<cmdsynopsis>
<command>polkit-1 check</command>
+ <arg choice="plain"><replaceable>subject</replaceable></arg>
<arg choice="plain"><replaceable>action-id</replaceable></arg>
</cmdsynopsis>
<refsect2>
<para>
<command>polkit-1 check</command>
+ <arg choice="plain"><replaceable>subject</replaceable></arg>
<arg choice="plain"><replaceable>action-id</replaceable></arg>
</para>
<para>
- Checks if the calling process is authorized for <replaceable>action-id</replaceable>.
+ Checks if <replaceable>subject</replaceable> is authorized for <replaceable>action-id</replaceable>.
</para>
</refsect2>
#include "polkitunixgroup.h"
#include "polkitunixprocess.h"
#include "polkitsystembusname.h"
+#include "polkiterror.h"
#include "polkitprivate.h"
static void
}
PolkitSubject *
+polkit_subject_from_string (const gchar *str,
+ GError **error)
+{
+ PolkitSubject *subject;
+ guint64 val;
+ gchar *endptr;
+
+ g_return_val_if_fail (str != NULL, NULL);
+
+ /* TODO: we could do something with VFuncs like in g_icon_from_string() */
+
+ subject = NULL;
+
+ if (g_str_has_prefix (str, "unix-user:"))
+ {
+ val = g_ascii_strtoull (str + sizeof "unix-user:" - 1,
+ &endptr,
+ 10);
+ if (*endptr == '\0')
+ subject = polkit_unix_user_new ((uid_t) val);
+ else
+ subject = polkit_unix_user_new_for_name (str + sizeof "unix-user:" - 1,
+ error);
+ }
+ else if (g_str_has_prefix (str, "unix-group:"))
+ {
+ val = g_ascii_strtoull (str + sizeof "unix-group:" - 1,
+ &endptr,
+ 10);
+ if (*endptr == '\0')
+ subject = polkit_unix_group_new ((gid_t) val);
+ else
+ subject = polkit_unix_group_new_for_name (str + sizeof "unix-group:" - 1,
+ error);
+ }
+ else if (g_str_has_prefix (str, "unix-process:"))
+ {
+ val = g_ascii_strtoull (str + sizeof "unix-process:" - 1,
+ &endptr,
+ 10);
+ if (*endptr == '\0')
+ {
+ subject = polkit_unix_process_new ((pid_t) val);
+ if (polkit_unix_process_get_start_time (POLKIT_UNIX_PROCESS (subject)) == 0)
+ {
+ g_object_unref (subject);
+ subject = NULL;
+ g_set_error (error,
+ POLKIT_ERROR,
+ POLKIT_ERROR_FAILED,
+ "No process with pid %" G_GUINT64_FORMAT,
+ val);
+ }
+ }
+ }
+ else if (g_str_has_prefix (str, "system-bus-name:"))
+ {
+ subject = polkit_system_bus_name_new (str + sizeof "system-bus-name:" - 1);
+ }
+
+ if (subject == NULL && (error != NULL && *error == NULL))
+ {
+ g_set_error (error,
+ POLKIT_ERROR,
+ POLKIT_ERROR_FAILED,
+ "Malformed subject string '%s'",
+ str);
+ }
+
+
+ return subject;
+}
+
+PolkitSubject *
polkit_subject_new_for_real (_PolkitSubject *real)
{
PolkitSubject *s;
gchar * (*to_string) (PolkitSubject *subject);
};
-GType polkit_subject_get_type (void) G_GNUC_CONST;
-gboolean polkit_subject_equal (PolkitSubject *a,
- PolkitSubject *b);
-gchar *polkit_subject_to_string (PolkitSubject *subject);
+GType polkit_subject_get_type (void) G_GNUC_CONST;
+gboolean polkit_subject_equal (PolkitSubject *a,
+ PolkitSubject *b);
+gchar *polkit_subject_to_string (PolkitSubject *subject);
+PolkitSubject *polkit_subject_from_string (const gchar *str,
+ GError **error);
G_END_DECLS
#include <grp.h>
#include "polkitunixgroup.h"
#include "polkitsubject.h"
+#include "polkiterror.h"
#include "polkitprivate.h"
/**
NULL));
}
+PolkitSubject *
+polkit_unix_group_new_for_name (const gchar *name,
+ GError **error)
+{
+ struct group *group;
+ PolkitSubject *subject;
+
+ subject = NULL;
+
+ group = getgrnam (name);
+ if (group == NULL)
+ {
+ g_set_error (error,
+ POLKIT_ERROR,
+ POLKIT_ERROR_FAILED,
+ "No UNIX group with name %s: %m",
+ name);
+ goto out;
+ }
+
+ subject = polkit_unix_group_new (group->gr_gid);
+
+ out:
+ return subject;
+}
+
static gboolean
polkit_unix_group_equal (PolkitSubject *a,
PolkitSubject *b)
#endif
typedef struct _PolkitUnixGroupClass PolkitUnixGroupClass;
-GType polkit_unix_group_get_type (void) G_GNUC_CONST;
-PolkitSubject *polkit_unix_group_new (gid_t gid);
-gid_t polkit_unix_group_get_gid (PolkitUnixGroup *group);
-void polkit_unix_group_set_gid (PolkitUnixGroup *group,
- gid_t gid);
+GType polkit_unix_group_get_type (void) G_GNUC_CONST;
+PolkitSubject *polkit_unix_group_new (gid_t gid);
+PolkitSubject *polkit_unix_group_new_for_name (const gchar *name,
+ GError **error);
+gid_t polkit_unix_group_get_gid (PolkitUnixGroup *group);
+void polkit_unix_group_set_gid (PolkitUnixGroup *group,
+ gid_t gid);
G_END_DECLS
#include <pwd.h>
#include "polkitunixuser.h"
#include "polkitsubject.h"
+#include "polkiterror.h"
#include "polkitprivate.h"
/**
NULL));
}
+PolkitSubject *
+polkit_unix_user_new_for_name (const gchar *name,
+ GError **error)
+{
+ struct passwd *passwd;
+ PolkitSubject *subject;
+
+ subject = NULL;
+
+ passwd = getpwnam (name);
+ if (passwd == NULL)
+ {
+ g_set_error (error,
+ POLKIT_ERROR,
+ POLKIT_ERROR_FAILED,
+ "No UNIX user with name %s: %m",
+ name);
+ goto out;
+ }
+
+ subject = polkit_unix_user_new (passwd->pw_uid);
+
+ out:
+ return subject;
+}
+
static gboolean
polkit_unix_user_equal (PolkitSubject *a,
PolkitSubject *b)
#endif
typedef struct _PolkitUnixUserClass PolkitUnixUserClass;
-GType polkit_unix_user_get_type (void) G_GNUC_CONST;
-PolkitSubject *polkit_unix_user_new (uid_t uid);
-uid_t polkit_unix_user_get_uid (PolkitUnixUser *user);
-void polkit_unix_user_set_uid (PolkitUnixUser *user,
- uid_t uid);
+GType polkit_unix_user_get_type (void) G_GNUC_CONST;
+PolkitSubject *polkit_unix_user_new (uid_t uid);
+PolkitSubject *polkit_unix_user_new_for_name (const gchar *name,
+ GError **error);
+uid_t polkit_unix_user_get_uid (PolkitUnixUser *user);
+void polkit_unix_user_set_uid (PolkitUnixUser *user,
+ uid_t uid);
G_END_DECLS
static gboolean opt_list_groups = FALSE;
static gboolean opt_list_authorizations = FALSE;
static gboolean opt_list_explicit_authorizations = FALSE;
+static gboolean opt_check = FALSE;
static gboolean opt_show_help = FALSE;
static gboolean opt_show_version = FALSE;
static gboolean opt_verbose = FALSE;
-static PolkitSubject *subject;
+static PolkitSubject *subject = NULL;
+
+static gchar *action_id = NULL;
static gboolean list_actions (void);
static gboolean list_users (void);
int
main (int argc, char *argv[])
{
- gboolean ret;
gint n;
+ gboolean ret;
gboolean in_list;
+ GError *error;
ret = FALSE;
+ error = NULL;
g_type_init ();
goto out;
}
- subject = NULL; //polkit_subject_from_string (argv[n]);
+ subject = polkit_subject_from_string (argv[n], &error);
if (subject == NULL)
{
- g_printerr ("Malformed subject identifier '%s'", argv[n]);
+ g_printerr ("Error parsing subject: %s\n", error->message);
+ g_error_free (error);
goto out;
}
in_list = TRUE;
continue;
}
+ else if (strcmp (argv[n], "check") == 0)
+ {
+ opt_check = TRUE;
+
+ n++;
+ if (n >= argc)
+ {
+ usage (argc, argv);
+ goto out;
+ }
+
+ subject = polkit_subject_from_string (argv[n], &error);
+ if (subject == NULL)
+ {
+ g_printerr ("Error parsing subject: %s\n", error->message);
+ g_error_free (error);
+ goto out;
+ }
+
+ n++;
+ if (n >= argc)
+ {
+ usage (argc, argv);
+ goto out;
+ }
+
+ action_id = g_strdup (argv[n++]);
+ }
else if (strcmp (argv[n], "--help") == 0)
{
opt_show_help = TRUE;
{
ret = list_groups ();
}
+ else if (opt_check)
+ {
+ g_print ("subject '%s' action-id '%s'\n", polkit_subject_to_string (subject), action_id);
+ g_assert (FALSE);
+ }
else
{
usage (argc, argv);
if (subject != NULL)
g_object_unref (subject);
+ g_free (action_id);
+
return ret ? 0 : 1;
}