<xi:include href="xml/polkit-policy-file-entry.xml"/>
<xi:include href="xml/polkit-policy-default.xml"/>
<xi:include href="xml/polkit-policy-cache.xml"/>
- <xi:include href="xml/polkit-resource.xml"/>
<xi:include href="xml/polkit-seat.xml"/>
<xi:include href="xml/polkit-session.xml"/>
<xi:include href="xml/polkit-caller.xml"/>
-SUBDIRS = default allow-all deny-all run-program grant
+#SUBDIRS = default allow-all deny-all run-program grant
+SUBDIRS = default grant
polkitconfdir = $(sysconfdir)/PolicyKit
dist_polkitconf_DATA = PolicyKit.conf
}
static PolKitResult
-_module_can_session_access_resource (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitSession *session)
+_module_can_session_do_action (PolKitModuleInterface *module_interface,
+ PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitSession *session)
{
PolKitResult result;
PolKitPolicyCache *cache;
result = POLKIT_RESULT_NO;
cache = polkit_context_get_policy_cache (pk_context);
pfe = polkit_policy_cache_get_entry (cache, action);
- return polkit_policy_default_can_session_access_resource (
- polkit_policy_file_entry_get_default (pfe),
- action,
- resource,
- session);
+ return polkit_policy_default_can_session_do_action (polkit_policy_file_entry_get_default (pfe),
+ action,
+ session);
}
static PolKitResult
-_module_can_caller_access_resource (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitCaller *caller)
+_module_can_caller_do_action (PolKitModuleInterface *module_interface,
+ PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitCaller *caller)
{
PolKitResult result;
PolKitPolicyCache *cache;
result = POLKIT_RESULT_NO;
cache = polkit_context_get_policy_cache (pk_context);
pfe = polkit_policy_cache_get_entry (cache, action);
- return polkit_policy_default_can_caller_access_resource (
- polkit_policy_file_entry_get_default (pfe),
- action,
- resource,
- caller);
+ return polkit_policy_default_can_caller_do_action (polkit_policy_file_entry_get_default (pfe),
+ action,
+ caller);
}
polkit_bool_t
polkit_module_set_func_initialize (module_interface, _module_init);
polkit_module_set_func_shutdown (module_interface, _module_shutdown);
- polkit_module_set_func_can_session_access_resource (module_interface, _module_can_session_access_resource);
- polkit_module_set_func_can_caller_access_resource (module_interface, _module_can_caller_access_resource);
+ polkit_module_set_func_can_session_do_action (module_interface, _module_can_session_do_action);
+ polkit_module_set_func_can_caller_do_action (module_interface, _module_can_caller_do_action);
ret = TRUE;
out:
$(NULL)
-polkit_module_grant_la_SOURCES = polkit-module-grant.c
+polkit_module_grant_la_SOURCES = \
+ $(top_srcdir)/polkit-grant/polkit-grant-database.h $(top_srcdir)/polkit-grant/polkit-grant-database.c \
+ polkit-module-grant.c
+
+
polkit_module_grant_la_LDFLAGS = -no-undefined -module -avoid-version
polkit_module_grant_la_LIBADD = $(top_builddir)/polkit/libpolkit.la @GLIB_LIBS@
static PolKitResult
-_module_can_session_access_resource (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitSession *session)
+_module_can_session_do_action (PolKitModuleInterface *module_interface,
+ PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitSession *session)
{
return POLKIT_RESULT_UNKNOWN_ACTION;
}
static PolKitResult
-_module_can_caller_access_resource (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitCaller *caller)
+_module_can_caller_do_action (PolKitModuleInterface *module_interface,
+ PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitCaller *caller)
{
char *grant_file;
PolKitSession *session;
result = POLKIT_RESULT_UNKNOWN_ACTION;
+#if 0
/* file format:
*
* file: /var/[lib,run]/PolicyKit/grant/<action-name>.grant
if (!polkit_caller_get_uid (caller, &invoking_user_id))
goto out;
- if (resource == NULL)
- goto out;
- if (!polkit_resource_get_resource_type (resource, &resource_type))
- goto out;
- if (!polkit_resource_get_resource_id (resource, &resource_id))
- goto out;
+ if (resource == NULL) {
+ resource_type = "";
+ resource_id = "";
+ } else {
+ if (!polkit_resource_get_resource_type (resource, &resource_type))
+ goto out;
+ if (!polkit_resource_get_resource_id (resource, &resource_id))
+ goto out;
+ }
session_name = NULL;
if (!polkit_caller_get_ck_session (caller, &session))
goto out;
if (!polkit_caller_get_dbus_name (caller, &dbus_name))
goto out;
- if (!polkit_session_get_ck_objref (session, &session_objpath))
- goto out;
+ if (session == NULL) {
+ session_objpath = NULL;
+ session_name = NULL;
+ } else {
+ if (!polkit_session_get_ck_objref (session, &session_objpath))
+ goto out;
+ session_name = g_basename (session_objpath);
+ }
- session_name = g_basename (session_objpath);
resource_str_to_hash = g_strdup_printf ("%s:%s", resource_type, resource_id);
resource_hash = g_str_hash (resource_str_to_hash);
g_free (resource_str_to_hash);
* dbus_<dbusname>_<uid>_<action>_<resource-hash>.grant
*/
+ if (dbus_name == NULL)
+ dbus_name = "";
+
grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit/dbus_%s_%d_%s_%u.grant",
dbus_name, invoking_user_id, action_name, resource_hash);
+
+ fprintf (stdout, "testing for file '%s'\n", grant_file);
+
if (g_file_test (grant_file, G_FILE_TEST_EXISTS)) {
result = POLKIT_RESULT_YES;
g_free (grant_file);
}
g_free (grant_file);
- grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit/session_%s_%d_%s_%u.grant",
- session_name, invoking_user_id, action_name, resource_hash);
- if (g_file_test (grant_file, G_FILE_TEST_EXISTS)) {
- result = POLKIT_RESULT_YES;
+ if (session_name != NULL) {
+ grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit/session_%s_%d_%s_%u.grant",
+ session_name, invoking_user_id, action_name, resource_hash);
+ if (g_file_test (grant_file, G_FILE_TEST_EXISTS)) {
+ result = POLKIT_RESULT_YES;
+ g_free (grant_file);
+ goto out;
+ }
g_free (grant_file);
- goto out;
}
- g_free (grant_file);
grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit/uid_%d_%s_%u.grant",
invoking_user_id, action_name, resource_hash);
goto out;
}
g_free (grant_file);
-
+#endif
out:
return result;
polkit_module_set_func_initialize (module_interface, _module_init);
polkit_module_set_func_shutdown (module_interface, _module_shutdown);
- polkit_module_set_func_can_session_access_resource (module_interface, _module_can_session_access_resource);
- polkit_module_set_func_can_caller_access_resource (module_interface, _module_can_caller_access_resource);
+ polkit_module_set_func_can_session_do_action (module_interface, _module_can_session_do_action);
+ polkit_module_set_func_can_caller_do_action (module_interface, _module_can_caller_do_action);
ret = TRUE;
out:
g_free (ck_session_objpath);
return caller;
}
+
+PolKitCaller *
+polkit_caller_new_from_pid (DBusConnection *con, pid_t pid, DBusError *error)
+{
+ PolKitCaller *caller;
+ uid_t uid;
+ char *selinux_context;
+ char *ck_session_objpath;
+ PolKitSession *session;
+ DBusMessage *message;
+ DBusMessage *reply;
+ DBusMessageIter iter;
+ char *str;
+
+ g_return_val_if_fail (con != NULL, NULL);
+ g_return_val_if_fail (error != NULL, NULL);
+ g_return_val_if_fail (! dbus_error_is_set (error), NULL);
+
+ selinux_context = NULL;
+ ck_session_objpath = NULL;
+
+ caller = NULL;
+ session = NULL;
+
+ /* TODO: Verify that PID exists */
+
+ /* TODO: FIXME */
+ uid = 500;
+
+ /* TODO: FIXME */
+ selinux_context = g_strdup ("user_u:system_r:hald_t");
+
+ message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
+ "/org/freedesktop/ConsoleKit/Manager",
+ "org.freedesktop.ConsoleKit.Manager",
+ "GetSessionForUnixProcess");
+ dbus_message_iter_init_append (message, &iter);
+ dbus_message_iter_append_basic (&iter, DBUS_TYPE_UINT32, &pid);
+ reply = dbus_connection_send_with_reply_and_block (con, message, -1, error);
+ if (reply == NULL || dbus_error_is_set (error)) {
+ g_warning ("Error doing GetSessionForUnixProcess on ConsoleKit: %s: %s", error->name, error->message);
+ dbus_message_unref (message);
+ if (reply != NULL)
+ dbus_message_unref (reply);
+ /* OK, this is not a catastrophe; just means the caller is not a
+ * member of any session or that ConsoleKit is not available..
+ */
+ goto not_in_session;
+ }
+ dbus_message_iter_init (reply, &iter);
+ dbus_message_iter_get_basic (&iter, &str);
+ ck_session_objpath = g_strdup (str);
+ dbus_message_unref (message);
+ dbus_message_unref (reply);
+
+ session = polkit_session_new_from_objpath (con, ck_session_objpath, uid, error);
+ if (session == NULL) {
+ g_warning ("Got a session objpath but couldn't construct session object!");
+ goto out;
+ }
+ if (!polkit_session_validate (session)) {
+ polkit_session_unref (session);
+ session = NULL;
+ goto out;
+ }
+
+not_in_session:
+
+ caller = polkit_caller_new ();
+ if (caller == NULL) {
+ if (session != NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ }
+ goto out;
+ }
+
+ if (!polkit_caller_set_uid (caller, uid)) {
+ if (session != NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ }
+ polkit_caller_unref (caller);
+ caller = NULL;
+ goto out;
+ }
+ if (!polkit_caller_set_pid (caller, pid)) {
+ if (session != NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ }
+ polkit_caller_unref (caller);
+ caller = NULL;
+ goto out;
+ }
+ if (selinux_context != NULL) {
+ if (!polkit_caller_set_selinux_context (caller, selinux_context)) {
+ if (session != NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ }
+ polkit_caller_unref (caller);
+ caller = NULL;
+ goto out;
+ }
+ }
+ if (session != NULL) {
+ if (!polkit_caller_set_ck_session (caller, session)) {
+ if (session != NULL) {
+ polkit_session_unref (session);
+ session = NULL;
+ }
+ polkit_caller_unref (caller);
+ caller = NULL;
+ goto out;
+ }
+ polkit_session_unref (session); /* caller object now own this object */
+ session = NULL;
+ }
+
+ if (!polkit_caller_validate (caller)) {
+ polkit_caller_unref (caller);
+ caller = NULL;
+ goto out;
+ }
+
+out:
+ g_free (selinux_context);
+ g_free (ck_session_objpath);
+ return caller;
+}
PolKitCaller *polkit_caller_new_from_dbus_name (DBusConnection *con, const char *dbus_name, DBusError *error);
+PolKitCaller *polkit_caller_new_from_pid (DBusConnection *con, pid_t pid, DBusError *error);
+
#endif /* POLKIT_DBUS_H */
polkit-grant.h
libpolkit_grant_la_SOURCES = \
+ polkit-grant-database.h polkit-grant-database.c \
polkit-grant.h polkit-grant.c
libpolkit_grant_la_LIBADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/polkit/libpolkit.la
#include <polkit-dbus/polkit-dbus.h>
+#include "polkit-grant-database.h"
+
static int
conversation_function (int n,
const struct pam_message **msg,
goto error;
}
+#if 0
+ /* Hmm, this fails; TODO: investigate */
+
/* permitted access? */
rc = pam_acct_mgmt (pam_h, 0);
if (rc != PAM_SUCCESS) {
fprintf (stderr, "pam_acct_mgmt failed: %s\n", pam_strerror (pam_h, rc));
goto error;
}
+#endif
/* did we auth the right user? */
rc = pam_get_item (pam_h, PAM_USER, &authed_user);
static polkit_bool_t
verify_with_polkit (const char *dbus_name,
+ pid_t caller_pid,
const char *action_name,
- const char *resource_type,
- const char *resource_name,
PolKitResult *result,
char **out_session_objpath)
{
DBusError error;
PolKitContext *pol_ctx;
PolKitAction *action;
- PolKitResource *resource;
dbus_error_init (&error);
bus = dbus_bus_get (DBUS_BUS_SYSTEM, &error);
action = polkit_action_new ();
polkit_action_set_action_id (action, action_name);
- if (resource_type != NULL && resource_name != NULL) {
- resource = polkit_resource_new ();
- polkit_resource_set_resource_type (resource, resource_type);
- polkit_resource_set_resource_id (resource, resource_name);
+ if (dbus_name != NULL && strlen (dbus_name) > 0) {
+ caller = polkit_caller_new_from_dbus_name (bus, dbus_name, &error);
+ if (caller == NULL) {
+ fprintf (stderr, "cannot get caller from dbus name\n");
+ goto out;
+ }
} else {
- resource = NULL;
- }
-
- caller = polkit_caller_new_from_dbus_name (bus, dbus_name, &error);
- if (caller == NULL) {
- fprintf (stderr, "cannot get caller from dbus name\n");
- goto out;
+ caller = polkit_caller_new_from_pid (bus, caller_pid, &error);
+ if (caller == NULL) {
+ fprintf (stderr, "cannot get caller from pid\n");
+ goto out;
+ }
}
if (!polkit_caller_get_ck_session (caller, &session)) {
goto out;
}
- *result = polkit_context_can_caller_access_resource (pol_ctx, action, resource, caller);
+ *result = polkit_context_can_caller_do_action (pol_ctx, action, caller);
if (*result != POLKIT_RESULT_ONLY_VIA_ROOT_AUTH &&
*result != POLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_SESSION &&
*result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH &&
*result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION &&
*result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS) {
- fprintf (stderr, "given auth type is bogus\n");
+ fprintf (stderr, "given auth type (%d -> %s) is bogus\n",
+ *result, polkit_result_to_string_representation (*result));
goto out;
}
return FALSE;
}
-/* synopsis: /usr/libexec/polkit-grant-helper <auth-type> <dbus-name> <action-name> <resource-type> <resource-name>
+/* synopsis: polkit-grant-helper <auth-type> <dbus-name> <pid> <action-name>
*
- * <dbus-name> : unique name of caller on the system message bus to grant privilege to
+ * <dbus-name> : unique name of caller on the system message bus to grant privilege to (may be blank)
+ * <pid> : process id of caller to grant privilege to
* <action-name> : the PolicyKit action
- * <resource-type> : resource-type
- * <resource-name> : resource-name
*
* PAM interaction happens via stdin/stdout.
*
{
int ret;
uid_t invoking_user_id;
+ pid_t caller_pid;
const char *invoking_user_name;
const char *dbus_name;
const char *action_name;
- const char *resource_type;
- const char *resource_name;
PolKitResult result;
const char *user_to_auth;
char *session_objpath;
ret = 3;
- if (argc != 5) {
+ if (argc != 4) {
fprintf (stderr, "wrong use\n");
goto out;
}
setenv ("PATH", "/bin:/usr/bin", 1);
dbus_name = argv[1];
- action_name = argv[2];
- resource_type = argv[3];
- resource_name = argv[4];
+ caller_pid = atoi(argv[2]); /* TODO: use safer function? */
+ action_name = argv[3];
fprintf (stderr, "dbus_name = %s\n", dbus_name);
+ fprintf (stderr, "caller_pid = %d\n", caller_pid);
fprintf (stderr, "action_name = %s\n", action_name);
- fprintf (stderr, "resource_type = %s\n", resource_type);
- fprintf (stderr, "resource_name = %s\n", resource_name);
ret = 2;
*
* verify that the given thing to auth for really supports grant by auth in the requested way
*/
- if (!verify_with_polkit (dbus_name, action_name, resource_type, resource_name, &result, &session_objpath))
+ if (!verify_with_polkit (dbus_name, caller_pid, action_name, &result, &session_objpath))
goto out;
/* tell user about the grant details; e.g. whether it's auth_self_keep_always or auth_self etc. */
user_to_auth = invoking_user_name;
}
+ ret = 1;
+
/* OK, start auth! */
if (!do_auth (user_to_auth))
goto out;
polkit_result_to_string_representation (result));
fflush (stdout);
- if (!get_and_validate_override_details (&result))
+ if (!get_and_validate_override_details (&result)) {
+ /* if this fails it means bogus input from user */
+ ret = 2;
goto out;
+ }
+ fprintf (stderr, "OK; TODO: write to database\n");
+#if 0
/* TODO: FIXME: XXX: this format of storing granted privileges needs be redone
*
* this concerns these two files
fprintf (stderr, "file is '%s'\n", grant_file);
FILE *f = fopen (grant_file, "w");
fclose (f);
+#endif
ret = 0;
out:
+ fprintf (stderr, "exiting with code %d\n", ret);
return ret;
}
* polkit_grant_initiate_auth:
* @polkit_grant: the object
* @action: Action requested by caller
- * @resource: Resource in question
* @caller: Caller in question
*
* Initiate authentication to obtain the privilege for the given
- * @caller to perform the specified @action on the given
- * @resource. The caller of this method must have setup callback
- * functions using the method polkit_grant_set_functions() prior to
- * calling this method.
+ * @caller to perform the specified @action. The caller of this method
+ * must have setup callback functions using the method
+ * polkit_grant_set_functions() prior to calling this method.
*
* Implementation-wise, this class uses a secure (e.g. as in that it
* checks all information and fundamenally don't trust the caller;
* Returns: #TRUE only if authentication have been initiated.
**/
polkit_bool_t
-polkit_grant_initiate_auth (PolKitGrant *polkit_grant,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitCaller *caller)
+polkit_grant_initiate_auth (PolKitGrant *polkit_grant,
+ PolKitAction *action,
+ PolKitCaller *caller)
{
+ pid_t pid;
char *dbus_name;
char *action_id;
- char *resource_type;
- char *resource_id;
GError *g_error;
- const char *helper_argv[6];
+ char *helper_argv[5];
g_return_val_if_fail (polkit_grant != NULL, FALSE);
/* check that callback functions have been properly set up */
g_return_val_if_fail (polkit_grant->func_done != NULL, FALSE);
- if (!polkit_caller_get_dbus_name (caller, &dbus_name))
- goto error;
-
- if (!polkit_action_get_action_id (action, &action_id))
+ if (!polkit_caller_get_pid (caller, &pid))
goto error;
- if (!polkit_resource_get_resource_type (resource, &resource_type))
+ if (!polkit_caller_get_dbus_name (caller, &dbus_name))
goto error;
- if (!polkit_resource_get_resource_id (resource, &resource_id))
+ if (!polkit_action_get_action_id (action, &action_id))
goto error;
/* TODO: verify incoming args */
- //helper_argv[0] = "/home/davidz/Hacking/PolicyKit/polkit-grant/.libs/polkit-grant-helper";
- helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-grant-helper";
- helper_argv[1] = dbus_name;
- helper_argv[2] = action_id;
- helper_argv[3] = resource_type;
- helper_argv[4] = resource_id;
- helper_argv[5] = NULL;
+ helper_argv[0] = "/home/davidz/Hacking/PolicyKit/polkit-grant/.libs/polkit-grant-helper";
+ // TODO FIXME: helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-grant-helper";
+ if (dbus_name == NULL)
+ helper_argv[1] = "";
+ else
+ helper_argv[1] = dbus_name;
+ helper_argv[2] = g_strdup_printf ("%d", pid);
+ helper_argv[3] = action_id;
+ helper_argv[4] = NULL;
polkit_grant->child_stdin = -1;
polkit_grant->child_stdout = -1;
&g_error)) {
fprintf (stderr, "Cannot spawn helper: %s.\n", g_error->message);
g_error_free (g_error);
+ g_free (helper_argv[2]);
goto error;
}
+ g_free (helper_argv[2]);
polkit_grant->child_watch_id = polkit_grant->func_add_child_watch (polkit_grant, polkit_grant->child_pid);
if (polkit_grant->child_watch_id == 0)
PolKitGrantOverrideGrantType func_override_grant_type,
PolKitGrantDone func_done,
void *user_data);
-polkit_bool_t polkit_grant_initiate_auth (PolKitGrant *polkit_grant,
+
+polkit_bool_t polkit_grant_initiate_auth (PolKitGrant *polkit_grant,
PolKitAction *action,
- PolKitResource *resource,
PolKitCaller *caller);
void polkit_grant_cancel_auth (PolKitGrant *polkit_grant);
polkit-result.h \
polkit-context.h \
polkit-action.h \
- polkit-resource.h \
polkit-seat.h \
polkit-session.h \
polkit-caller.h \
polkit-result.h polkit-result.c \
polkit-context.h polkit-context.c \
polkit-action.h polkit-action.c \
- polkit-resource.h polkit-resource.c \
polkit-seat.h polkit-seat.c \
polkit-session.h polkit-session.c \
polkit-caller.h polkit-caller.c \
{
g_return_val_if_fail (caller != NULL, FALSE);
g_return_val_if_fail (caller->pid > 0, FALSE);
- g_return_val_if_fail (caller->dbus_name != NULL, FALSE);
- /* NOTE TODO FIXME: remove need to have a dbus name set */
return TRUE;
}
return pk_context->priv_cache;
}
-
-/**
- * polkit_context_get_seat_resource_association:
- * @pk_context: the PolicyKit context
- * @visitor: visitor function
- * @user_data: user data
- *
- * Retrieve information about what resources are associated to what
- * seats. Note that a resource may be associated to more than one
- * seat. This information stems from user configuration and consumers
- * of this information that know better (e.g. HAL) may choose to
- * override it.
- *
- * Typically, this information is used to e.g. bootstrap the system
- * insofar that it can be used to start login greeters on the given
- * video hardware (e.g. resources) on the given user-configured seats.
- *
- * If a resource is not associated with any seat, it is assumed to be
- * available to any local seat.
- *
- * Returns: A #PolKitResult - can only be one of
- * #POLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW or
- * #POLKIT_RESULT_YES (if the callback was invoked)
- */
-PolKitResult
-polkit_context_get_seat_resource_association (PolKitContext *pk_context,
- PolKitSeatVisitorCB visitor,
- void *user_data)
-{
- return POLKIT_RESULT_YES;
-}
-
/**
- * polkit_context_is_resource_associated_with_seat:
- * @pk_context: the PolicyKit context
- * @resource: the resource in question
- * @seat: the seat
- *
- * Determine if a given resource is associated with a given seat. The
- * same comments noted in polkit_get_seat_resource_association() about the
- * source purely being user configuration applies here as well.
- *
- * Returns: A #PolKitResult - can only be one of
- * #POLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW,
- * #POLKIT_RESULT_YES, #POLKIT_RESULT_NO.
- */
-PolKitResult
-polkit_context_is_resource_associated_with_seat (PolKitContext *pk_context,
- PolKitResource *resource,
- PolKitSeat *seat)
-{
- return POLKIT_RESULT_NO;
-}
-
-/**
- * polkit_context_can_session_access_resource:
+ * polkit_context_can_session_do_action:
* @pk_context: the PolicyKit context
* @action: the type of access to check for
- * @resource: the resource in question or #NULL to test for all resources
* @session: the session in question
*
- * Determine if a given session can access a given resource in a given way.
+ * Determine if a given session can do a given action.
*
* Returns: A #PolKitResult - can only be one of
* #POLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW,
* #POLKIT_RESULT_YES, #POLKIT_RESULT_NO.
*/
PolKitResult
-polkit_context_can_session_access_resource (PolKitContext *pk_context,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitSession *session)
+polkit_context_can_session_do_action (PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitSession *session)
{
PolKitPolicyCache *cache;
PolKitPolicyFileEntry *pfe;
current_result = POLKIT_RESULT_NO;
g_return_val_if_fail (pk_context != NULL, current_result);
- /* resource may actually by NULL */
if (action == NULL || session == NULL)
goto out;
-
/* now validate the incoming objects */
if (!polkit_action_validate (action))
goto out;
- if (resource == NULL)
- if (!polkit_resource_validate (resource))
- goto out;
if (!polkit_session_validate (session))
goto out;
if (cache == NULL)
goto out;
- _pk_debug ("entering polkit_can_session_access_resource()");
+ _pk_debug ("entering polkit_can_session_do_action()");
polkit_action_debug (action);
- if (resource != NULL)
- polkit_resource_debug (resource);
polkit_session_debug (session);
pfe = polkit_policy_cache_get_entry (cache, action);
/* visit modules */
for (i = pk_context->modules; i != NULL; i = g_slist_next (i)) {
PolKitModuleInterface *module_interface = i->data;
- PolKitModuleCanSessionAccessResource func;
+ PolKitModuleCanSessionDoAction func;
- func = polkit_module_get_func_can_session_access_resource (module_interface);
+ func = polkit_module_get_func_can_session_do_action (module_interface);
if (func != NULL) {
PolKitModuleControl module_control;
PolKitResult module_result;
module_interface,
pk_context,
action,
- resource,
session)) {
/* module is confined by built-in options */
module_result = POLKIT_RESULT_UNKNOWN_ACTION;
module_result = func (module_interface,
pk_context,
action,
- resource,
session);
}
}
/**
- * polkit_context_can_caller_access_resource:
+ * polkit_context_can_caller_do_action:
* @pk_context: the PolicyKit context
* @action: the type of access to check for
- * @resource: the resource in question or #NULL to test for all resources
- * @caller: the resource in question
+ * @caller: the caller in question
*
- * Determine if a given caller can access a given resource in a given way.
+ * Determine if a given caller can do a given action.
*
* Returns: A #PolKitResult specifying if, and how, the caller can
- * access the resource in the given way
+ * do a specific action
*/
PolKitResult
-polkit_context_can_caller_access_resource (PolKitContext *pk_context,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitCaller *caller)
+polkit_context_can_caller_do_action (PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitCaller *caller)
{
PolKitPolicyCache *cache;
PolKitPolicyFileEntry *pfe;
current_result = POLKIT_RESULT_NO;
g_return_val_if_fail (pk_context != NULL, current_result);
- /* resource may actually by NULL */
if (action == NULL || caller == NULL)
goto out;
/* now validate the incoming objects */
if (!polkit_action_validate (action))
goto out;
- if (resource == NULL)
- if (!polkit_resource_validate (resource))
- goto out;
if (!polkit_caller_validate (caller))
goto out;
- _pk_debug ("entering polkit_can_caller_access_resource()");
+ _pk_debug ("entering polkit_can_caller_do_action()");
polkit_action_debug (action);
- if (resource != NULL)
- polkit_resource_debug (resource);
polkit_caller_debug (caller);
pfe = polkit_policy_cache_get_entry (cache, action);
/* visit modules */
for (i = pk_context->modules; i != NULL; i = g_slist_next (i)) {
PolKitModuleInterface *module_interface = i->data;
- PolKitModuleCanCallerAccessResource func;
+ PolKitModuleCanCallerDoAction func;
- func = polkit_module_get_func_can_caller_access_resource (module_interface);
+ func = polkit_module_get_func_can_caller_do_action (module_interface);
if (func != NULL) {
PolKitModuleControl module_control;
PolKitResult module_result;
module_interface,
pk_context,
action,
- resource,
caller)) {
/* module is confined by built-in options */
module_result = POLKIT_RESULT_UNKNOWN_ACTION;
module_result = func (module_interface,
pk_context,
action,
- resource,
caller);
}
#include <polkit/polkit-result.h>
#include <polkit/polkit-context.h>
#include <polkit/polkit-action.h>
-#include <polkit/polkit-resource.h>
#include <polkit/polkit-seat.h>
#include <polkit/polkit-session.h>
#include <polkit/polkit-caller.h>
PolKitPolicyCache *polkit_context_get_policy_cache (PolKitContext *pk_context);
-/**
- * PolKitSeatVisitorCB:
- * @seat: the seat
- * @resources_associated_with_seat: A NULL terminated array of resources associated with the seat
- * @user_data: user data
- *
- * Visitor function for polkit_get_seat_resource_association(). The caller should _not_ unref the passed objects.
- */
-typedef void (*PolKitSeatVisitorCB) (PolKitSeat *seat,
- PolKitResource **resources_associated_with_seat,
- void *user_data);
-
-PolKitResult
-polkit_context_get_seat_resource_association (PolKitContext *pk_context,
- PolKitSeatVisitorCB visitor,
- void *user_data);
-
-PolKitResult
-polkit_context_is_resource_associated_with_seat (PolKitContext *pk_context,
- PolKitResource *resource,
- PolKitSeat *seat);
-
PolKitResult
-polkit_context_can_session_access_resource (PolKitContext *pk_context,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitSession *session);
+polkit_context_can_session_do_action (PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitSession *session);
PolKitResult
-polkit_context_can_caller_access_resource (PolKitContext *pk_context,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitCaller *caller);
+polkit_context_can_caller_do_action (PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitCaller *caller);
#endif /* POLKIT_CONTEXT_H */
PolKitModuleInitialize func_initialize;
PolKitModuleShutdown func_shutdown;
- PolKitModuleGetSeatResourceAssociation func_get_seat_resource_association;
- PolKitModuleIsResourceAssociatedWithSeat func_is_resource_associated_with_seat;
- PolKitModuleCanSessionAccessResource func_can_session_access_resource;
- PolKitModuleCanCallerAccessResource func_can_caller_access_resource;
+ PolKitModuleCanSessionDoAction func_can_session_do_action;
+ PolKitModuleCanCallerDoAction func_can_caller_do_action;
polkit_bool_t builtin_have_action_regex;
regex_t builtin_action_regex_compiled;
**/
void
polkit_module_set_func_shutdown (PolKitModuleInterface *module_interface,
- PolKitModuleShutdown func)
+ PolKitModuleShutdown func)
{
g_return_if_fail (module_interface != NULL);
module_interface->func_shutdown = func;
}
/**
- * polkit_module_set_func_get_seat_resource_association:
+ * polkit_module_set_func_can_session_do_action:
* @module_interface: the module interface
* @func: the function pointer
*
* Set the function pointer.
**/
-void
-polkit_module_set_func_get_seat_resource_association (PolKitModuleInterface *module_interface,
- PolKitModuleGetSeatResourceAssociation func)
-{
- g_return_if_fail (module_interface != NULL);
- module_interface->func_get_seat_resource_association = func;
-}
-
-/**
- * polkit_module_set_func_is_resource_associated_with_seat:
- * @module_interface: the module interface
- * @func: the function pointer
- *
- * Set the function pointer.
- **/
-void polkit_module_set_func_is_resource_associated_with_seat (PolKitModuleInterface *module_interface,
- PolKitModuleIsResourceAssociatedWithSeat func)
+void polkit_module_set_func_can_session_do_action (PolKitModuleInterface *module_interface,
+ PolKitModuleCanSessionDoAction func)
{
g_return_if_fail (module_interface != NULL);
- module_interface->func_is_resource_associated_with_seat = func;
+ module_interface->func_can_session_do_action = func;
}
/**
- * polkit_module_set_func_can_session_access_resource:
+ * polkit_module_set_func_can_caller_do_action:
* @module_interface: the module interface
* @func: the function pointer
*
* Set the function pointer.
**/
-void polkit_module_set_func_can_session_access_resource (PolKitModuleInterface *module_interface,
- PolKitModuleCanSessionAccessResource func)
+void polkit_module_set_func_can_caller_do_action (PolKitModuleInterface *module_interface,
+ PolKitModuleCanCallerDoAction func)
{
g_return_if_fail (module_interface != NULL);
- module_interface->func_can_session_access_resource = func;
-}
-
-/**
- * polkit_module_set_func_can_caller_access_resource:
- * @module_interface: the module interface
- * @func: the function pointer
- *
- * Set the function pointer.
- **/
-void polkit_module_set_func_can_caller_access_resource (PolKitModuleInterface *module_interface,
- PolKitModuleCanCallerAccessResource func)
-{
- g_return_if_fail (module_interface != NULL);
- module_interface->func_can_caller_access_resource = func;
+ module_interface->func_can_caller_do_action = func;
}
/**
}
/**
- * polkit_module_get_func_get_seat_resource_association:
- * @module_interface: the module interface
- *
- * Get the function pointer.
- *
- * Returns: Function pointer or #NULL if it's unavailable or an error occured
- **/
-PolKitModuleGetSeatResourceAssociation
-polkit_module_get_func_get_seat_resource_association (PolKitModuleInterface *module_interface)
-{
- g_return_val_if_fail (module_interface != NULL, NULL);
- return module_interface->func_get_seat_resource_association;
-}
-
-/**
- * polkit_module_get_func_is_resource_associated_with_seat:
- * @module_interface: the module interface
- *
- * Get the function pointer.
- *
- * Returns: Function pointer or #NULL if it's unavailable or an error occured
- **/
-PolKitModuleIsResourceAssociatedWithSeat
-polkit_module_get_func_is_resource_associated_with_seat (PolKitModuleInterface *module_interface)
-{
- g_return_val_if_fail (module_interface != NULL, NULL);
- return module_interface->func_is_resource_associated_with_seat;
-}
-
-/**
- * polkit_module_get_func_can_session_access_resource:
+ * polkit_module_get_func_can_session_do_action:
* @module_interface: the module interface
*
* Get the function pointer.
*
* Returns: Function pointer or #NULL if it's unavailable or an error occured
**/
-PolKitModuleCanSessionAccessResource
-polkit_module_get_func_can_session_access_resource (PolKitModuleInterface *module_interface)
+PolKitModuleCanSessionDoAction
+polkit_module_get_func_can_session_do_action (PolKitModuleInterface *module_interface)
{
g_return_val_if_fail (module_interface != NULL, NULL);
- return module_interface->func_can_session_access_resource;
+ return module_interface->func_can_session_do_action;
}
/**
- * polkit_module_get_func_can_caller_access_resource:
+ * polkit_module_get_func_can_caller_do_action:
* @module_interface: the module interface
*
* Get the function pointer.
*
* Returns: Function pointer or #NULL if it's unavailable or an error occured
**/
-PolKitModuleCanCallerAccessResource
-polkit_module_get_func_can_caller_access_resource (PolKitModuleInterface *module_interface)
+PolKitModuleCanCallerDoAction
+polkit_module_get_func_can_caller_do_action (PolKitModuleInterface *module_interface)
{
g_return_val_if_fail (module_interface != NULL, NULL);
- return module_interface->func_can_caller_access_resource;
+ return module_interface->func_can_caller_do_action;
}
* @module_interface: the given module
* @pk_context: the PolicyKit context
* @action: the type of access to check for
- * @resource: the resource in question
* @session: the session in question
*
* Check whether some of the built-in module options (e.g. action="hal-storage-*",
**/
polkit_bool_t
polkit_module_interface_check_builtin_confinement_for_session (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitSession *session)
+ PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitSession *session)
{
polkit_bool_t ret;
ret = TRUE;
* @module_interface: the given module
* @pk_context: the PolicyKit context
* @action: the type of access to check for
- * @resource: the resource in question
- * @caller: the resource in question
+ * @caller: the caller in question
*
* Check whether some of the built-in module options (e.g. action="hal-storage-*",
* user=davidz) confines the given module, e.g. whether it should be skipped.
**/
polkit_bool_t
polkit_module_interface_check_builtin_confinement_for_caller (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitCaller *caller)
+ PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitCaller *caller)
{
polkit_bool_t ret;
ret = TRUE;
typedef void (*PolKitModuleShutdown) (PolKitModuleInterface *module_interface);
/**
- * PolKitModuleGetSeatResourceAssociation:
- * @module_interface: the module interface
- * @pk_context: the PolicyKit context
- * @visitor: visitor function
- * @user_data: user data
- *
- * Type of PolicyKit module function to implement polkit_get_seat_resource_association().
- *
- * Returns: the #PolKitResult
- **/
-typedef PolKitResult (*PolKitModuleGetSeatResourceAssociation) (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitSeatVisitorCB visitor,
- void *user_data);
-
-/**
- * PolKitModuleIsResourceAssociatedWithSeat:
- * @module_interface: the module interface
- * @pk_context: the PolicyKit context
- * @resource: the resource in question
- * @seat: the seat
- *
- * Type of PolicyKit module function to implement polkit_is_resource_associated_with_seat().
- *
- * Returns: the #PolKitResult
- **/
-typedef PolKitResult (*PolKitModuleIsResourceAssociatedWithSeat) (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitResource *resource,
- PolKitSeat *seat);
-
-/**
- * PolKitModuleCanSessionAccessResource:
+ * PolKitModuleCanSessionAccessDoAction:
* @module_interface: the module interface
* @pk_context: the PolicyKit context
* @action: the type of access to check for
- * @resource: the resource in question
* @session: the session in question
*
- * Type of PolicyKit module function to implement polkit_can_session_access_resource().
+ * Type of PolicyKit module function to implement polkit_can_session_access_do_action().
*
* Returns: the #PolKitResult
**/
-typedef PolKitResult (*PolKitModuleCanSessionAccessResource) (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitSession *session);
+typedef PolKitResult (*PolKitModuleCanSessionDoAction) (PolKitModuleInterface *module_interface,
+ PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitSession *session);
/**
- * PolKitModuleCanCallerAccessResource:
+ * PolKitModuleCanCallerAccessDoAction:
* @module_interface: the module interface
* @pk_context: the PolicyKit context
* @action: the type of access to check for
- * @resource: the resource in question
- * @caller: the resource in question
+ * @caller: the caller in question
*
- * Type of PolicyKit module function to implement polkit_can_caller_access_resource().
+ * Type of PolicyKit module function to implement polkit_can_caller_do_action().
*
* Returns: the #PolKitResult
**/
-typedef PolKitResult (*PolKitModuleCanCallerAccessResource) (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitCaller *caller);
+typedef PolKitResult (*PolKitModuleCanCallerDoAction) (PolKitModuleInterface *module_interface,
+ PolKitContext *pk_context,
+ PolKitAction *action,
+ PolKitCaller *caller);
PolKitModuleInterface *polkit_module_interface_new (void);
PolKitModuleInterface *polkit_module_interface_ref (PolKitModuleInterface *module_interface);
void polkit_module_set_user_data (PolKitModuleInterface *module_interface, void *user_data);
void *polkit_module_get_user_data (PolKitModuleInterface *module_interface);
-void polkit_module_set_func_initialize (PolKitModuleInterface *module_interface,
- PolKitModuleInitialize func);
-void polkit_module_set_func_shutdown (PolKitModuleInterface *module_interface,
- PolKitModuleShutdown func);
-void polkit_module_set_func_get_seat_resource_association (PolKitModuleInterface *module_interface,
- PolKitModuleGetSeatResourceAssociation func);
-void polkit_module_set_func_is_resource_associated_with_seat (PolKitModuleInterface *module_interface,
- PolKitModuleIsResourceAssociatedWithSeat func);
-void polkit_module_set_func_can_session_access_resource (PolKitModuleInterface *module_interface,
- PolKitModuleCanSessionAccessResource func);
-void polkit_module_set_func_can_caller_access_resource (PolKitModuleInterface *module_interface,
- PolKitModuleCanCallerAccessResource func);
+void polkit_module_set_func_initialize (PolKitModuleInterface *module_interface,
+ PolKitModuleInitialize func);
+void polkit_module_set_func_shutdown (PolKitModuleInterface *module_interface,
+ PolKitModuleShutdown func);
+void polkit_module_set_func_can_session_do_action (PolKitModuleInterface *module_interface,
+ PolKitModuleCanSessionDoAction func);
+void polkit_module_set_func_can_caller_do_action (PolKitModuleInterface *module_interface,
+ PolKitModuleCanCallerDoAction func);
PolKitModuleInitialize polkit_module_get_func_initialize (PolKitModuleInterface *module_interface);
PolKitModuleShutdown polkit_module_get_func_shutdown (PolKitModuleInterface *module_interface);
-PolKitModuleGetSeatResourceAssociation polkit_module_get_func_get_seat_resource_association (PolKitModuleInterface *module_interface);
-PolKitModuleIsResourceAssociatedWithSeat polkit_module_get_func_is_resource_associated_with_seat (PolKitModuleInterface *module_interface);
-PolKitModuleCanSessionAccessResource polkit_module_get_func_can_session_access_resource (PolKitModuleInterface *module_interface);
-PolKitModuleCanCallerAccessResource polkit_module_get_func_can_caller_access_resource (PolKitModuleInterface *module_interface);
+PolKitModuleCanSessionDoAction polkit_module_get_func_can_session_do_action (PolKitModuleInterface *module_interface);
+PolKitModuleCanCallerDoAction polkit_module_get_func_can_caller_do_action (PolKitModuleInterface *module_interface);
/**
* PolKitModuleControl:
polkit_bool_t
polkit_module_interface_check_builtin_confinement_for_session (PolKitModuleInterface *module_interface,
PolKitContext *pk_context,
- PolKitAction *action,
- PolKitResource *resource,
+ PolKitAction *action,
PolKitSession *session);
polkit_bool_t
polkit_module_interface_check_builtin_confinement_for_caller (PolKitModuleInterface *module_interface,
PolKitContext *pk_context,
- PolKitAction *action,
- PolKitResource *resource,
+ PolKitAction *action,
PolKitCaller *caller);
#endif /* POLKIT_MODULE_H */
/**
- * polkit_policy_default_can_session_access_resource:
+ * polkit_policy_default_can_session_do_action:
* @policy_default: the object
* @action: the type of access to check for
- * @resource: the resource in question
* @session: the session in question
*
* Using the default policy for an action, determine if a given
- * session can access a given resource in a given way.
+ * session can do a given action.
*
* Returns: A #PolKitResult - can only be one of
* #POLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW,
* #POLKIT_RESULT_YES, #POLKIT_RESULT_NO.
**/
PolKitResult
-polkit_policy_default_can_session_access_resource (PolKitPolicyDefault *policy_default,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitSession *session)
+polkit_policy_default_can_session_do_action (PolKitPolicyDefault *policy_default,
+ PolKitAction *action,
+ PolKitSession *session)
{
polkit_bool_t is_local;
polkit_bool_t is_active;
}
/**
- * polkit_policy_default_can_caller_access_resource:
+ * polkit_policy_default_can_caller_do_action:
* @policy_default: the object
* @action: the type of access to check for
- * @resource: the resource in question
- * @caller: the resource in question
+ * @caller: the caller in question
*
* Using the default policy for an action, determine if a given
- * caller can access a given resource in a given way.
+ * caller can do a given action.
*
* Returns: A #PolKitResult specifying if, and how, the caller can
- * access the resource in the given way
+ * do the given action.
**/
PolKitResult
-polkit_policy_default_can_caller_access_resource (PolKitPolicyDefault *policy_default,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitCaller *caller)
+polkit_policy_default_can_caller_do_action (PolKitPolicyDefault *policy_default,
+ PolKitAction *action,
+ PolKitCaller *caller)
{
polkit_bool_t is_local;
polkit_bool_t is_active;
#include <polkit/polkit-result.h>
#include <polkit/polkit-action.h>
-#include <polkit/polkit-resource.h>
#include <polkit/polkit-session.h>
#include <polkit/polkit-caller.h>
#include <polkit/polkit-error.h>
void polkit_policy_default_unref (PolKitPolicyDefault *policy_default);
void polkit_policy_default_debug (PolKitPolicyDefault *policy_default);
-PolKitResult polkit_policy_default_can_session_access_resource (PolKitPolicyDefault *policy_default,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitSession *session);
-PolKitResult polkit_policy_default_can_caller_access_resource (PolKitPolicyDefault *policy_default,
- PolKitAction *action,
- PolKitResource *resource,
- PolKitCaller *caller);
+PolKitResult polkit_policy_default_can_session_do_action (PolKitPolicyDefault *policy_default,
+ PolKitAction *action,
+ PolKitSession *session);
+
+PolKitResult polkit_policy_default_can_caller_do_action (PolKitPolicyDefault *policy_default,
+ PolKitAction *action,
+ PolKitCaller *caller);
PolKitResult polkit_policy_default_get_allow_remote_inactive (PolKitPolicyDefault *policy_default);
PolKitResult polkit_policy_default_get_allow_remote_active (PolKitPolicyDefault *policy_default);
*
* Get a phrase, for the policy entry in question, that can be shown
* in the user interface explaining that the caller doesn't possess
- * the privilege to perform the given action on the given resource.
+ * the privilege to perform the given action.
*
* The returned string may contain a single %s entry - the caller
* should use a printf-style function to replace this with a human
PolKitPolicyDefault *polkit_policy_file_entry_get_default (PolKitPolicyFileEntry *policy_file_entry);
const char *polkit_policy_file_get_group_description (PolKitPolicyFileEntry *policy_file_entry);
-const char *polkit_policy_file_get_group_description_short (PolKitPolicyFileEntry *policy_file_entry);
const char *polkit_policy_file_get_action_description (PolKitPolicyFileEntry *policy_file_entry);
-const char *polkit_policy_file_get_action_missing (PolKitPolicyFileEntry *policy_file_entry);
-const char *polkit_policy_file_get_action_apply_to_all_mnemonic (PolKitPolicyFileEntry *policy_file_entry);
#endif /* POLKIT_POLICY_FILE_ENTRY_H */
+++ /dev/null
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-resource.c : resources
- *
- * Copyright (C) 2007 David Zeuthen, <david@fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include <unistd.h>
-#include <errno.h>
-
-#include <glib.h>
-#include "polkit-debug.h"
-#include "polkit-resource.h"
-#include "polkit-utils.h"
-
-/**
- * SECTION:polkit-resource
- * @short_description: Resources.
- *
- * This class is used to represent a resource. TODO: describe what a resource really is.
- **/
-
-/**
- * PolKitResource:
- *
- * Objects of this class are used to record information about a
- * resource. TODO: describe what a resource really is.
- **/
-struct PolKitResource
-{
- int refcount;
- char *type;
- char *id;
-};
-
-/**
- * polkit_resource_new:
- *
- * Create a new #PolKitResource object.
- *
- * Returns: the new object
- **/
-PolKitResource *
-polkit_resource_new (void)
-{
- PolKitResource *resource;
- resource = g_new0 (PolKitResource, 1);
- resource->refcount = 1;
- return resource;
-}
-
-/**
- * polkit_resource_ref:
- * @resource: the resource object
- *
- * Increase reference count
- *
- * Returns: the object
- **/
-PolKitResource *
-polkit_resource_ref (PolKitResource *resource)
-{
- g_return_val_if_fail (resource != NULL, resource);
- resource->refcount++;
- return resource;
-}
-
-
-/**
- * polkit_resource_unref:
- * @resource: the resource object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-polkit_resource_unref (PolKitResource *resource)
-{
- g_return_if_fail (resource != NULL);
-
- resource->refcount--;
- if (resource->refcount > 0)
- return;
-
- g_free (resource->type);
- g_free (resource->id);
- g_free (resource);
-}
-
-
-/**
- * polkit_resource_set_resource_type:
- * @resource: the resource object
- * @resource_type: type of resource
- *
- * Set the type of the resource. TODO: link to wtf this is.
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-polkit_resource_set_resource_type (PolKitResource *resource, const char *resource_type)
-{
- g_return_val_if_fail (resource != NULL, FALSE);
- g_return_val_if_fail (_pk_validate_identifier (resource_type), FALSE);
- if (resource->type != NULL)
- g_free (resource->type);
- resource->type = g_strdup (resource_type);
- return TRUE;
-}
-
-/**
- * polkit_resource_set_resource_id:
- * @resource: the resource object
- * @resource_id: identifier of resource
- *
- * set the identifier of the resource. TODO: link to wtf this is.
- *
- * Returns: #TRUE only if the value validated and was set
- **/
-polkit_bool_t
-polkit_resource_set_resource_id (PolKitResource *resource, const char *resource_id)
-{
- g_return_val_if_fail (resource != NULL, FALSE);
- g_return_val_if_fail (_pk_validate_identifier (resource_id), FALSE);
- if (resource->id != NULL)
- g_free (resource->id);
- resource->id = g_strdup (resource_id);
- return TRUE;
-}
-
-/**
- * polkit_resource_get_resource_type:
- * @resource: the resource object
- * @out_resource_type: Returns the resource type. The caller shall not free this string.
- *
- * Get the type of the resource.
- *
- * Returns: TRUE iff the value was returned.
- **/
-polkit_bool_t
-polkit_resource_get_resource_type (PolKitResource *resource, char **out_resource_type)
-{
- g_return_val_if_fail (resource != NULL, FALSE);
- g_return_val_if_fail (out_resource_type != NULL, FALSE);
-
- if (resource->type == NULL)
- return FALSE;
-
- *out_resource_type = resource->type;
- return TRUE;
-}
-
-/**
- * polkit_resource_get_resource_id:
- * @resource: the resource object
- * @out_resource_id: Returns the resource identifier. The caller shall not free this string.
- *
- * Get the identifier of the resource
- *
- * Returns: TRUE iff the value was returned.
- **/
-polkit_bool_t
-polkit_resource_get_resource_id (PolKitResource *resource, char **out_resource_id)
-{
- g_return_val_if_fail (resource != NULL, FALSE);
- g_return_val_if_fail (out_resource_id != NULL, FALSE);
-
- if (resource->id == NULL)
- return FALSE;
-
- *out_resource_id = resource->id;
- return TRUE;
-}
-
-/**
- * polkit_resource_debug:
- * @resource: the object
- *
- * Print debug details
- **/
-void
-polkit_resource_debug (PolKitResource *resource)
-{
- g_return_if_fail (resource != NULL);
- _pk_debug ("PolKitResource: refcount=%d type=%s id=%s", resource->refcount, resource->type, resource->id);
-}
-
-/**
- * polkit_resource_validate:
- * @resource: the object
- *
- * Validate the object
- *
- * Returns: #TRUE iff the object is valid.
- **/
-polkit_bool_t
-polkit_resource_validate (PolKitResource *resource)
-{
- g_return_val_if_fail (resource != NULL, FALSE);
- g_return_val_if_fail (resource->type != NULL, FALSE);
- g_return_val_if_fail (resource->id != NULL, FALSE);
- return TRUE;
-}
+++ /dev/null
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-resource.h : resources
- *
- * Copyright (C) 2007 David Zeuthen, <david@fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_RESOURCE_H
-#define POLKIT_RESOURCE_H
-
-#include <polkit/polkit-types.h>
-
-struct PolKitResource;
-typedef struct PolKitResource PolKitResource;
-
-PolKitResource *polkit_resource_new (void);
-PolKitResource *polkit_resource_ref (PolKitResource *resource);
-void polkit_resource_unref (PolKitResource *resource);
-polkit_bool_t polkit_resource_set_resource_type (PolKitResource *resource, const char *resource_type);
-polkit_bool_t polkit_resource_set_resource_id (PolKitResource *resource, const char *resource_id);
-polkit_bool_t polkit_resource_get_resource_type (PolKitResource *resource, char **out_resource_type);
-polkit_bool_t polkit_resource_get_resource_id (PolKitResource *resource, char **out_resource_id);
-
-void polkit_resource_debug (PolKitResource *resource);
-
-polkit_bool_t polkit_resource_validate (PolKitResource *resource);
-
-#endif /* POLKIT_RESOURCE_H */
-
-
#include <polkit/polkit-result.h>
#include <polkit/polkit-context.h>
#include <polkit/polkit-action.h>
-#include <polkit/polkit-resource.h>
#include <polkit/polkit-seat.h>
#include <polkit/polkit-session.h>
#include <polkit/polkit-caller.h>
"\n"
"usage : polkit-check-caller\n"
" --caller <dbus-name> --action <action>\n"
- " --resource-type <type> --resource-id <id>\n"
" [--version] [--help]\n");
fprintf (stderr,
"\n"
" --caller Unique name of caller on the system bus\n"
" --action Requested action\n"
- " --resource-type Type of resource\n"
- " --resource-id Identifier of resource\n"
" --version Show version and exit\n"
" --help Show this information and exit\n"
"\n"
- "Determine if a given caller can access a given resource in a given\n"
- "way. If access is allowed, this program exits with exit code 0. If\n"
- "no access is allowed or an error occurs, the program exits with\n"
- "a non-zero exit code.\n");
+ "Determine if a given caller can do a given action. If access is \n"
+ "allowed, this program exits with exit code 0. If no access is allowed\n"
+ "or an error occurs, the program exits with a non-zero exit code.\n");
}
int
main (int argc, char *argv[])
{
- char *resource_type = NULL;
- char *resource_id = NULL;
char *action_id = NULL;
char *dbus_name = NULL;
gboolean is_version = FALSE;
DBusError error;
PolKitContext *pol_ctx;
PolKitCaller *caller;
- PolKitResource *resource;
PolKitAction *action;
gboolean allowed;
PolKitError *p_error;
int option_index = 0;
const char *opt;
static struct option long_options[] = {
- {"resource-type", 1, NULL, 0},
- {"resource-id", 1, NULL, 0},
{"action", 1, NULL, 0},
{"caller", 1, NULL, 0},
{"version", 0, NULL, 0},
return 0;
} else if (strcmp (opt, "version") == 0) {
is_version = TRUE;
- } else if (strcmp (opt, "resource-type") == 0) {
- resource_type = strdup (optarg);
- } else if (strcmp (opt, "resource-id") == 0) {
- resource_id = strdup (optarg);
} else if (strcmp (opt, "action") == 0) {
action_id = strdup (optarg);
} else if (strcmp (opt, "caller") == 0) {
return 0;
}
- if (resource_type == NULL || resource_id == NULL || action_id == NULL || dbus_name == NULL) {
+ if (action_id == NULL || dbus_name == NULL) {
usage (argc, argv);
return 1;
}
action = polkit_action_new ();
polkit_action_set_action_id (action, action_id);
- resource = polkit_resource_new ();
- polkit_resource_set_resource_type (resource, resource_type);
- polkit_resource_set_resource_id (resource, resource_id);
-
caller = polkit_caller_new_from_dbus_name (bus, dbus_name, &error);
if (caller == NULL) {
if (dbus_error_is_set (&error)) {
}
}
- allowed = polkit_context_can_caller_access_resource (pol_ctx, action, resource, caller);
+ allowed = polkit_context_can_caller_do_action (pol_ctx, action, caller);
if (allowed)
return 0;
"\n"
"usage : polkit-check-session\n"
" [--session <session>] --action <action>\n"
- " --resource-type <type> --resource-id <id>\n"
" [--version] [--help]\n");
fprintf (stderr,
"\n"
" --session ConsoleKit object path of session\n"
" --action Requested action\n"
- " --resource-type Type of resource\n"
- " --resource-id Identifier of resource\n"
" --version Show version and exit\n"
" --help Show this information and exit\n"
"\n"
- "Determine if a given session can access a given resource in a given\n"
- "way. If no session is given, the current session is used. If access\n"
- "is allowed, this program exits with exit code 0. If no access is allowed\n"
+ "Determine if a given callers in a given session can do a given action.\n"
+ "If no session is given, the current session is used. If access is\n"
+ "allowed, this program exits with exit code 0. If no access is allowed\n"
"or an error occurs, the program exits with a non-zero exit code.\n");
}
int
main (int argc, char *argv[])
{
- char *resource_type = NULL;
- char *resource_id = NULL;
char *action_id = NULL;
char *session_id = NULL;
char *cookie = NULL;
DBusError error;
PolKitContext *pol_ctx;
PolKitSession *session;
- PolKitResource *resource;
PolKitAction *action;
gboolean allowed;
PolKitError *p_error;
int option_index = 0;
const char *opt;
static struct option long_options[] = {
- {"resource-type", 1, NULL, 0},
- {"resource-id", 1, NULL, 0},
{"action", 1, NULL, 0},
{"session", 1, NULL, 0},
{"version", 0, NULL, 0},
return 0;
} else if (strcmp (opt, "version") == 0) {
is_version = TRUE;
- } else if (strcmp (opt, "resource-type") == 0) {
- resource_type = strdup (optarg);
- } else if (strcmp (opt, "resource-id") == 0) {
- resource_id = strdup (optarg);
} else if (strcmp (opt, "action") == 0) {
action_id = strdup (optarg);
} else if (strcmp (opt, "session") == 0) {
return 0;
}
- if (resource_type == NULL || resource_id == NULL || action_id == NULL) {
+ if (action_id == NULL) {
usage (argc, argv);
return 1;
}
action = polkit_action_new ();
polkit_action_set_action_id (action, action_id);
- resource = polkit_resource_new ();
- polkit_resource_set_resource_type (resource, resource_type);
- polkit_resource_set_resource_id (resource, resource_id);
-
- allowed = polkit_context_can_session_access_resource (pol_ctx, action, resource, session);
+ allowed = polkit_context_can_session_do_action (pol_ctx, action, session);
if (allowed)
return 0;
"\n"
"usage : polkit-grant\n"
" --action <action>\n"
- " --resource-type <type> --resource-id <id>\n"
" [--version] [--help]\n");
fprintf (stderr,
"\n"
" --action Requested action\n"
- " --resource-type Type of resource\n"
- " --resource-id Identifier of resource\n"
" --version Show version and exit\n"
" --help Show this information and exit\n"
"\n"
main (int argc, char *argv[])
{
char *action_id = NULL;
- char *resource_type = NULL;
- char *resource_id = NULL;
gboolean is_version = FALSE;
DBusConnection *bus;
DBusError error;
PolKitContext *pol_ctx;
PolKitCaller *caller;
PolKitAction *action;
- PolKitResource *resource;
PolKitError *p_error;
PolKitGrant *polkit_grant;
int ret;
const char *opt;
static struct option long_options[] = {
{"action", 1, NULL, 0},
- {"resource-type", 1, NULL, 0},
- {"resource-id", 1, NULL, 0},
{"version", 0, NULL, 0},
{"help", 0, NULL, 0},
{NULL, 0, NULL, 0}
is_version = TRUE;
} else if (strcmp (opt, "action") == 0) {
action_id = strdup (optarg);
- } else if (strcmp (opt, "resource-type") == 0) {
- resource_type = strdup (optarg);
- } else if (strcmp (opt, "resource-id") == 0) {
- resource_id = strdup (optarg);
}
break;
return 0;
}
- if (action_id == NULL || resource_type == NULL || resource_id == NULL) {
+ if (action_id == NULL) {
usage (argc, argv);
goto error;
}
action = polkit_action_new ();
polkit_action_set_action_id (action, action_id);
- resource = polkit_resource_new ();
- polkit_resource_set_resource_type (resource, resource_type);
- polkit_resource_set_resource_id (resource, resource_id);
-
caller = polkit_caller_new_from_dbus_name (bus, dbus_bus_get_unique_name (bus), &error);
if (caller == NULL) {
if (dbus_error_is_set (&error)) {
&ud);
if (!polkit_grant_initiate_auth (polkit_grant,
- action,
- resource,
- caller)) {
+ action,
+ caller)) {
printf ("Failed to initiate privilege grant.\n");
ret = 1;
goto error;