PolicyKit: Branch 'gdbus'
David Zeuthen
david at kemper.freedesktop.org
Tue Aug 3 11:12:23 PDT 2010
docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml | 53 -
docs/polkit/polkit-1-sections.txt | 11
src/polkit/polkitauthority.c | 200 ----
src/polkit/polkitauthority.h | 30
src/polkit/polkitauthorizationresult.c | 26
src/polkit/polkitauthorizationresult.h | 1
src/polkitbackend/polkitbackendauthority.c | 190 ---
src/polkitbackend/polkitbackendauthority.h | 44
src/polkitbackend/polkitbackendlocalauthority.c | 500 ----------
9 files changed, 5 insertions(+), 1050 deletions(-)
New commits:
commit 7491b69e86cf7cb813c956307a96f246b386b16c
Author: David Zeuthen <davidz at redhat.com>
Date: Tue Aug 3 14:10:12 2010 -0400
Remove Lock Down functionality
This is better implemented as a separate set of extension to the local
authority. The only current known user, PolkitLockButton, will be
ported away from using these interfaces.
Since polkit still hasn't reached 1.0 this removal of functionality is
OK especially since the NEWS file has already wanred something like
this may happen.
Signed-off-by: David Zeuthen <davidz at redhat.com>
diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml
index 8b76fa2..cb9da6b 100644
--- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml
+++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml
@@ -42,8 +42,6 @@ Structure <link linkend="eggdbus-struct-TemporaryAuthorization">TemporaryAuth
OUT Array<<link linkend="eggdbus-struct-TemporaryAuthorization">TemporaryAuthorization</link>> temporary_authorizations)
<link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.RevokeTemporaryAuthorizations">RevokeTemporaryAuthorizations</link> (IN <link linkend="eggdbus-struct-Subject">Subject</link> subject)
<link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.RevokeTemporaryAuthorizationById">RevokeTemporaryAuthorizationById</link> (IN String id)
-<link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AddLockdownForAction">AddLockdownForAction</link> (IN String action_id)
-<link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.RemoveLockdownForAction">RemoveLockdownForAction</link> (IN String action_id)
</synopsis>
</refsynopsisdiv>
<refsect1 role="signal_proto" id="eggdbus-if-signals-org.freedesktop.PolicyKit1.Authority">
@@ -232,8 +230,7 @@ The passed <parameter>cancellation_id</parameter> is already in use.
<programlisting>
{
None = 0x00000000,
- TemporaryAuthorization = 0x00000001,
- Lockdown = 0x00000002
+ TemporaryAuthorization = 0x00000001
}
</programlisting>
<para>
@@ -256,14 +253,6 @@ The authority supports temporary authorizations that can be obtained through aut
</para>
</listitem>
</varlistentry>
- <varlistentry id="eggdbus-constant-AuthorityFeatures.Lockdown" role="constant">
- <term><literal>Lockdown</literal></term>
- <listitem>
- <para>
-The authority supports the <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AddLockdownForAction">AddLockdownForAction()</link> and <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.RemoveLockdownForAction">RemoveLockdownForAction()</link> methods.
- </para>
- </listitem>
- </varlistentry>
</variablelist>
</para>
</refsect2>
@@ -472,7 +461,7 @@ TRUE if the given <link linkend="eggdbus-struct-Subject">Subject</link> could be
<term><literal>Dict<String,String> <structfield>details</structfield></literal></term>
<listitem>
<para>
-Details for the result or empty if not authorized. Known key/value-pairs include <literal>polkit.temporary_authorization_id</literal> (if the authorization is temporary, this is set to the opaque temporary authorization id), <literal>polkit.retains_authorization_after_challenge</literal> (Set to a non-empty string if the authorization will be retained after authentication (if is_challenge is TRUE)) and <literal>polkit.lockdown</literal> (set to a non-empty string if the action is locked down).
+Details for the result or empty if not authorized. Known key/value-pairs include <literal>polkit.temporary_authorization_id</literal> (if the authorization is temporary, this is set to the opaque temporary authorization id), <literal>polkit.retains_authorization_after_challenge</literal> (Set to a non-empty string if the authorization will be retained after authentication (if is_challenge is TRUE)).
</para>
</listitem>
</varlistentry>
@@ -811,44 +800,6 @@ The opaque identifier of the temporary authorization.
</varlistentry>
</variablelist>
</refsect2>
- <refsect2 role="function" id="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AddLockdownForAction">
- <title>AddLockdownForAction ()</title>
- <programlisting>
-AddLockdownForAction (IN String action_id)
- </programlisting>
- <para>
-Locks down an action so administrator authentication is always needed to obtain a temporary authorization for the action.
- </para>
-<variablelist role="params">
- <varlistentry>
- <term><literal>IN String <parameter>action_id</parameter></literal>:</term>
- <listitem>
- <para>
-Identifier for the action.
- </para>
- </listitem>
- </varlistentry>
-</variablelist>
- </refsect2>
- <refsect2 role="function" id="eggdbus-method-org.freedesktop.PolicyKit1.Authority.RemoveLockdownForAction">
- <title>RemoveLockdownForAction ()</title>
- <programlisting>
-RemoveLockdownForAction (IN String action_id)
- </programlisting>
- <para>
-Removes the effect of a previous <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AddLockdownForAction">AddLockdownForAction()</link> call.
- </para>
-<variablelist role="params">
- <varlistentry>
- <term><literal>IN String <parameter>action_id</parameter></literal>:</term>
- <listitem>
- <para>
-Identifier for the action.
- </para>
- </listitem>
- </varlistentry>
-</variablelist>
- </refsect2>
</refsect1>
<refsect1 role="signals" id="eggdbus-if-signal-details-org.freedesktop.PolicyKit1.Authority">
<title role="signals.title">Signal Details</title>
diff --git a/docs/polkit/polkit-1-sections.txt b/docs/polkit/polkit-1-sections.txt
index 999abb2..b1b71cc 100644
--- a/docs/polkit/polkit-1-sections.txt
+++ b/docs/polkit/polkit-1-sections.txt
@@ -42,10 +42,6 @@ polkit_authority_revoke_temporary_authorizations
polkit_authority_revoke_temporary_authorizations_finish
polkit_authority_revoke_temporary_authorization_by_id
polkit_authority_revoke_temporary_authorization_by_id_finish
-polkit_authority_add_lockdown_for_action
-polkit_authority_add_lockdown_for_action_finish
-polkit_authority_remove_lockdown_for_action
-polkit_authority_remove_lockdown_for_action_finish
polkit_authority_check_authorization_sync
polkit_authority_enumerate_actions_sync
polkit_authority_register_authentication_agent_sync
@@ -54,8 +50,6 @@ polkit_authority_authentication_agent_response_sync
polkit_authority_enumerate_temporary_authorizations_sync
polkit_authority_revoke_temporary_authorizations_sync
polkit_authority_revoke_temporary_authorization_by_id_sync
-polkit_authority_add_lockdown_for_action_sync
-polkit_authority_remove_lockdown_for_action_sync
<SUBSECTION Standard>
PolkitAuthorityClass
POLKIT_AUTHORITY
@@ -75,7 +69,6 @@ polkit_authorization_result_get_is_authorized
polkit_authorization_result_get_is_challenge
polkit_authorization_result_get_retains_authorization
polkit_authorization_result_get_temporary_authorization_id
-polkit_authorization_result_get_locked_down
polkit_authorization_result_get_details
<SUBSECTION Standard>
PolkitAuthorizationResultClass
@@ -288,10 +281,6 @@ polkit_backend_authority_enumerate_actions
polkit_backend_authority_system_bus_name_owner_changed
polkit_backend_authority_enumerate_temporary_authorizations
polkit_backend_authority_revoke_temporary_authorizations
-polkit_backend_authority_add_lockdown_for_action
-polkit_backend_authority_add_lockdown_for_action_finish
-polkit_backend_authority_remove_lockdown_for_action
-polkit_backend_authority_remove_lockdown_for_action_finish
polkit_backend_authority_get
polkit_backend_authority_register
polkit_backend_authority_unregister
diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c
index 8edbfa3..f16b29c 100644
--- a/src/polkit/polkitauthority.c
+++ b/src/polkit/polkitauthority.c
@@ -1383,206 +1383,6 @@ polkit_authority_revoke_temporary_authorization_by_id_sync (PolkitAuthority
/* ---------------------------------------------------------------------------------------------------- */
/**
- * polkit_authority_add_lockdown_for_action:
- * @authority: A #PolkitAuthority.
- * @action_id: The identifier for the action.
- * @cancellable: A #GCancellable or %NULL.
- * @callback: A #GAsyncReadyCallback to call when the request is satisfied.
- * @user_data: The data to pass to @callback.
- *
- * Locks down the action identified by @action_id.
- *
- * When the operation is finished, @callback will be invoked. You can then
- * call polkit_authority_add_lockdown_for_action_finish() to get the result of
- * the operation.
- */
-void
-polkit_authority_add_lockdown_for_action (PolkitAuthority *authority,
- const gchar *action_id,
- GCancellable *cancellable,
- GAsyncReadyCallback callback,
- gpointer user_data)
-{
- g_dbus_proxy_call (authority->proxy,
- "AddLockdownForAction",
- g_variant_new ("(s)",
- action_id),
- G_DBUS_CALL_FLAGS_NONE,
- -1,
- cancellable,
- generic_async_cb,
- g_simple_async_result_new (G_OBJECT (authority),
- callback,
- user_data,
- polkit_authority_add_lockdown_for_action));
-}
-
-/**
- * polkit_authority_add_lockdown_for_action_finish:
- * @authority: A #PolkitAuthority.
- * @res: A #GAsyncResult obtained from the callback.
- * @error: Return location for error or %NULL.
- *
- * Finishes locking down an action.
- *
- * Returns: %TRUE if the action was locked down, %FALSE if error is set.
- **/
-gboolean
-polkit_authority_add_lockdown_for_action_finish (PolkitAuthority *authority,
- GAsyncResult *res,
- GError **error)
-{
- gboolean ret;
- GVariant *value;
- GAsyncResult *_res;
-
- ret = FALSE;
-
- g_warn_if_fail (g_simple_async_result_get_source_tag (G_SIMPLE_ASYNC_RESULT (res)) == polkit_authority_add_lockdown_for_action);
- _res = G_ASYNC_RESULT (g_simple_async_result_get_op_res_gpointer (G_SIMPLE_ASYNC_RESULT (res)));
-
- value = g_dbus_proxy_call_finish (authority->proxy, _res, error);
- if (value == NULL)
- goto out;
- ret = TRUE;
- g_variant_unref (value);
-
- out:
- return ret;
-}
-
-/**
- * polkit_authority_add_lockdown_for_action_sync:
- * @authority: A #PolkitAuthority.
- * @action_id: The identifier for the action.
- * @cancellable: A #GCancellable or %NULL.
- * @error: Return location for error or %NULL.
- *
- * Synchronously locks down an action.
- *
- * Returns: %TRUE if the action was locked down, %FALSE if error is set.
- **/
-gboolean
-polkit_authority_add_lockdown_for_action_sync (PolkitAuthority *authority,
- const gchar *action_id,
- GCancellable *cancellable,
- GError **error)
-{
- gboolean ret;
- CallSyncData *data;
-
- data = call_sync_new ();
- polkit_authority_add_lockdown_for_action (authority, action_id, cancellable, call_sync_cb, data);
- call_sync_block (data);
- ret = polkit_authority_add_lockdown_for_action_finish (authority, data->res, error);
- call_sync_free (data);
-
- return ret;
-}
-
-/* ---------------------------------------------------------------------------------------------------- */
-
-/**
- * polkit_authority_remove_lockdown_for_action:
- * @authority: A #PolkitAuthority.
- * @action_id: The identifier for the action.
- * @cancellable: A #GCancellable or %NULL.
- * @callback: A #GAsyncReadyCallback to call when the request is satisfied.
- * @user_data: The data to pass to @callback.
- *
- * Removes locks down the action identified by @action_id.
- *
- * When the operation is finished, @callback will be invoked. You can then
- * call polkit_authority_remove_lockdown_for_action_finish() to get the result of
- * the operation.
- */
-void
-polkit_authority_remove_lockdown_for_action (PolkitAuthority *authority,
- const gchar *action_id,
- GCancellable *cancellable,
- GAsyncReadyCallback callback,
- gpointer user_data)
-{
- g_dbus_proxy_call (authority->proxy,
- "RemoveLockdownForAction",
- g_variant_new ("(s)",
- action_id),
- G_DBUS_CALL_FLAGS_NONE,
- -1,
- cancellable,
- generic_async_cb,
- g_simple_async_result_new (G_OBJECT (authority),
- callback,
- user_data,
- polkit_authority_remove_lockdown_for_action));
-}
-
-/**
- * polkit_authority_remove_lockdown_for_action_finish:
- * @authority: A #PolkitAuthority.
- * @res: A #GAsyncResult obtained from the callback.
- * @error: Return location for error or %NULL.
- *
- * Finishes removing lock down for an action.
- *
- * Returns: %TRUE if the action was locked down, %FALSE if error is set.
- **/
-gboolean
-polkit_authority_remove_lockdown_for_action_finish (PolkitAuthority *authority,
- GAsyncResult *res,
- GError **error)
-{
- gboolean ret;
- GVariant *value;
- GAsyncResult *_res;
-
- ret = FALSE;
-
- g_warn_if_fail (g_simple_async_result_get_source_tag (G_SIMPLE_ASYNC_RESULT (res)) == polkit_authority_remove_lockdown_for_action);
- _res = G_ASYNC_RESULT (g_simple_async_result_get_op_res_gpointer (G_SIMPLE_ASYNC_RESULT (res)));
-
- value = g_dbus_proxy_call_finish (authority->proxy, _res, error);
- if (value == NULL)
- goto out;
- ret = TRUE;
- g_variant_unref (value);
-
- out:
- return ret;
-}
-
-/**
- * polkit_authority_remove_lockdown_for_action_sync:
- * @authority: A #PolkitAuthority.
- * @action_id: The identifier for the action.
- * @cancellable: A #GCancellable or %NULL.
- * @error: Return location for error or %NULL.
- *
- * Synchronously removes lock down for an action.
- *
- * Returns: %TRUE if the action was locked down, %FALSE if error is set.
- **/
-gboolean
-polkit_authority_remove_lockdown_for_action_sync (PolkitAuthority *authority,
- const gchar *action_id,
- GCancellable *cancellable,
- GError **error)
-{
- gboolean ret;
- CallSyncData *data;
-
- data = call_sync_new ();
- polkit_authority_remove_lockdown_for_action (authority, action_id, cancellable, call_sync_cb, data);
- call_sync_block (data);
- ret = polkit_authority_remove_lockdown_for_action_finish (authority, data->res, error);
- call_sync_free (data);
-
- return ret;
-}
-
-/* ---------------------------------------------------------------------------------------------------- */
-
-/**
* polkit_authority_get_owner:
* @authority: A #PolkitAuthority.
*
diff --git a/src/polkit/polkitauthority.h b/src/polkit/polkitauthority.h
index 4140ff8..0556b34 100644
--- a/src/polkit/polkitauthority.h
+++ b/src/polkit/polkitauthority.h
@@ -110,16 +110,6 @@ gboolean polkit_authority_revoke_temporary_authorization_by_id
GCancellable *cancellable,
GError **error);
-gboolean polkit_authority_add_lockdown_for_action_sync (PolkitAuthority *authority,
- const gchar *action_id,
- GCancellable *cancellable,
- GError **error);
-
-gboolean polkit_authority_remove_lockdown_for_action_sync (PolkitAuthority *authority,
- const gchar *action_id,
- GCancellable *cancellable,
- GError **error);
-
/* ---------------------------------------------------------------------------------------------------- */
void polkit_authority_enumerate_actions (PolkitAuthority *authority,
@@ -208,26 +198,6 @@ gboolean polkit_authority_revoke_temporary_authorization_by_id
GAsyncResult *res,
GError **error);
-void polkit_authority_add_lockdown_for_action (PolkitAuthority *authority,
- const gchar *action_id,
- GCancellable *cancellable,
- GAsyncReadyCallback callback,
- gpointer user_data);
-
-gboolean polkit_authority_add_lockdown_for_action_finish (PolkitAuthority *authority,
- GAsyncResult *res,
- GError **error);
-
-void polkit_authority_remove_lockdown_for_action (PolkitAuthority *authority,
- const gchar *action_id,
- GCancellable *cancellable,
- GAsyncReadyCallback callback,
- gpointer user_data);
-
-gboolean polkit_authority_remove_lockdown_for_action_finish (PolkitAuthority *authority,
- GAsyncResult *res,
- GError **error);
-
/* ---------------------------------------------------------------------------------------------------- */
G_END_DECLS
diff --git a/src/polkit/polkitauthorizationresult.c b/src/polkit/polkitauthorizationresult.c
index 5bc1065..e027008 100644
--- a/src/polkit/polkitauthorizationresult.c
+++ b/src/polkit/polkitauthorizationresult.c
@@ -227,32 +227,6 @@ polkit_authorization_result_get_temporary_authorization_id (PolkitAuthorizationR
return ret;
}
-/**
- * polkit_authorization_result_get_locked_down:
- * @result: A #PolkitAuthorizationResult.
- *
- * Gets whether the action is locked down via
- * e.g. polkit_authority_add_lockdown_for_action().
- *
- * This method simply reads the value of the key/value pair in @details with the
- * key <literal>polkit.lockdown</literal>.
- *
- * Returns: %TRUE if the action for the authorization is locked down.
- */
-gboolean
-polkit_authorization_result_get_locked_down (PolkitAuthorizationResult *result)
-{
- gboolean ret;
- PolkitDetails *details;
-
- ret = FALSE;
- details = polkit_authorization_result_get_details (result);
- if (details != NULL && polkit_details_lookup (details, "polkit.lockdown") != NULL)
- ret = TRUE;
-
- return ret;
-}
-
PolkitAuthorizationResult *
polkit_authorization_result_new_for_gvariant (GVariant *value)
{
diff --git a/src/polkit/polkitauthorizationresult.h b/src/polkit/polkitauthorizationresult.h
index 5a66885..ea479fe 100644
--- a/src/polkit/polkitauthorizationresult.h
+++ b/src/polkit/polkitauthorizationresult.h
@@ -52,7 +52,6 @@ gboolean polkit_authorization_result_get_is_authorized (P
gboolean polkit_authorization_result_get_is_challenge (PolkitAuthorizationResult *result);
gboolean polkit_authorization_result_get_retains_authorization (PolkitAuthorizationResult *result);
const gchar *polkit_authorization_result_get_temporary_authorization_id (PolkitAuthorizationResult *result);
-gboolean polkit_authorization_result_get_locked_down (PolkitAuthorizationResult *result);
/* ---------------------------------------------------------------------------------------------------- */
diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c
index 33c800f..28a77ba 100644
--- a/src/polkitbackend/polkitbackendauthority.c
+++ b/src/polkitbackend/polkitbackendauthority.c
@@ -498,154 +498,6 @@ polkit_backend_authority_revoke_temporary_authorization_by_id (PolkitBackendAuth
}
}
-/**
- * polkit_backend_authority_add_lockdown_for_action:
- * @authority: A #PolkitBackendAuthority.
- * @caller: The system bus name that called the method.
- * @action_id: The action id.
- * @callback: A #GAsyncReadyCallback to call when the request is satisfied.
- * @user_data: The data to pass to @callback.
- *
- * Asynchronously add locks down for @action_id.
- *
- * When the operation is finished, @callback will be invoked. You can
- * then call polkit_backend_authority_add_lockdown_for_action_finish()
- * to get the result of the operation.
- */
-void
-polkit_backend_authority_add_lockdown_for_action (PolkitBackendAuthority *authority,
- PolkitSubject *caller,
- const gchar *action_id,
- GAsyncReadyCallback callback,
- gpointer user_data)
-{
- PolkitBackendAuthorityClass *klass;
-
- klass = POLKIT_BACKEND_AUTHORITY_GET_CLASS (authority);
-
- if (klass->add_lockdown_for_action == NULL)
- {
- GSimpleAsyncResult *simple;
-
- simple = g_simple_async_result_new_error (G_OBJECT (authority),
- callback,
- user_data,
- POLKIT_ERROR,
- POLKIT_ERROR_NOT_SUPPORTED,
- "Operation not supported");
- g_simple_async_result_complete (simple);
- g_object_unref (simple);
- }
- else
- {
- klass->add_lockdown_for_action (authority, caller, action_id, callback, user_data);
- }
-}
-
-/**
- * polkit_backend_authority_add_lockdown_for_action_finish:
- * @authority: A #PolkitBackendAuthority.
- * @res: A #GAsyncResult obtained from the callback.
- * @error: Return location for error or %NULL.
- *
- * Finishes adding lock down for an action.
- *
- * Returns: %TRUE if the operation succeeded or, %FALE if @error is set.
- */
-gboolean
-polkit_backend_authority_add_lockdown_for_action_finish (PolkitBackendAuthority *authority,
- GAsyncResult *res,
- GError **error)
-{
- PolkitBackendAuthorityClass *klass;
-
- klass = POLKIT_BACKEND_AUTHORITY_GET_CLASS (authority);
-
- if (klass->add_lockdown_for_action_finish == NULL)
- {
- g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (res), error);
- return FALSE;
- }
- else
- {
- return klass->add_lockdown_for_action_finish (authority, res, error);
- }
-}
-
-/**
- * polkit_backend_authority_remove_lockdown_for_action:
- * @authority: A #PolkitBackendAuthority.
- * @caller: The system bus name that called the method.
- * @action_id: The action id.
- * @callback: A #GAsyncReadyCallback to call when the request is satisfied.
- * @user_data: The data to pass to @callback.
- *
- * Asynchronously remove locks down for @action_id.
- *
- * When the operation is finished, @callback will be invoked. You can
- * then call polkit_backend_authority_remove_lockdown_for_action_finish()
- * to get the result of the operation.
- */
-void
-polkit_backend_authority_remove_lockdown_for_action (PolkitBackendAuthority *authority,
- PolkitSubject *caller,
- const gchar *action_id,
- GAsyncReadyCallback callback,
- gpointer user_data)
-{
- PolkitBackendAuthorityClass *klass;
-
- klass = POLKIT_BACKEND_AUTHORITY_GET_CLASS (authority);
-
- if (klass->remove_lockdown_for_action == NULL)
- {
- GSimpleAsyncResult *simple;
-
- simple = g_simple_async_result_new_error (G_OBJECT (authority),
- callback,
- user_data,
- POLKIT_ERROR,
- POLKIT_ERROR_NOT_SUPPORTED,
- "Operation not supported");
- g_simple_async_result_complete (simple);
- g_object_unref (simple);
- }
- else
- {
- klass->remove_lockdown_for_action (authority, caller, action_id, callback, user_data);
- }
-}
-
-/**
- * polkit_backend_authority_remove_lockdown_for_action_finish:
- * @authority: A #PolkitBackendAuthority.
- * @res: A #GAsyncResult obtained from the callback.
- * @error: Return location for error or %NULL.
- *
- * Finishes removing lock down for an action.
- *
- * Returns: %TRUE if the operation succeeded or, %FALE if @error is set.
- */
-gboolean
-polkit_backend_authority_remove_lockdown_for_action_finish (PolkitBackendAuthority *authority,
- GAsyncResult *res,
- GError **error)
-{
- PolkitBackendAuthorityClass *klass;
-
- klass = POLKIT_BACKEND_AUTHORITY_GET_CLASS (authority);
-
- if (klass->remove_lockdown_for_action_finish == NULL)
- {
- g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (res), error);
- return FALSE;
- }
- else
- {
- return klass->remove_lockdown_for_action_finish (authority, res, error);
- }
-}
-
/* ---------------------------------------------------------------------------------------------------- */
typedef struct
@@ -758,12 +610,6 @@ static const gchar *server_introspection_data =
" <method name='RevokeTemporaryAuthorizationById'>"
" <arg type='s' name='id' direction='in'/>"
" </method>"
- " <method name='AddLockdownForAction'>"
- " <arg type='s' name='action_id' direction='in'/>"
- " </method>"
- " <method name='RemoveLockdownForAction'>"
- " <arg type='s' name='action_id' direction='in'/>"
- " </method>"
" <signal name='Changed'/>"
" <property type='s' name='BackendName' access='read'/>"
" <property type='s' name='BackendVersion' access='read'/>"
@@ -1280,7 +1126,7 @@ server_handle_revoke_temporary_authorization_by_id (Server *serv
const gchar *id;
g_variant_get (parameters,
- "(@s)",
+ "(&s)",
&id);
error = NULL;
@@ -1303,36 +1149,6 @@ server_handle_revoke_temporary_authorization_by_id (Server *serv
/* ---------------------------------------------------------------------------------------------------- */
static void
-server_handle_add_lockdown_for_action (Server *server,
- GVariant *parameters,
- PolkitSubject *caller,
- GDBusMethodInvocation *invocation)
-{
- /* TODO: probably want to nuke this method so don't implement now */
- g_dbus_method_invocation_return_error (invocation,
- POLKIT_ERROR,
- POLKIT_ERROR_NOT_SUPPORTED,
- "Operation is not supported");
-}
-
-/* ---------------------------------------------------------------------------------------------------- */
-
-static void
-server_handle_remove_lockdown_for_action (Server *server,
- GVariant *parameters,
- PolkitSubject *caller,
- GDBusMethodInvocation *invocation)
-{
- /* TODO: probably want to nuke this method so don't implement now */
- g_dbus_method_invocation_return_error (invocation,
- POLKIT_ERROR,
- POLKIT_ERROR_NOT_SUPPORTED,
- "Operation is not supported");
-}
-
-/* ---------------------------------------------------------------------------------------------------- */
-
-static void
server_handle_method_call (GDBusConnection *connection,
const gchar *sender,
const gchar *object_path,
@@ -1365,10 +1181,6 @@ server_handle_method_call (GDBusConnection *connection,
server_handle_revoke_temporary_authorizations (server, parameters, caller, invocation);
else if (g_strcmp0 (method_name, "RevokeTemporaryAuthorizationById") == 0)
server_handle_revoke_temporary_authorization_by_id (server, parameters, caller, invocation);
- else if (g_strcmp0 (method_name, "AddLockdownForAction") == 0)
- server_handle_add_lockdown_for_action (server, parameters, caller, invocation);
- else if (g_strcmp0 (method_name, "RemoveLockdownForAction") == 0)
- server_handle_remove_lockdown_for_action (server, parameters, caller, invocation);
else
g_assert_not_reached ();
diff --git a/src/polkitbackend/polkitbackendauthority.h b/src/polkitbackend/polkitbackendauthority.h
index 626c4a5..e6a8104 100644
--- a/src/polkitbackend/polkitbackendauthority.h
+++ b/src/polkitbackend/polkitbackendauthority.h
@@ -98,10 +98,6 @@ struct _PolkitBackendAuthority
* authorization identified by id or %NULL if the backend doesn't support
* the operation. See polkit_backend_authority_revoke_temporary_authorization_by_id()
* for details.
- * @add_lockdown_for_action: Called to add lock down for an action. See polkit_backend_authority_add_lockdown_for_action() for details. Can be %NULL if not supported by the backend.
- * @add_lockdown_for_action_finish: Called to finish adding lock down for an an action. See polkit_backend_authority_add_lockdown_for_action_finish() for details. Can be %NULL if not supported by the backend.
- * @remove_lockdown_for_action: Called when removing lock down for an action. See polkit_backend_authority_remove_lockdown_for_action() for details. Can be %NULL if not supported by the backend.
- * @remove_lockdown_for_action_finish: Called to finish removing lock down for an action. See polkit_backend_authority_remove_lockdown_for_action_finish() for details. Can be %NULL if not supported by the backend.
* @system_bus_name_owner_changed: temporary VFunc, to be removed before API is declared stable.
*
* VFuncs that authority backends need to implement.
@@ -173,26 +169,6 @@ struct _PolkitBackendAuthorityClass
const gchar *id,
GError **error);
- void (*add_lockdown_for_action) (PolkitBackendAuthority *authority,
- PolkitSubject *caller,
- const gchar *action_id,
- GAsyncReadyCallback callback,
- gpointer user_data);
-
- gboolean (*add_lockdown_for_action_finish) (PolkitBackendAuthority *authority,
- GAsyncResult *res,
- GError **error);
-
- void (*remove_lockdown_for_action) (PolkitBackendAuthority *authority,
- PolkitSubject *caller,
- const gchar *action_id,
- GAsyncReadyCallback callback,
- gpointer user_data);
-
- gboolean (*remove_lockdown_for_action_finish) (PolkitBackendAuthority *authority,
- GAsyncResult *res,
- GError **error);
-
/* TODO: need something more efficient such that we don't watch all name changes */
void (*system_bus_name_owner_changed) (PolkitBackendAuthority *authority,
const gchar *name,
@@ -305,26 +281,6 @@ gboolean polkit_backend_authority_revoke_temporary_authorization_by_id (PolkitBa
const gchar *id,
GError **error);
-void polkit_backend_authority_add_lockdown_for_action (PolkitBackendAuthority *authority,
- PolkitSubject *caller,
- const gchar *action_id,
- GAsyncReadyCallback callback,
- gpointer user_data);
-
-gboolean polkit_backend_authority_add_lockdown_for_action_finish (PolkitBackendAuthority *authority,
- GAsyncResult *res,
- GError **error);
-
-void polkit_backend_authority_remove_lockdown_for_action (PolkitBackendAuthority *authority,
- PolkitSubject *caller,
- const gchar *action_id,
- GAsyncReadyCallback callback,
- gpointer user_data);
-
-gboolean polkit_backend_authority_remove_lockdown_for_action_finish (PolkitBackendAuthority *authority,
- GAsyncResult *res,
- GError **error);
-
/* --- */
PolkitBackendAuthority *polkit_backend_authority_get (void);
diff --git a/src/polkitbackend/polkitbackendlocalauthority.c b/src/polkitbackend/polkitbackendlocalauthority.c
index 737b7d2..7af6d4f 100644
--- a/src/polkitbackend/polkitbackendlocalauthority.c
+++ b/src/polkitbackend/polkitbackendlocalauthority.c
@@ -45,8 +45,7 @@
* An implementation of #PolkitBackendAuthority that stores
* authorizations on the local file system, supports interaction with
* authentication agents (virtue of being based on
- * #PolkitBackendInteractiveAuthority), and implements support for
- * lock down.
+ * #PolkitBackendInteractiveAuthority).
*/
/* ---------------------------------------------------------------------------------------------------- */
@@ -56,8 +55,6 @@ static GList *get_users_in_group (PolkitIdentity *group,
static GList *get_groups_for_user (PolkitIdentity *user);
-static void register_extensions (void);
-
/* ---------------------------------------------------------------------------------------------------- */
typedef struct
@@ -92,27 +89,6 @@ static PolkitImplicitAuthorization polkit_backend_local_authority_check_authoriz
PolkitImplicitAuthorization implicit,
PolkitDetails *out_details);
-static void polkit_backend_local_authority_add_lockdown_for_action (PolkitBackendAuthority *authority,
- PolkitSubject *caller,
- const gchar *action_id,
- GAsyncReadyCallback callback,
- gpointer user_data);
-
-static gboolean polkit_backend_local_authority_add_lockdown_for_action_finish (PolkitBackendAuthority *authority,
- GAsyncResult *res,
- GError **error);
-
-static void polkit_backend_local_authority_remove_lockdown_for_action (PolkitBackendAuthority *authority,
- PolkitSubject *caller,
- const gchar *action_id,
- GAsyncReadyCallback callback,
- gpointer user_data);
-
-static gboolean polkit_backend_local_authority_remove_lockdown_for_action_finish (PolkitBackendAuthority *authority,
- GAsyncResult *res,
- GError **error);
-
-
G_DEFINE_TYPE_WITH_CODE (PolkitBackendLocalAuthority,
polkit_backend_local_authority,
POLKIT_BACKEND_TYPE_INTERACTIVE_AUTHORITY,
@@ -393,7 +369,7 @@ polkit_backend_local_authority_get_version (PolkitBackendAuthority *authority)
static PolkitAuthorityFeatures
polkit_backend_local_authority_get_features (PolkitBackendAuthority *authority)
{
- return POLKIT_AUTHORITY_FEATURES_TEMPORARY_AUTHORIZATION | POLKIT_AUTHORITY_FEATURES_LOCKDOWN;
+ return POLKIT_AUTHORITY_FEATURES_TEMPORARY_AUTHORIZATION;
}
static void
@@ -411,16 +387,10 @@ polkit_backend_local_authority_class_init (PolkitBackendLocalAuthorityClass *kla
authority_class->get_name = polkit_backend_local_authority_get_name;
authority_class->get_version = polkit_backend_local_authority_get_version;
authority_class->get_features = polkit_backend_local_authority_get_features;
- authority_class->add_lockdown_for_action = polkit_backend_local_authority_add_lockdown_for_action;
- authority_class->add_lockdown_for_action_finish = polkit_backend_local_authority_add_lockdown_for_action_finish;
- authority_class->remove_lockdown_for_action = polkit_backend_local_authority_remove_lockdown_for_action;
- authority_class->remove_lockdown_for_action_finish = polkit_backend_local_authority_remove_lockdown_for_action_finish;
interactive_authority_class->get_admin_identities = polkit_backend_local_authority_get_admin_auth_identities;
interactive_authority_class->check_authorization_sync = polkit_backend_local_authority_check_authorization_sync;
g_type_class_add_private (klass, sizeof (PolkitBackendLocalAuthorityPrivate));
-
- register_extensions ();
}
static GList *
@@ -693,469 +663,3 @@ get_groups_for_user (PolkitIdentity *user)
}
/* ---------------------------------------------------------------------------------------------------- */
-
-static gchar *
-lockdown_get_filename (const gchar *action_id)
-{
- return g_strdup_printf (PACKAGE_LOCALSTATE_DIR
- "/lib/polkit-1/localauthority/90-mandatory.d/"
- "org.freedesktop.policykit.localauthority.lockdown.action-%s.pkla",
- action_id);
-}
-
-static gboolean
-lockdown_exists (const gchar *action_id)
-{
- gchar *filename;
- gboolean ret;
-
- ret = FALSE;
-
- filename = lockdown_get_filename (action_id);
- if (g_file_test (filename, G_FILE_TEST_IS_REGULAR | G_FILE_TEST_EXISTS))
- ret = TRUE;
- g_free (filename);
-
- return ret;
-}
-
-static gboolean
-lockdown_add (const gchar *action_id,
- GError **error)
-{
- gboolean ret;
- gchar *filename;
- gchar *contents;
-
- ret = FALSE;
-
- filename = lockdown_get_filename (action_id);
- contents = g_strdup_printf ("# Added by pklalockdown(1)\n"
- "#\n"
- "[Lockdown]\n"
- "Identity=unix-user:*\n"
- "Action=%s\n"
- "ResultAny=no\n"
- "ResultInactive=no\n"
- "ResultActive=auth_admin_keep\n"
- "ReturnValue=polkit.lockdown=1",
- action_id);
- if (!g_file_set_contents (filename,
- contents,
- -1,
- error))
- goto out;
-
- ret = TRUE;
-
- out:
- g_free (filename);
- g_free (contents);
- return ret;
-}
-
-static gboolean
-lockdown_remove (const gchar *action_id,
- GError **error)
-{
- gboolean ret;
- gchar *filename;
-
- ret = FALSE;
-
- filename = lockdown_get_filename (action_id);
- if (g_unlink (filename) != 0)
- {
- g_set_error (error,
- POLKIT_ERROR,
- POLKIT_ERROR_FAILED,
- "Cannot unlink file %s: %s\n",
- filename,
- g_strerror (errno));
- goto out;
- }
-
- ret = TRUE;
-
- out:
- g_free (filename);
- return ret;
-}
-
-/* ---------------------------------------------------------------------------------------------------- */
-
-static void
-add_lockdown_check_auth_cb (PolkitBackendAuthority *authority,
- GAsyncResult *res,
- gpointer user_data)
-{
- GSimpleAsyncResult *simple = G_SIMPLE_ASYNC_RESULT (user_data);
- PolkitAuthorizationResult *result;
- GError *error;
-
- result = polkit_backend_authority_check_authorization_finish (authority,
- res,
- &error);
- if (result == NULL)
- {
- g_simple_async_result_set_from_error (simple, error);
- g_error_free (error);
- }
- else
- {
- if (polkit_authorization_result_get_is_authorized (result))
- {
- const gchar *action_id;
-
- action_id = g_object_get_data (G_OBJECT (simple), "lock-down-action-id");
-
- if (lockdown_exists (action_id))
- {
- g_simple_async_result_set_error (simple,
- POLKIT_ERROR,
- POLKIT_ERROR_FAILED,
- "Action %s is already locked down",
- action_id);
- }
- else
- {
- GError *error;
-
- error = NULL;
- if (!lockdown_add (action_id, &error))
- {
- g_simple_async_result_set_error (simple,
- POLKIT_ERROR,
- POLKIT_ERROR_FAILED,
- "Error adding lock down for action %s: %s",
- action_id,
- error->message);
- g_error_free (error);
- }
- }
- }
- else
- {
- g_simple_async_result_set_error (simple,
- POLKIT_ERROR,
- POLKIT_ERROR_NOT_AUTHORIZED,
- "Not authorized to add lock down for the requested action");
- }
- g_object_unref (result);
- }
-
- g_simple_async_result_complete (simple);
- g_object_unref (simple);
-}
-
-static void
-polkit_backend_local_authority_add_lockdown_for_action (PolkitBackendAuthority *authority,
- PolkitSubject *caller,
- const gchar *action_id,
- GAsyncReadyCallback callback,
- gpointer user_data)
-{
- GSimpleAsyncResult *simple;
- PolkitDetails *details;
- GCancellable *cancellable;
-
- simple = g_simple_async_result_new (G_OBJECT (authority),
- callback,
- user_data,
- polkit_backend_local_authority_add_lockdown_for_action);
-
- g_object_set_data_full (G_OBJECT (simple), "lock-down-action-id", g_strdup (action_id), g_free);
-
- details = polkit_details_new ();
- polkit_details_insert (details, "action-id", action_id);
- polkit_details_insert (details, "add-lockdown", "1");
-
- cancellable = g_cancellable_new ();
-
- /* first check if caller is authorized for this */
- polkit_backend_authority_check_authorization (POLKIT_BACKEND_AUTHORITY (authority),
- NULL,
- caller,
- "org.freedesktop.policykit.lockdown",
- details,
- POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
- cancellable,
- (GAsyncReadyCallback) add_lockdown_check_auth_cb,
- simple);
-
- g_object_unref (details);
- g_object_unref (cancellable);
-}
-
-static gboolean
-polkit_backend_local_authority_add_lockdown_for_action_finish (PolkitBackendAuthority *authority,
- GAsyncResult *res,
- GError **error)
-{
- GSimpleAsyncResult *simple = G_SIMPLE_ASYNC_RESULT (res);
-
- g_warn_if_fail (g_simple_async_result_get_source_tag (simple) == polkit_backend_local_authority_add_lockdown_for_action);
-
- if (g_simple_async_result_propagate_error (simple, error))
- return FALSE;
-
- return TRUE;
-}
-
-/* ---------------------------------------------------------------------------------------------------- */
-
-static void
-remove_lockdown_check_auth_cb (PolkitBackendAuthority *authority,
- GAsyncResult *res,
- gpointer user_data)
-{
- GSimpleAsyncResult *simple = G_SIMPLE_ASYNC_RESULT (user_data);
- PolkitAuthorizationResult *result;
- GError *error;
-
- result = polkit_backend_authority_check_authorization_finish (authority,
- res,
- &error);
- if (result == NULL)
- {
- g_simple_async_result_set_from_error (simple, error);
- g_error_free (error);
- }
- else
- {
- if (polkit_authorization_result_get_is_authorized (result))
- {
- const gchar *action_id;
-
- action_id = g_object_get_data (G_OBJECT (simple), "lock-down-action-id");
-
- if (!lockdown_exists (action_id))
- {
- g_simple_async_result_set_error (simple,
- POLKIT_ERROR,
- POLKIT_ERROR_FAILED,
- "Action %s is not locked down",
- action_id);
- }
- else
- {
- GError *error;
-
- error = NULL;
- if (!lockdown_remove (action_id, &error))
- {
- g_simple_async_result_set_error (simple,
- POLKIT_ERROR,
- POLKIT_ERROR_FAILED,
- "Error removing lock down for action %s: %s",
- action_id,
- error->message);
- g_error_free (error);
- }
- }
- }
- else
- {
- g_simple_async_result_set_error (simple,
- POLKIT_ERROR,
- POLKIT_ERROR_NOT_AUTHORIZED,
- "Not authorized to remove lock down for the requested action");
- }
- g_object_unref (result);
- }
-
- g_simple_async_result_complete (simple);
- g_object_unref (simple);
-}
-
-static void
-polkit_backend_local_authority_remove_lockdown_for_action (PolkitBackendAuthority *authority,
- PolkitSubject *caller,
- const gchar *action_id,
- GAsyncReadyCallback callback,
- gpointer user_data)
-{
- GSimpleAsyncResult *simple;
- PolkitDetails *details;
- GCancellable *cancellable;
-
- simple = g_simple_async_result_new (G_OBJECT (authority),
- callback,
- user_data,
- polkit_backend_local_authority_remove_lockdown_for_action);
-
- g_object_set_data_full (G_OBJECT (simple), "lock-down-action-id", g_strdup (action_id), g_free);
-
- details = polkit_details_new ();
- polkit_details_insert (details, "action-id", action_id);
- polkit_details_insert (details, "remove-lockdown", "1");
-
- cancellable = g_cancellable_new ();
-
- /* first check if caller is authorized for this */
- polkit_backend_authority_check_authorization (POLKIT_BACKEND_AUTHORITY (authority),
- NULL,
- caller,
- "org.freedesktop.policykit.lockdown",
- details,
- POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
- cancellable,
- (GAsyncReadyCallback) remove_lockdown_check_auth_cb,
- simple);
-
- g_object_unref (details);
- g_object_unref (cancellable);
-}
-
-static gboolean
-polkit_backend_local_authority_remove_lockdown_for_action_finish (PolkitBackendAuthority *authority,
- GAsyncResult *res,
- GError **error)
-{
- GSimpleAsyncResult *simple = G_SIMPLE_ASYNC_RESULT (res);
-
- g_warn_if_fail (g_simple_async_result_get_source_tag (simple) == polkit_backend_local_authority_remove_lockdown_for_action);
-
- if (g_simple_async_result_propagate_error (simple, error))
- return FALSE;
-
- return TRUE;
-}
-
-/* ---------------------------------------------------------------------------------------------------- */
-
-#define PBLA_TYPE_ACTION_LOOKUP (pbla_action_lookup_get_type())
-#define PBLA_ACTION_LOOKUP(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), PBLA_TYPE_ACTION_LOOKUP, PblaActionLookup))
-#define PBLA_ACTION_LOOKUP_CLASS(k) (G_TYPE_CHECK_CLASS_CAST((k), PBLA_TYPE_ACTION_LOOKUP, PblaActionLookupClass))
-#define PBLA_ACTION_LOOKUP_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), PBLA_TYPE_ACTION_LOOKUP, PblaActionLookupClass))
-#define PBLA_IS_ACTION_LOOKUP(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), PBLA_TYPE_ACTION_LOOKUP))
-#define PBLA_IS_ACTION_LOOKUP_CLASS(k) (G_TYPE_CHECK_CLASS_TYPE ((k), PBLA_TYPE_ACTION_LOOKUP))
-
-typedef struct _PblaActionLookup PblaActionLookup;
-typedef struct _PblaActionLookupClass PblaActionLookupClass;
-
-struct _PblaActionLookup
-{
- GObject parent;
-};
-
-struct _PblaActionLookupClass
-{
- GObjectClass parent_class;
-};
-
-GType pbla_action_lookup_get_type (void) G_GNUC_CONST;
-
-static void pbla_action_lookup_iface_init (PolkitBackendActionLookupIface *iface);
-
-
-G_DEFINE_TYPE_EXTENDED (PblaActionLookup,
- pbla_action_lookup,
- G_TYPE_OBJECT,
- 0,
- G_IMPLEMENT_INTERFACE (POLKIT_BACKEND_TYPE_ACTION_LOOKUP,
- pbla_action_lookup_iface_init))
-
-static void
-pbla_action_lookup_init (PblaActionLookup *lookup)
-{
-}
-
-static void
-pbla_action_lookup_class_init (PblaActionLookupClass *klass)
-{
-}
-
-/* ---------------------------------------------------------------------------------------------------- */
-
-static gchar *
-pbla_action_lookup_get_message (PolkitBackendActionLookup *lookup,
- const gchar *action_id,
- PolkitDetails *details,
- PolkitActionDescription *action_description)
-{
- gchar *ret;
- const gchar *s;
-
- ret = NULL;
-
- if (g_strcmp0 (action_id, "org.freedesktop.policykit.lockdown") != 0)
- goto out;
-
- s = polkit_details_lookup (details, "remove-lockdown");
- if (s == NULL)
- {
- ret = g_strdup (_("Authentication is needed to lock down an action"));
- }
- else
- {
- ret = g_strdup (_("Authentication is needed to remove lock down for an action"));
- }
-
- out:
- return ret;
-}
-
-static gchar *
-pbla_action_lookup_get_icon_name (PolkitBackendActionLookup *lookup,
- const gchar *action_id,
- PolkitDetails *details,
- PolkitActionDescription *action_description)
-{
- gchar *ret;
-
- ret = NULL;
-
- /* explicitly left blank for now */
-
- return ret;
-}
-
-static PolkitDetails *
-pbla_action_lookup_get_details (PolkitBackendActionLookup *lookup,
- const gchar *action_id,
- PolkitDetails *details,
- PolkitActionDescription *action_desc)
-{
- PolkitDetails *ret;
- const gchar *s;
- const gchar *s2;
-
- ret = NULL;
-
- if (g_strcmp0 (action_id, "org.freedesktop.policykit.lockdown") != 0)
- goto out;
-
- s = polkit_details_lookup (details, "action-id");
- if (s == NULL)
- goto out;
-
- s2 = polkit_details_lookup (details, "remove-lockdown");
-
- ret = polkit_details_new ();
- if (s2 == NULL)
- polkit_details_insert (ret, _("Action to lock down"), s);
- else
- polkit_details_insert (ret, _("Locked down action"), s);
-
- out:
- return ret;
-}
-
-static void
-pbla_action_lookup_iface_init (PolkitBackendActionLookupIface *iface)
-{
- iface->get_message = pbla_action_lookup_get_message;
- iface->get_icon_name = pbla_action_lookup_get_icon_name;
- iface->get_details = pbla_action_lookup_get_details;
-}
-
-
-static void
-register_extensions (void)
-{
- g_io_extension_point_implement (POLKIT_BACKEND_ACTION_LOOKUP_EXTENSION_POINT_NAME,
- PBLA_TYPE_ACTION_LOOKUP,
- "lockdown action lookup extension " PACKAGE_VERSION,
- 0);
-}
More information about the hal-commit
mailing list