileEntry *policy_file_entry,
- PolKitPolicyDefault *defaults,
- PolKitError **error);
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_POLICY_FILE_ENTRY_H */
-
-
diff --git a/src/polkit/polkit-policy-file.c b/src/polkit/polkit-policy-file.c
deleted file mode 100644
index 14bfc85..0000000
--- a/src/polkit/polkit-policy-file.c
+++ /dev/null
@@ -1,964 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-policy-file.c : policy files
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without
- * restriction, including without limitation the rights to use, copy,
- * modify, merge, publish, distribute, sublicense, and/or sell copies
- * of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be
- * included in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
- * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-#include <syslog.h>
-#include <sys/stat.h>
-
-#include <expat.h>
-
-#include "polkit-error.h"
-#include "polkit-result.h"
-#include "polkit-policy-file.h"
-#include "polkit-policy-file-entry.h"
-#include "polkit-debug.h"
-#include "polkit-private.h"
-#include "polkit-test.h"
-
-/**
- * SECTION:polkit-policy-file
- * @title: Policy Definition Files
- * @short_description: Represents a set of declared actions.
- *
- * This class is used to represent a policy file.
- **/
-
-/**
- * PolKitPolicyFile:
- *
- * Objects of this class are used to record information about a
- * policy file.
- **/
-struct _PolKitPolicyFile
-{
- int refcount;
- KitList *entries;
-};
-
-enum {
- STATE_NONE,
- STATE_UNKNOWN_TAG,
- STATE_IN_POLICY_CONFIG,
- STATE_IN_POLICY_VENDOR,
- STATE_IN_POLICY_VENDOR_URL,
- STATE_IN_POLICY_ICON_NAME,
- STATE_IN_ACTION,
- STATE_IN_ACTION_DESCRIPTION,
- STATE_IN_ACTION_MESSAGE,
- STATE_IN_ACTION_VENDOR,
- STATE_IN_ACTION_VENDOR_URL,
- STATE_IN_ACTION_ICON_NAME,
- STATE_IN_DEFAULTS,
- STATE_IN_DEFAULTS_ALLOW_ANY,
- STATE_IN_DEFAULTS_ALLOW_INACTIVE,
- STATE_IN_DEFAULTS_ALLOW_ACTIVE,
- STATE_IN_ANNOTATE
-};
-
-#define PARSER_MAX_DEPTH 32
-
-typedef struct {
- XML_Parser parser;
- int state;
- int state_stack[PARSER_MAX_DEPTH];
- int stack_depth;
-
- const char *path;
-
- char *global_vendor;
- char *global_vendor_url;
- char *global_icon_name;
-
- char *action_id;
- char *vendor;
- char *vendor_url;
- char *icon_name;
-
- PolKitResult defaults_allow_any;
- PolKitResult defaults_allow_inactive;
- PolKitResult defaults_allow_active;
-
- PolKitPolicyFile *pf;
-
- polkit_bool_t load_descriptions;
-
- KitHash *policy_descriptions;
- KitHash *policy_messages;
-
- char *policy_description_nolang;
- char *policy_message_nolang;
-
- /* the language according to $LANG (e.g. en_US, da_DK, fr, en_CA minus the encoding) */
- char *lang;
-
- /* the value of xml:lang for the thing we're reading in _cdata() */
- char *elem_lang;
-
- char *annotate_key;
- KitHash *annotations;
-
- polkit_bool_t is_oom;
-} ParserData;
-
-static void
-pd_unref_action_data (ParserData *pd)
-{
- kit_free (pd->action_id);
- pd->action_id = NULL;
-
- kit_free (pd->vendor);
- pd->vendor = NULL;
- kit_free (pd->vendor_url);
- pd->vendor_url = NULL;
- kit_free (pd->icon_name);
- pd->icon_name = NULL;
-
- kit_free (pd->policy_description_nolang);
- pd->policy_description_nolang = NULL;
- kit_free (pd->policy_message_nolang);
- pd->policy_message_nolang = NULL;
- if (pd->policy_descriptions != NULL) {
- kit_hash_unref (pd->policy_descriptions);
- pd->policy_descriptions = NULL;
- }
- if (pd->policy_messages != NULL) {
- kit_hash_unref (pd->policy_messages);
- pd->policy_messages = NULL;
- }
- kit_free (pd->annotate_key);
- pd->annotate_key = NULL;
- if (pd->annotations != NULL) {
- kit_hash_unref (pd->annotations);
- pd->annotations = NULL;
- }
- kit_free (pd->elem_lang);
- pd->elem_lang = NULL;
-}
-
-static void
-pd_unref_data (ParserData *pd)
-{
- pd_unref_action_data (pd);
- kit_free (pd->lang);
- pd->lang = NULL;
-
- kit_free (pd->global_vendor);
- pd->global_vendor = NULL;
- kit_free (pd->global_vendor_url);
- pd->global_vendor_url = NULL;
- kit_free (pd->global_icon_name);
- pd->global_icon_name = NULL;
-}
-
-static void
-_start (void *data, const char *el, const char **attr)
-{
- int state;
- int num_attr;
- ParserData *pd = data;
-
- for (num_attr = 0; attr[num_attr] != NULL; num_attr++)
- ;
-
- state = STATE_NONE;
-
- switch (pd->state) {
- case STATE_NONE:
- if (strcmp (el, "policyconfig") == 0) {
- state = STATE_IN_POLICY_CONFIG;
- }
- break;
- case STATE_IN_POLICY_CONFIG:
- if (strcmp (el, "action") == 0) {
- if (num_attr != 2 || strcmp (attr[0], "id") != 0)
- goto error;
- state = STATE_IN_ACTION;
-
- if (!polkit_action_validate_id (attr[1]))
- goto error;
-
- pd_unref_action_data (pd);
- pd->action_id = kit_strdup (attr[1]);
- if (pd->action_id == NULL)
- goto oom;
- pd->policy_descriptions = kit_hash_new (kit_hash_str_hash_func,
- kit_hash_str_equal_func,
- kit_hash_str_copy, kit_hash_str_copy,
- kit_free, kit_free);
- pd->policy_messages = kit_hash_new (kit_hash_str_hash_func,
- kit_hash_str_equal_func,
- kit_hash_str_copy, kit_hash_str_copy,
- kit_free, kit_free);
-
- /* initialize defaults */
- pd->defaults_allow_any = POLKIT_RESULT_NO;
- pd->defaults_allow_inactive = POLKIT_RESULT_NO;
- pd->defaults_allow_active = POLKIT_RESULT_NO;
- } else if (strcmp (el, "vendor") == 0 && num_attr == 0) {
- state = STATE_IN_POLICY_VENDOR;
- } else if (strcmp (el, "vendor_url") == 0 && num_attr == 0) {
- state = STATE_IN_POLICY_VENDOR_URL;
- } else if (strcmp (el, "icon_name") == 0 && num_attr == 0) {
- state = STATE_IN_POLICY_ICON_NAME;
- }
- break;
- case STATE_IN_ACTION:
- if (strcmp (el, "defaults") == 0) {
- state = STATE_IN_DEFAULTS;
- } else if (strcmp (el, "description") == 0) {
- if (num_attr == 2 && strcmp (attr[0], "xml:lang") == 0) {
- pd->elem_lang = kit_strdup (attr[1]);
- if (pd->elem_lang == NULL)
- goto oom;
- }
- state = STATE_IN_ACTION_DESCRIPTION;
- } else if (strcmp (el, "message") == 0) {
- if (num_attr == 2 && strcmp (attr[0], "xml:lang") == 0) {
- pd->elem_lang = kit_strdup (attr[1]);
- if (pd->elem_lang == NULL)
- goto oom;
- }
- state = STATE_IN_ACTION_MESSAGE;
- } else if (strcmp (el, "vendor") == 0 && num_attr == 0) {
- state = STATE_IN_ACTION_VENDOR;
- } else if (strcmp (el, "vendor_url") == 0 && num_attr == 0) {
- state = STATE_IN_ACTION_VENDOR_URL;
- } else if (strcmp (el, "icon_name") == 0 && num_attr == 0) {
- state = STATE_IN_ACTION_ICON_NAME;
- } else if (strcmp (el, "annotate") == 0) {
- if (num_attr != 2 || strcmp (attr[0], "key") != 0)
- goto error;
- state = STATE_IN_ANNOTATE;
-
- kit_free (pd->annotate_key);
- pd->annotate_key = kit_strdup (attr[1]);
- if (pd->annotate_key == NULL)
- goto oom;
- }
- break;
- case STATE_IN_DEFAULTS:
- if (strcmp (el, "allow_any") == 0)
- state = STATE_IN_DEFAULTS_ALLOW_ANY;
- else if (strcmp (el, "allow_inactive") == 0)
- state = STATE_IN_DEFAULTS_ALLOW_INACTIVE;
- else if (strcmp (el, "allow_active") == 0)
- state = STATE_IN_DEFAULTS_ALLOW_ACTIVE;
- break;
- default:
- break;
- }
-
- if (state == STATE_NONE) {
- //kit_warning ("skipping unknown tag <%s> at line %d of %s",
- // el, (int) XML_GetCurrentLineNumber (pd->parser), pd->path);
- state = STATE_UNKNOWN_TAG;
- }
-
- pd->state = state;
- pd->state_stack[pd->stack_depth] = pd->state;
- pd->stack_depth++;
- return;
-oom:
- pd->is_oom = TRUE;
-error:
- XML_StopParser (pd->parser, FALSE);
-}
-
-static polkit_bool_t
-_validate_icon_name (const char *icon_name)
-{
- unsigned int n;
- polkit_bool_t ret;
- size_t len;
-
- ret = FALSE;
-
- len = strlen (icon_name);
-
- /* check for common suffixes */
- if (kit_str_has_suffix (icon_name, ".png"))
- goto out;
- if (kit_str_has_suffix (icon_name, ".jpg"))
- goto out;
-
- /* icon name cannot be a path */
- for (n = 0; n < len; n++) {
- if (icon_name [n] == '/') {
- goto out;
- }
- }
-
- ret = TRUE;
-
-out:
- return ret;
-}
-
-static void
-_cdata (void *data, const char *s, int len)
-{
- char *str;
- ParserData *pd = data;
-
- str = kit_strndup (s, len);
- if (str == NULL)
- goto oom;
-
- switch (pd->state) {
-
- case STATE_IN_ACTION_DESCRIPTION:
- if (pd->load_descriptions) {
- if (pd->elem_lang == NULL) {
- kit_free (pd->policy_description_nolang);
- pd->policy_description_nolang = str;
- str = NULL;
- } else {
- if (!kit_hash_insert (pd->policy_descriptions, pd->elem_lang, str))
- goto oom;
- }
- }
- break;
-
- case STATE_IN_ACTION_MESSAGE:
- if (pd->load_descriptions) {
- if (pd->elem_lang == NULL) {
- kit_free (pd->policy_message_nolang);
- pd->policy_message_nolang = str;
- str = NULL;
- } else {
- if (!kit_hash_insert (pd->policy_messages, pd->elem_lang, str))
- goto oom;
- }
- }
- break;
-
- case STATE_IN_POLICY_VENDOR:
- if (pd->load_descriptions) {
- kit_free (pd->global_vendor);
- pd->global_vendor = str;
- str = NULL;
- }
- break;
-
- case STATE_IN_POLICY_VENDOR_URL:
- if (pd->load_descriptions) {
- kit_free (pd->global_vendor_url);
- pd->global_vendor_url = str;
- str = NULL;
- }
- break;
-
- case STATE_IN_POLICY_ICON_NAME:
- if (! _validate_icon_name (str)) {
- kit_warning ("Icon name '%s' is invalid", str);
- goto error;
- }
-
- if (pd->load_descriptions) {
- kit_free (pd->global_icon_name);
- pd->global_icon_name = str;
- str = NULL;
- }
- break;
-
- case STATE_IN_ACTION_VENDOR:
- if (pd->load_descriptions) {
- kit_free (pd->vendor);
- pd->vendor = str;
- str = NULL;
- }
- break;
-
- case STATE_IN_ACTION_VENDOR_URL:
- if (pd->load_descriptions) {
- kit_free (pd->vendor_url);
- pd->vendor_url = str;
- str = NULL;
- }
- break;
-
- case STATE_IN_ACTION_ICON_NAME:
- if (! _validate_icon_name (str)) {
- kit_warning ("Icon name '%s' is invalid", str);
- goto error;
- }
-
- if (pd->load_descriptions) {
- kit_free (pd->icon_name);
- pd->icon_name = str;
- str = NULL;
- }
- break;
-
- case STATE_IN_DEFAULTS_ALLOW_ANY:
- if (!polkit_result_from_string_representation (str, &pd->defaults_allow_any))
- goto error;
- break;
- case STATE_IN_DEFAULTS_ALLOW_INACTIVE:
- if (!polkit_result_from_string_representation (str, &pd->defaults_allow_inactive))
- goto error;
- break;
- case STATE_IN_DEFAULTS_ALLOW_ACTIVE:
- if (!polkit_result_from_string_representation (str, &pd->defaults_allow_active))
- goto error;
- break;
-
- case STATE_IN_ANNOTATE:
- if (pd->annotations == NULL) {
- pd->annotations = kit_hash_new (kit_hash_str_hash_func,
- kit_hash_str_equal_func,
- kit_hash_str_copy, kit_hash_str_copy,
- kit_free, kit_free);
- if (pd->annotations == NULL)
- goto oom;
- }
- if (!kit_hash_insert (pd->annotations, pd->annotate_key, str))
- goto oom;
- break;
-
- default:
- break;
- }
- kit_free (str);
- return;
-oom:
- pd->is_oom = TRUE;
-error:
- kit_free (str);
- XML_StopParser (pd->parser, FALSE);
-}
-
-/**
- * _localize:
- * @translations: a mapping from xml:lang to the value, e.g. 'da' -> 'Smadre', 'en_CA' -> 'Punch, Aye!'
- * @untranslated: the untranslated value, e.g. 'Punch'
- * @lang: the locale we're interested in, e.g. 'da_DK', 'da', 'en_CA', 'en_US'; basically just $LANG
- * with the encoding cut off. Maybe be NULL.
- *
- * Pick the correct translation to use.
- *
- * Returns: the localized string to use
- */
-static const char *
-_localize (KitHash *translations, const char *untranslated, const char *lang)
-{
- const char *result;
- char lang2[256];
- int n;
-
- if (lang == NULL) {
- result = untranslated;
- goto out;
- }
-
- /* first see if we have the translation */
- result = (const char *) kit_hash_lookup (translations, (void *) lang, NULL);
- if (result != NULL)
- goto out;
-
- /* we could have a translation for 'da' but lang=='da_DK'; cut off the last part and try again */
- strncpy (lang2, lang, sizeof (lang2));
- for (n = 0; lang2[n] != '\0'; n++) {
- if (lang2[n] == '_') {
- lang2[n] = '\0';
- break;
- }
- }
- result = (const char *) kit_hash_lookup (translations, (void *) lang2, NULL);
- if (result != NULL)
- goto out;
-
- /* fall back to untranslated */
- result = untranslated;
-out:
- return result;
-}
-
-static void
-_end (void *data, const char *el)
-{
- ParserData *pd = data;
- KitList *l;
-
- kit_free (pd->elem_lang);
- pd->elem_lang = NULL;
-
- switch (pd->state) {
- case STATE_IN_ACTION:
- {
- const char *policy_description;
- const char *policy_message;
- PolKitPolicyFileEntry *pfe;
- char *vendor;
- char *vendor_url;
- char *icon_name;
-
- vendor = pd->vendor;
- if (vendor == NULL)
- vendor = pd->global_vendor;
-
- vendor_url = pd->vendor_url;
- if (vendor_url == NULL)
- vendor_url = pd->global_vendor_url;
-
- icon_name = pd->icon_name;
- if (icon_name == NULL)
- icon_name = pd->global_icon_name;
-
- /* NOTE: caller takes ownership of the annotations object */
- pfe = _polkit_policy_file_entry_new (pd->action_id,
- vendor,
- vendor_url,
- icon_name,
- pd->defaults_allow_any,
- pd->defaults_allow_inactive,
- pd->defaults_allow_active,
- pd->annotations);
- if (pfe == NULL)
- goto oom;
- pd->annotations = NULL;
-
- if (pd->load_descriptions) {
- policy_description = _localize (pd->policy_descriptions, pd->policy_description_nolang, pd->lang);
- policy_message = _localize (pd->policy_messages, pd->policy_message_nolang, pd->lang);
- } else {
- policy_description = NULL;
- policy_message = NULL;
- }
-
- if (pd->load_descriptions) {
- if (!_polkit_policy_file_entry_set_descriptions (pfe,
- policy_description,
- policy_message)) {
- polkit_policy_file_entry_unref (pfe);
- goto oom;
- }
- }
-
- l = kit_list_prepend (pd->pf->entries, pfe);
- if (l == NULL) {
- polkit_policy_file_entry_unref (pfe);
- goto oom;
- }
- pd->pf->entries = l;
- break;
- }
- default:
- break;
- }
-
- --pd->stack_depth;
- if (pd->stack_depth < 0 || pd->stack_depth >= PARSER_MAX_DEPTH) {
- polkit_debug ("reached max depth?");
- goto error;
- }
- if (pd->stack_depth > 0)
- pd->state = pd->state_stack[pd->stack_depth - 1];
- else
- pd->state = STATE_NONE;
-
- return;
-oom:
- pd->is_oom = 1;
-error:
- XML_StopParser (pd->parser, FALSE);
-}
-
-/**
- * polkit_policy_file_new:
- * @path: path to file
- * @load_descriptions: whether descriptions should be loaded
- * @error: Return location for error
- *
- * Load a policy file.
- *
- * Returns: The new object or #NULL if error is set
- **/
-PolKitPolicyFile *
-polkit_policy_file_new (const char *path, polkit_bool_t load_descriptions, PolKitError **error)
-{
- PolKitPolicyFile *pf;
- ParserData pd;
- int xml_res;
- char *lang;
- char *buf;
- size_t buflen;
-
- pf = NULL;
- buf = NULL;
-
- /* clear parser data */
- memset (&pd, 0, sizeof (ParserData));
-
- if (!kit_str_has_suffix (path, ".policy")) {
- polkit_error_set_error (error,
- POLKIT_ERROR_POLICY_FILE_INVALID,
- "Policy files must have extension .policy; file '%s' doesn't", path);
- goto error;
- }
-
- if (!kit_file_get_contents (path, &buf, &buflen)) {
- if (errno == ENOMEM) {
- polkit_error_set_error (error, POLKIT_ERROR_OUT_OF_MEMORY,
- "Cannot load PolicyKit policy file at '%s': %s",
- path,
- "No memory for parser");
- } else {
- polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID,
- "Cannot load PolicyKit policy file at '%s': %m",
- path);
- }
- goto error;
- }
-
- pd.path = path;
-/* #ifdef POLKIT_BUILD_TESTS
- TODO: expat appears to leak on certain OOM paths
-*/
-#if 0
- XML_Memory_Handling_Suite memsuite = {p_malloc, p_realloc, kit_free};
- pd.parser = XML_ParserCreate_MM (NULL, &memsuite, NULL);
-#else
- pd.parser = XML_ParserCreate (NULL);
-#endif
- pd.stack_depth = 0;
- if (pd.parser == NULL) {
- polkit_error_set_error (error, POLKIT_ERROR_OUT_OF_MEMORY,
- "Cannot load PolicyKit policy file at '%s': %s",
- path,
- "No memory for parser");
- goto error;
- }
- XML_SetUserData (pd.parser, &pd);
- XML_SetElementHandler (pd.parser, _start, _end);
- XML_SetCharacterDataHandler (pd.parser, _cdata);
-
- pf = kit_new0 (PolKitPolicyFile, 1);
- if (pf == NULL) {
- polkit_error_set_error (error, POLKIT_ERROR_OUT_OF_MEMORY,
- "Cannot load PolicyKit policy file at '%s': No memory for object",
- path);
- goto error;
- }
-
- pf->refcount = 1;
-
- /* init parser data */
- pd.state = STATE_NONE;
- pd.pf = pf;
- pd.load_descriptions = load_descriptions;
- lang = getenv ("LANG");
- if (lang != NULL) {
- int n;
- pd.lang = kit_strdup (lang);
- if (pd.lang == NULL) {
- polkit_error_set_error (error, POLKIT_ERROR_OUT_OF_MEMORY,
- "Cannot load PolicyKit policy file at '%s': No memory for lang",
- path);
- goto error;
- }
- for (n = 0; pd.lang[n] != '\0'; n++) {
- if (pd.lang[n] == '.') {
- pd.lang[n] = '\0';
- break;
- }
- }
- }
-
- xml_res = XML_Parse (pd.parser, buf, buflen, 1);
-
- if (xml_res == 0) {
- if (XML_GetErrorCode (pd.parser) == XML_ERROR_NO_MEMORY) {
- polkit_error_set_error (error, POLKIT_ERROR_OUT_OF_MEMORY,
- "Out of memory parsing %s",
- path);
- } else if (pd.is_oom) {
- polkit_error_set_error (error, POLKIT_ERROR_OUT_OF_MEMORY,
- "Out of memory parsing %s",
- path);
- } else {
- polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID,
- "%s:%d: parse error: %s",
- path,
- (int) XML_GetCurrentLineNumber (pd.parser),
- XML_ErrorString (XML_GetErrorCode (pd.parser)));
- }
- XML_ParserFree (pd.parser);
- goto error;
- }
-
- XML_ParserFree (pd.parser);
- kit_free (buf);
- pd_unref_data (&pd);
- return pf;
-error:
- if (pf != NULL)
- polkit_policy_file_unref (pf);
- pd_unref_data (&pd);
- kit_free (buf);
- return NULL;
-}
-
-/**
- * polkit_policy_file_ref:
- * @policy_file: the policy file object
- *
- * Increase reference count.
- *
- * Returns: the object
- **/
-PolKitPolicyFile *
-polkit_policy_file_ref (PolKitPolicyFile *policy_file)
-{
- kit_return_val_if_fail (policy_file != NULL, policy_file);
- policy_file->refcount++;
- return policy_file;
-}
-
-/**
- * polkit_policy_file_unref:
- * @policy_file: the policy file object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-polkit_policy_file_unref (PolKitPolicyFile *policy_file)
-{
- KitList *i;
- kit_return_if_fail (policy_file != NULL);
- policy_file->refcount--;
- if (policy_file->refcount > 0)
- return;
- for (i = policy_file->entries; i != NULL; i = i->next) {
- polkit_policy_file_entry_unref (i->data);
- }
- if (policy_file->entries != NULL)
- kit_list_free (policy_file->entries);
- kit_free (policy_file);
-}
-
-/**
- * polkit_policy_file_entry_foreach:
- * @policy_file: the policy file object
- * @cb: callback to invoke for each entry
- * @user_data: user data
- *
- * Visits all entries in a policy file.
- *
- * Returns: #TRUE if the iteration was short-circuited
- **/
-polkit_bool_t
-polkit_policy_file_entry_foreach (PolKitPolicyFile *policy_file,
- PolKitPolicyFileEntryForeachFunc cb,
- void *user_data)
-{
- KitList *i;
-
- kit_return_val_if_fail (policy_file != NULL, FALSE);
- kit_return_val_if_fail (cb != NULL, FALSE);
-
- for (i = policy_file->entries; i != NULL; i = i->next) {
- PolKitPolicyFileEntry *pfe = i->data;
- if (cb (policy_file, pfe, user_data))
- return TRUE;
- }
-
- return FALSE;
-}
-#ifdef POLKIT_BUILD_TESTS
-
-/* this checks that the policy descriptions read from test-valid-3-lang.policy are correct */
-static polkit_bool_t
-_check_pf (PolKitPolicyFile *pf, PolKitPolicyFileEntry *pfe, void *user_data)
-{
- const char *r_msg;
- const char *r_desc;
- char *msg;
- char *desc;
- char *lang;
- int *counter = (int *) user_data;
- polkit_bool_t is_danish;
-
- is_danish = FALSE;
- lang = getenv ("LANG");
- if (lang != NULL) {
- if (strcmp (lang, "da_DK.UTF8") == 0 ||
- strcmp (lang, "da_DK") == 0 ||
- strcmp (lang, "da") == 0)
- is_danish = TRUE;
- }
-
-
- if (strcmp (polkit_policy_file_entry_get_id (pfe), "org.example.valid3") == 0) {
- if (is_danish) {
- desc = "example (danish)";
- msg = "message (danish)";
- } else {
- desc = "example";
- msg = "message";
- }
- r_desc = polkit_policy_file_entry_get_action_description (pfe);
- r_msg = polkit_policy_file_entry_get_action_message (pfe);
-
- if (strcmp (r_desc, desc) == 0 &&
- strcmp (r_msg, msg) == 0)
- *counter += 1;
-
- } else if (strcmp (polkit_policy_file_entry_get_id (pfe), "org.example.valid3b") == 0) {
- if (is_danish) {
- desc = "example 2 (danish)";
- msg = "message 2 (danish)";
- } else {
- desc = "example 2";
- msg = "message 2";
- }
- r_desc = polkit_policy_file_entry_get_action_description (pfe);
- r_msg = polkit_policy_file_entry_get_action_message (pfe);
-
- if (strcmp (r_desc, desc) == 0 &&
- strcmp (r_msg, msg) == 0)
- *counter += 1;
- }
-
- return FALSE;
-}
-
-static polkit_bool_t
-_run_test (void)
-{
- int m;
- unsigned int n;
- PolKitPolicyFile *pf;
- PolKitError *error;
- const char *valid_files[] = {
- TEST_DATA_DIR "valid/test-valid-1.policy",
- TEST_DATA_DIR "valid/test-valid-2-annotations.policy",
- TEST_DATA_DIR "valid/test-valid-3-lang.policy",
- TEST_DATA_DIR "valid/test-valid-4-unknown-tags.policy",
- };
- const char *invalid_files[] = {
- TEST_DATA_DIR "invalid/non-existant-file.policy",
- TEST_DATA_DIR "invalid/bad.extension",
- TEST_DATA_DIR "invalid/test-invalid-1-action-id.policy",
- TEST_DATA_DIR "invalid/test-invalid-2-bogus-any.policy",
- TEST_DATA_DIR "invalid/test-invalid-3-bogus-inactive.policy",
- TEST_DATA_DIR "invalid/test-invalid-4-bogus-active.policy",
- TEST_DATA_DIR "invalid/test-invalid-5-max-depth.policy",
- };
-
- for (n = 0; n < sizeof (invalid_files) / sizeof (char*); n++) {
- error = NULL;
- kit_assert (polkit_policy_file_new (invalid_files[n], TRUE, &error) == NULL);
- kit_assert (polkit_error_get_error_code (error) == POLKIT_ERROR_OUT_OF_MEMORY ||
- polkit_error_get_error_code (error) == POLKIT_ERROR_POLICY_FILE_INVALID);
- polkit_error_free (error);
- }
-
- for (n = 0; n < sizeof (valid_files) / sizeof (char*); n++) {
-
- for (m = 0; m < 6; m++) {
- polkit_bool_t load_descriptions;
-
- /* only run the multiple lang tests for test-valid-3-lang.policy */
- if (n != 2) {
- if (m > 0)
- break;
- }
-
- load_descriptions = TRUE;
-
- switch (m) {
- case 0:
- unsetenv ("LANG");
- break;
- case 1:
- setenv ("LANG", "da_DK.UTF8", 1);
- break;
- case 2:
- setenv ("LANG", "da_DK", 1);
- break;
- case 3:
- setenv ("LANG", "da", 1);
- break;
- case 4:
- setenv ("LANG", "en_CA", 1);
- break;
- case 5:
- unsetenv ("LANG");
- load_descriptions = FALSE;
- break;
- }
-
- error = NULL;
- if ((pf = polkit_policy_file_new (valid_files[n], load_descriptions, &error)) == NULL) {
- kit_assert (polkit_error_get_error_code (error) == POLKIT_ERROR_OUT_OF_MEMORY);
- polkit_error_free (error);
- } else {
-
- if (n == 2 && m != 5) {
- int num_passed;
-
- num_passed = 0;
- polkit_policy_file_entry_foreach (pf,
- _check_pf,
- &num_passed);
- kit_assert (num_passed == 2);
- }
-
- polkit_policy_file_ref (pf);
- polkit_policy_file_unref (pf);
- polkit_policy_file_unref (pf);
- }
- }
- }
-
- return TRUE;
-}
-
-KitTest _test_policy_file = {
- "polkit_policy_file",
- NULL,
- NULL,
- _run_test
-};
-
-#endif /* POLKIT_BUILD_TESTS */
diff --git a/src/polkit/polkit-policy-file.h b/src/polkit/polkit-policy-file.h
deleted file mode 100644
index d43f222..0000000
--- a/src/polkit/polkit-policy-file.h
+++ /dev/null
@@ -1,73 +0,0 @@
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-policy-file.h : policy files
- *
- * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without
- * restriction, including without limitation the rights to use, copy,
- * modify, merge, publish, distribute, sublicense, and/or sell copies
- * of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be
- * included in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
- * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
- * DEALINGS IN THE SOFTWARE.
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_POLICY_FILE_H
-#define POLKIT_POLICY_FILE_H
-
-#include <polkit/polkit-types.h>
-#include <polkit/polkit-error.h>
-#include <polkit/polkit-policy-file-entry.h>
-
-POLKIT_BEGIN_DECLS
-
-struct _PolKitPolicyFile;
-typedef struct _PolKitPolicyFile PolKitPolicyFile;
-
-/**
- * PolKitPolicyFileEntryForeachFunc:
- * @policy_file: the policy file
- * @policy_file_entry: the entry
- * @user_data: user data
- *
- * Type for function used in polkit_policy_file_entry_foreach().
- *
- * Returns: #TRUE to short-circuit, e.g. stop the iteration
- **/
-typedef polkit_bool_t (*PolKitPolicyFileEntryForeachFunc) (PolKitPolicyFile *policy_file,
- PolKitPolicyFileEntry *policy_file_entry,
- void *user_data);
-
-PolKitPolicyFile *polkit_policy_file_new (const char *path,
- polkit_bool_t load_descriptions,
- PolKitError **error);
-PolKitPolicyFile *polkit_policy_file_ref (PolKitPolicyFile *policy_file);
-void polkit_policy_file_unref (PolKitPolicyFile *policy_file);
-polkit_bool_t polkit_policy_file_entry_foreach (PolKitPolicyFile *policy_file,
- PolKitPolicyFileEntryForeachFunc cb,
- void *user_data);
-
-POLKIT_END_DECLS
-
-#endif /* POLKIT_POLICY_FILE_H */
-
-
diff --git a/src/polkit/polkit-private.h b/src/polkit/polkit-private.h
index 934bcb0..51a240f 100644
--- a/src/polkit/polkit-private.h
+++ b/src/polkit/polkit-private.h
@@ -60,33 +60,22 @@ polkit_bool_t _polkit_authorization_db_auth_file_add (polkit_bool_t transient, u
PolKitAuthorizationDB *_polkit_authorization_db_new (void);
void _polkit_authorization_db_invalidate_cache (PolKitAuthorizationDB *authdb);
-polkit_bool_t _polkit_authorization_db_pfe_foreach (PolKitPolicyCache *policy_cache,
- PolKitPolicyCacheForeachFunc callback,
- void *user_data);
-PolKitPolicyFileEntry* _polkit_authorization_db_pfe_get_by_id (PolKitPolicyCache *policy_cache,
- const char *action_id);
+PolKitImplicitAuthorization *_polkit_implicit_authorization_new (PolKitResult defaults_allow_any,
+ PolKitResult defaults_allow_inactive,
+ PolKitResult defaults_allow_active);
-
-PolKitPolicyCache *_polkit_policy_cache_new (const char *dirname, polkit_bool_t load_descriptions, PolKitError **error);
-
-PolKitPolicyCache *_polkit_policy_cache_new (const char *dirname, polkit_bool_t load_descriptions, PolKitError **error);
-
-PolKitPolicyDefault *_polkit_policy_default_new (PolKitResult defaults_allow_any,
- PolKitResult defaults_allow_inactive,
- PolKitResult defaults_allow_active);
-
-polkit_bool_t _polkit_policy_file_entry_set_descriptions (PolKitPolicyFileEntry *pfe,
+polkit_bool_t _polkit_action_description_set_descriptions (PolKitActionDescription *pfe,
const char *policy_description,
const char *policy_message);
-PolKitPolicyDefault *_polkit_policy_default_new (PolKitResult defaults_allow_any,
- PolKitResult defaults_allow_inactive,
- PolKitResult defaults_allow_active);
+PolKitImplicitAuthorization *_polkit_implicit_authorization_new (PolKitResult defaults_allow_any,
+ PolKitResult defaults_allow_inactive,
+ PolKitResult defaults_allow_active);
-PolKitPolicyFileEntry *_polkit_policy_file_entry_new (const char *action_id,
+PolKitActionDescription *_polkit_action_description_new (const char *action_id,
const char *vendor,
const char *vendor_url,
const char *icon_name,
diff --git a/src/polkit/polkit.h b/src/polkit/polkit.h
index 884fc41..3487c95 100644
--- a/src/polkit/polkit.h
+++ b/src/polkit/polkit.h
@@ -40,10 +40,8 @@
#include <polkit/polkit-seat.h>
#include <polkit/polkit-session.h>
#include <polkit/polkit-caller.h>
-#include <polkit/polkit-policy-file-entry.h>
-#include <polkit/polkit-policy-file.h>
-#include <polkit/polkit-policy-cache.h>
-#include <polkit/polkit-policy-default.h>
+#include <polkit/polkit-action-description.h>
+#include <polkit/polkit-implicit-authorization.h>
#include <polkit/polkit-authorization.h>
#include <polkit/polkit-authorization-db.h>
#include <polkit/polkit-tracker.h>
diff --git a/tools/Makefile.am b/tools/Makefile.am
index 195f832..050260d 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -20,7 +20,7 @@ polkit_auth_1_SOURCES = polkit-auth.c
polkit_auth_1_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/src/polkit/libpolkit-1.la $(top_builddir)/src/polkit-grant/libpolkit-grant-1.la
polkit_action_1_SOURCES = polkit-action.c
-polkit_action_1_LDADD = $(top_builddir)/src/polkit/libpolkit-1.la
+polkit_action_1_LDADD = $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit-1.la
profiledir = $(sysconfdir)/profile.d
profile_SCRIPTS = polkit-bash-completion-1.sh
diff --git a/tools/polkit-action.c b/tools/polkit-action.c
index 5749886..e7af31c 100644
--- a/tools/polkit-action.c
+++ b/tools/polkit-action.c
@@ -53,7 +53,7 @@ usage (int argc, char *argv[])
}
static polkit_bool_t
-_print_annotations (PolKitPolicyFileEntry *policy_file_entry,
+_print_annotations (PolKitActionDescription *action_description,
const char *key,
const char *value,
void *user_data)
@@ -63,23 +63,23 @@ _print_annotations (PolKitPolicyFileEntry *policy_file_entry,
}
static void
-_print_details_for_entry (PolKitPolicyFileEntry *pfe)
+_print_details_for_entry (PolKitActionDescription *pfe)
{
int n;
const char *action_id;
- PolKitPolicyDefault *def;
- PolKitPolicyDefault *def_factory;
+ PolKitImplicitAuthorization *def;
+ PolKitImplicitAuthorization *def_factory;
- action_id = polkit_policy_file_entry_get_id (pfe);
- def = polkit_policy_file_entry_get_default (pfe);
- def_factory = polkit_policy_file_entry_get_default_factory (pfe);
+ action_id = polkit_action_description_get_id (pfe);
+ def = polkit_action_description_get_implicit_authorization (pfe);
+ def_factory = polkit_action_description_get_implicit_authorization_factory (pfe);
printf ("action_id: %s\n"
"description: %s\n"
"message: %s\n",
action_id,
- polkit_policy_file_entry_get_action_description (pfe),
- polkit_policy_file_entry_get_action_message (pfe));
+ polkit_action_description_get_action_description (pfe),
+ polkit_action_description_get_action_message (pfe));
for (n = 0; n < 3; n++) {
PolKitResult result;
@@ -90,18 +90,18 @@ _print_details_for_entry (PolKitPolicyFileEntry *pfe)
default:
case 0:
str = "default_any: ";
- result = polkit_policy_default_get_allow_any (def);
- result_factory = polkit_policy_default_get_allow_any (def_factory);
+ result = polkit_implicit_authorization_get_allow_any (def);
+ result_factory = polkit_implicit_authorization_get_allow_any (def_factory);
break;
case 1:
str = "default_inactive:";
- result = polkit_policy_default_get_allow_inactive (def);
- result_factory = polkit_policy_default_get_allow_inactive (def_factory);
+ result = polkit_implicit_authorization_get_allow_inactive (def);
+ result_factory = polkit_implicit_authorization_get_allow_inactive (def_factory);
break;
case 2:
str = "default_active: ";
- result = polkit_policy_default_get_allow_active (def);
- result_factory = polkit_policy_default_get_allow_active (def_factory);
+ result = polkit_implicit_authorization_get_allow_active (def);
+ result_factory = polkit_implicit_authorization_get_allow_active (def_factory);
break;
}
@@ -114,36 +114,34 @@ _print_details_for_entry (PolKitPolicyFileEntry *pfe)
}
}
- polkit_policy_file_entry_annotations_foreach (pfe, _print_annotations, NULL);
+ polkit_action_description_annotations_foreach (pfe, _print_annotations, NULL);
}
static polkit_bool_t
-_print_entry (PolKitPolicyCache *policy_cache,
- PolKitPolicyFileEntry *pfe,
+_print_entry (PolKitActionDescription *pfe,
void *user_data)
{
const char *action_id;
- action_id = polkit_policy_file_entry_get_id (pfe);
+ action_id = polkit_action_description_get_id (pfe);
printf ("%s\n", action_id);
return FALSE;
}
static polkit_bool_t
-_print_entry_override (PolKitPolicyCache *policy_cache,
- PolKitPolicyFileEntry *pfe,
+_print_entry_override (PolKitActionDescription *pfe,
void *user_data)
{
const char *action_id;
- PolKitPolicyDefault *def;
- PolKitPolicyDefault *def_factory;
+ PolKitImplicitAuthorization *def;
+ PolKitImplicitAuthorization *def_factory;
- def = polkit_policy_file_entry_get_default (pfe);
- def_factory = polkit_policy_file_entry_get_default_factory (pfe);
+ def = polkit_action_description_get_implicit_authorization (pfe);
+ def_factory = polkit_action_description_get_implicit_authorization_factory (pfe);
- if (!polkit_policy_default_equals (def, def_factory)) {
- action_id = polkit_policy_file_entry_get_id (pfe);
+ if (!polkit_implicit_authorization_equals (def, def_factory)) {
+ action_id = polkit_action_description_get_id (pfe);
printf ("%s\n", action_id);
}
@@ -156,7 +154,6 @@ main (int argc, char *argv[])
int n;
int ret;
PolKitContext *ctx;
- PolKitPolicyCache *cache;
PolKitError *error;
char *action_id;
char *reset_action_id;
@@ -211,44 +208,37 @@ main (int argc, char *argv[])
if (ctx == NULL)
goto out;
error = NULL;
- polkit_context_set_load_descriptions (ctx);
if (!polkit_context_init (ctx, &error)) {
fprintf (stderr, "Init failed: %s\n", polkit_error_get_error_message (error));
polkit_context_unref (ctx);
goto out;
}
- cache = polkit_context_get_policy_cache (ctx);
- if (cache == NULL) {
- polkit_context_unref (ctx);
- goto out;
- }
-
if (argc == 1) {
- polkit_policy_cache_foreach (cache, _print_entry, NULL);
+ polkit_context_action_description_foreach (ctx, _print_entry, NULL);
goto done;
}
if (show_overrides) {
- polkit_policy_cache_foreach (cache, _print_entry_override, NULL);
+ polkit_context_action_description_foreach (ctx, _print_entry_override, NULL);
goto done;
}
while (TRUE) {
if (reset_action_id != NULL) {
- PolKitPolicyDefault *def;
- PolKitPolicyFileEntry *pfe;
+ PolKitImplicitAuthorization *def;
+ PolKitActionDescription *pfe;
PolKitError *pk_error;
- pfe = polkit_policy_cache_get_entry_by_id (cache, reset_action_id);
+ pfe = polkit_context_get_action_description (ctx, reset_action_id);
if (pfe == NULL) {
fprintf (stderr, "Cannot find policy file entry for action id '%s'\n", reset_action_id);
goto out;
}
- def = polkit_policy_file_entry_get_default_factory (pfe);
+ def = polkit_action_description_get_implicit_authorization_factory (pfe);
pk_error = NULL;
- if (!polkit_policy_file_entry_set_default (pfe, def, &pk_error)) {
+ if (!polkit_action_description_set_implicit_authorization (pfe, def, &pk_error)) {
fprintf (stderr, "Error: code=%d: %s: %s\n",
polkit_error_get_error_code (pk_error),
polkit_error_get_error_name (pk_error),
@@ -261,20 +251,20 @@ main (int argc, char *argv[])
}
if (set_def_any_action_id != NULL) {
- PolKitPolicyDefault *def;
- PolKitPolicyFileEntry *pfe;
+ PolKitImplicitAuthorization *def;
+ PolKitActionDescription *pfe;
PolKitError *pk_error;
- pfe = polkit_policy_cache_get_entry_by_id (cache, set_def_any_action_id);
+ pfe = polkit_context_get_action_description (ctx, set_def_any_action_id);
if (pfe == NULL) {
fprintf (stderr, "Cannot find policy file entry for action id '%s'\n", set_def_any_action_id);
goto out;
}
- def = polkit_policy_default_clone (polkit_policy_file_entry_get_default (pfe));
- polkit_policy_default_set_allow_any (def, set_def_any_value);
+ def = polkit_implicit_authorization_clone (polkit_action_description_get_implicit_authorization (pfe));
+ polkit_implicit_authorization_set_allow_any (def, set_def_any_value);
pk_error = NULL;
- if (!polkit_policy_file_entry_set_default (pfe, def, &pk_error)) {
+ if (!polkit_action_description_set_implicit_authorization (pfe, def, &pk_error)) {
fprintf (stderr, "Error: code=%d: %s: %s\n",
polkit_error_get_error_code (pk_error),
polkit_error_get_error_name (pk_error),
@@ -282,26 +272,26 @@ main (int argc, char *argv[])
polkit_error_free (pk_error);
goto out;
}
- polkit_policy_default_unref (def);
+ polkit_implicit_authorization_unref (def);
set_def_any_action_id = NULL;
}
if (set_def_inactive_action_id != NULL) {
- PolKitPolicyDefault *def;
- PolKitPolicyFileEntry *pfe;
+ PolKitImplicitAuthorization *def;
+ PolKitActionDescription *pfe;
PolKitError *pk_error;
- pfe = polkit_policy_cache_get_entry_by_id (cache, set_def_inactive_action_id);
+ pfe = polkit_context_get_action_description (ctx, set_def_inactive_action_id);
if (pfe == NULL) {
fprintf (stderr, "Cannot find policy file entry for action id '%s'\n", set_def_inactive_action_id);
goto out;
}
- def = polkit_policy_default_clone (polkit_policy_file_entry_get_default (pfe));
- polkit_policy_default_set_allow_inactive (def, set_def_inactive_value);
+ def = polkit_implicit_authorization_clone (polkit_action_description_get_implicit_authorization (pfe));
+ polkit_implicit_authorization_set_allow_inactive (def, set_def_inactive_value);
pk_error = NULL;
- if (!polkit_policy_file_entry_set_default (pfe, def, &pk_error)) {
+ if (!polkit_action_description_set_implicit_authorization (pfe, def, &pk_error)) {
fprintf (stderr, "Error: code=%d: %s: %s\n",
polkit_error_get_error_code (pk_error),
polkit_error_get_error_name (pk_error),
@@ -309,26 +299,26 @@ main (int argc, char *argv[])
polkit_error_free (pk_error);
goto out;
}
- polkit_policy_default_unref (def);
+ polkit_implicit_authorization_unref (def);
set_def_inactive_action_id = NULL;
}
if (set_def_active_action_id != NULL) {
- PolKitPolicyDefault *def;
- PolKitPolicyFileEntry *pfe;
+ PolKitImplicitAuthorization *def;
+ PolKitActionDescription *pfe;
PolKitError *pk_error;
- pfe = polkit_policy_cache_get_entry_by_id (cache, set_def_active_action_id);
+ pfe = polkit_context_get_action_description (ctx, set_def_active_action_id);
if (pfe == NULL) {
fprintf (stderr, "Cannot find policy file entry for action id '%s'\n", set_def_active_action_id);
goto out;
}
- def = polkit_policy_default_clone (polkit_policy_file_entry_get_default (pfe));
- polkit_policy_default_set_allow_active (def, set_def_active_value);
+ def = polkit_implicit_authorization_clone (polkit_action_description_get_implicit_authorization (pfe));
+ polkit_implicit_authorization_set_allow_active (def, set_def_active_value);
pk_error = NULL;
- if (!polkit_policy_file_entry_set_default (pfe, def, &pk_error)) {
+ if (!polkit_action_description_set_implicit_authorization (pfe, def, &pk_error)) {
fprintf (stderr, "Error: code=%d: %s: %s\n",
polkit_error_get_error_code (pk_error),
polkit_error_get_error_name (pk_error),
@@ -336,14 +326,14 @@ main (int argc, char *argv[])
polkit_error_free (pk_error);
goto out;
}
- polkit_policy_default_unref (def);
+ polkit_implicit_authorization_unref (def);
set_def_active_action_id = NULL;
}
if (action_id != NULL) {
- PolKitPolicyFileEntry *pfe;
- pfe = polkit_policy_cache_get_entry_by_id (cache, action_id);
+ PolKitActionDescription *pfe;
+ pfe = polkit_context_get_action_description (ctx, action_id);
if (pfe == NULL) {
fprintf (stderr, "Cannot find policy file entry for action id '%s'\n", action_id);
goto out;
diff --git a/tools/polkit-auth.c b/tools/polkit-auth.c
index a22f418..bc60d83 100644
--- a/tools/polkit-auth.c
+++ b/tools/polkit-auth.c
@@ -599,21 +599,20 @@ out:
}
static polkit_bool_t
-pfe_iterator_cb (PolKitPolicyCache *policy_cache,
- PolKitPolicyFileEntry *pfe,
+pfe_iterator_cb (PolKitActionDescription *pfe,
void *user_data)
{
PolKitAction *action;
action = polkit_action_new ();
- polkit_action_set_action_id (action, polkit_policy_file_entry_get_id (pfe));
+ polkit_action_set_action_id (action, polkit_action_description_get_id (pfe));
if (polkit_context_is_caller_authorized (pk_context,
action,
pk_caller,
FALSE,
NULL) == POLKIT_RESULT_YES) {
- printf ("%s\n", polkit_policy_file_entry_get_id (pfe));
+ printf ("%s\n", polkit_action_description_get_id (pfe));
}
polkit_action_unref (action);
@@ -622,14 +621,13 @@ pfe_iterator_cb (PolKitPolicyCache *policy_cache,
}
static polkit_bool_t
-pfe_iterator_show_obtainable_cb (PolKitPolicyCache *policy_cache,
- PolKitPolicyFileEntry *pfe,
+pfe_iterator_show_obtainable_cb (PolKitActionDescription *pfe,
void *user_data)
{
PolKitAction *action;
action = polkit_action_new ();
- polkit_action_set_action_id (action, polkit_policy_file_entry_get_id (pfe));
+ polkit_action_set_action_id (action, polkit_action_description_get_id (pfe));
switch (polkit_context_is_caller_authorized (pk_context,
action,
@@ -650,7 +648,7 @@ pfe_iterator_show_obtainable_cb (PolKitPolicyCache *policy_cache,
case POLKIT_RESULT_ONLY_VIA_SELF_AUTH:
case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION:
case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS:
- printf ("%s\n", polkit_policy_file_entry_get_id (pfe));
+ printf ("%s\n", polkit_action_description_get_id (pfe));
break;
}
@@ -995,8 +993,6 @@ main (int argc, char *argv[])
ret = 0;
} else if (opt_show_obtainable) {
- PolKitPolicyCache *pk_policy_cache;
-
if (!ensure_dbus_and_ck ())
goto out;
@@ -1004,14 +1000,11 @@ main (int argc, char *argv[])
* then querying whether the caller is authorized
*/
- pk_policy_cache = polkit_context_get_policy_cache (pk_context);
- polkit_policy_cache_foreach (pk_policy_cache,
- pfe_iterator_show_obtainable_cb,
- NULL);
+ polkit_context_action_description_foreach (pk_context,
+ pfe_iterator_show_obtainable_cb,
+ NULL);
ret = 0;
} else {
- PolKitPolicyCache *pk_policy_cache;
-
if (!ensure_dbus_and_ck ())
goto out;
@@ -1019,10 +1012,9 @@ main (int argc, char *argv[])
* then querying whether the caller is authorized
*/
- pk_policy_cache = polkit_context_get_policy_cache (pk_context);
- polkit_policy_cache_foreach (pk_policy_cache,
- pfe_iterator_cb,
- NULL);
+ polkit_context_action_description_foreach (pk_context,
+ pfe_iterator_cb,
+ NULL);
ret = 0;
}
diff --git a/tools/polkit-policy-file-validate.c b/tools/polkit-policy-file-validate.c
index e77bbdd..94b454e 100644
--- a/tools/polkit-policy-file-validate.c
+++ b/tools/polkit-policy-file-validate.c
@@ -56,14 +56,13 @@ usage (int argc, char *argv[])
}
static polkit_bool_t
-entry_foreach_cb (PolKitPolicyFile *policy_file,
- PolKitPolicyFileEntry *policy_file_entry,
- void *user_data)
+entry_foreach_cb (PolKitActionDescription *action_description,
+ void *user_data)
{
const char *id;
const char *prefix = user_data;
- id = polkit_policy_file_entry_get_id (policy_file_entry);
+ id = polkit_action_description_get_id (action_description);
if (!kit_str_has_prefix (id, prefix) ||
strchr (id + strlen (prefix), '.') != NULL) {
printf ("WARNING: The action %s does not\n"
@@ -80,7 +79,6 @@ entry_foreach_cb (PolKitPolicyFile *policy_file,
static polkit_bool_t
validate_file (const char *file)
{
- PolKitPolicyFile *policy_file;
PolKitError *error;
char *prefix;
polkit_bool_t ret;
@@ -88,7 +86,6 @@ validate_file (const char *file)
ret = FALSE;
prefix = NULL;
- policy_file = NULL;
if (!kit_str_has_suffix (file, ".policy")) {
printf ("%s doesn't have a .policy suffix\n", file);
@@ -105,14 +102,13 @@ validate_file (const char *file)
prefix [strlen (prefix) - 6] = '\0';
error = NULL;
- policy_file = polkit_policy_file_new (file, TRUE, &error);
- if (policy_file == NULL) {
+ warned = FALSE;
+ polkit_action_description_get_from_file (file, entry_foreach_cb, prefix, &error);
+ if (polkit_error_is_set (error)) {
printf ("%s did not validate: %s\n", file, polkit_error_get_error_message (error));
polkit_error_free (error);
goto out;
}
- warned = FALSE;
- polkit_policy_file_entry_foreach (policy_file, entry_foreach_cb, prefix);
if (warned) {
goto out;
}
@@ -120,8 +116,6 @@ validate_file (const char *file)
ret = TRUE;
out:
kit_free (prefix);
- if (policy_file != NULL)
- polkit_policy_file_unref (policy_file);
return ret;
}
More information about the hal-commit
mailing list