## Process this file with automake to produce Makefile.in
-SUBDIRS = data polkit polkit-dbus polkit-grant modules doc tools policy
+SUBDIRS = data polkit polkit-dbus polkit-grant doc tools policy
# Creating ChangeLog from git log (taken from cairo/Makefile.am):
ChangeLog: $(srcdir)/ChangeLog
doc/spec/polkit-spec.xml.in
doc/man/Makefile
policy/Makefile
-modules/Makefile
-modules/default/Makefile
-modules/allow-all/Makefile
-modules/deny-all/Makefile
-modules/run-program/Makefile
-modules/grant/Makefile
])
dnl ==========================================================================
if MAN_PAGES_ENABLED
-MAN_IN_FILES = polkit-check-caller.1.in polkit-check-session.1.in polkit-policy-file-validate.1.in PolicyKit.8.in polkit-module-default.8.in polkit-module-allow-all.8.in polkit-module-deny-all.8.in polkit-module-run-program.8.in polkit-module-builtins.8.in
+MAN_IN_FILES = polkit-check-caller.1.in polkit-check-session.1.in polkit-policy-file-validate.1.in PolicyKit.8.in
man_MANS = $(MAN_IN_FILES:.in=)
edit = sed \
-e 's|@docdir[@]|$(docdir)|g' \
-e 's|@sbindir[@]|$(sbindir)|g' \
- -e 's|@sysconfdir[@]|$(sysconfdir)|g'
+ -e 's|@sysconfdir[@]|$(sysconfdir)|g' \
+ -e 's|@datadir[@]|$(datadir)|g'
+++ /dev/null
-.\"
-.\" polkit-module-allow-all manual page.
-.\" Copyright (C) 2007 David Zeuthen <david@fubar.dk>
-.\"
-.TH POLKIT-MODULE-ALLOW-ALL 8
-.SH NAME
-polkit-module-allow-all \- permit any action
-.SH SYNOPSIS
-.PP
-.B polkit-module-allow-all.so
-.SH DESCRIPTION
-.PP
-This PolicyKit module will permit any action regardless of the entity
-requesting it, what the requested action is and what resource is
-involved.
-
-For more information about the big picture refer to the \fIPolicyKit
-spec\fP which can be found in
-.I "@docdir@/spec/polkit-spec.html"
-depending on the distribution.
-
-.SH OPTIONS
-This module does not require nor recognize any options.
-
-.SH NOTES
-.PP
-Never use this module unless you
-.B COMPLETELY
-trust anyone with either remote or local access to the system, or you
-have confined the module using built-in options.
-
-.SH BUGS
-.PP
-Please send bug reports to either the distribution or the HAL
-mailing list, see
-.I "http://lists.freedesktop.org/mailman/listinfo/hal"
-on how to subscribe.
-
-.SH SEE ALSO
-.PP
-\&\fIPolicyKit\fR\|(8),
-\&\fIpolkit-module-builtins\fR\|(8),
-\&\fIpolkit-module-default\fR\|(8),
-\&\fIpolkit-module-deny-all\fR\|(8),
-\&\fIpolkit-module-run-program\fR\|(8),
-\&\fI@sysconfdir@/PolicyKit/policy\fR\|,
-\&\fI@sysconfdir@/PolicyKit/PolicyKit.conf\fR\|
-
-.SH AUTHOR
-Written by David Zeuthen <david@fubar.dk> with a lot of help from many
-others.
+++ /dev/null
-.\"
-.\" polkit-module-builtins manual page.
-.\" Copyright (C) 2007 David Zeuthen <david@fubar.dk>
-.\"
-.TH POLKIT-MODULE-BUILTINS 8
-.SH NAME
-polkit-module-builtins \- options that apply to any PolicyKit module
-.SH SYNOPSIS
-.PP
-.B any-module.so [action=<regexp>] [user=<username> ...]
-.SH DESCRIPTION
-.PP
-This manual page describes options that can be used for any PolicyKit
-module to confine what requests it should deal with.
-
-For more information about the big picture refer to the \fIPolicyKit
-spec\fP which can be found in
-.I "@docdir@/spec/polkit-spec.html"
-depending on the distribution.
-
-.SH OPTIONS
-
-.TP 3n
-.B action=<regexp>
-Only consider requests where the action name matches the given
-regular expression. Example:
-.B action=hal-storage-mount*
-
-.TP 3n
-.B user=<username>
-Only consider requests matching the given username. May be both a
-numerical
-.B uid
-value or a username. This option can be used multiple times to specify
-multiple users. Example:
-.B user=davidz user=bateman
-
-.SH BUGS
-.PP
-Please send bug reports to either the distribution or the HAL
-mailing list, see
-.I "http://lists.freedesktop.org/mailman/listinfo/hal"
-on how to subscribe.
-
-.SH SEE ALSO
-.PP
-\&\fIPolicyKit\fR\|(8),
-\&\fIpolkit-module-default\fR\|(8),
-\&\fIpolkit-module-deny-all\fR\|(8),
-\&\fI@sysconfdir@/PolicyKit/policy\fR\|,
-\&\fI@sysconfdir@/PolicyKit/PolicyKit.conf\fR\|
-
-.SH AUTHOR
-Written by David Zeuthen <david@fubar.dk> with a lot of help from many
-others.
+++ /dev/null
-.\"
-.\" polkit-module-default manual page.
-.\" Copyright (C) 2007 David Zeuthen <david@fubar.dk>
-.\"
-.TH POLKIT-MODULE-DEFAULT 8
-.SH NAME
-polkit-module-default \- use default policy for actions
-.SH SYNOPSIS
-.PP
-.B standard polkit-module-default.so
-.SH DESCRIPTION
-.PP
-This PolicyKit module uses the default policy as specified (and
-required) for by the policy definition file for a given action.
-
-For more information about the big picture refer to the \fIPolicyKit
-spec\fP which can be found in
-.I "@docdir@/spec/polkit-spec.html"
-depending on the distribution.
-
-.SH BUGS
-.PP
-Please send bug reports to either the distribution or the HAL
-mailing list, see
-.I "http://lists.freedesktop.org/mailman/listinfo/hal"
-on how to subscribe.
-
-.SH SEE ALSO
-.PP
-\&\fIPolicyKit\fR\|(8),
-\&\fIpolkit-module-allow-all\fR\|(8),
-\&\fIpolkit-module-deny-all\fR\|(8),
-\&\fI@sysconfdir@/PolicyKit/policy\fR\|,
-\&\fI@sysconfdir@/PolicyKit/PolicyKit.conf\fR\|
-
-.SH AUTHOR
-Written by David Zeuthen <david@fubar.dk> with a lot of help from many
-others.
-
+++ /dev/null
-.\"
-.\" polkit-module-deny-all manual page.
-.\" Copyright (C) 2007 David Zeuthen <david@fubar.dk>
-.\"
-.TH POLKIT-MODULE-DENY-ALL 8
-.SH NAME
-polkit-module-deny-all \- deny any action
-.SH SYNOPSIS
-.PP
-.B polkit-module-deny-all.so
-.SH DESCRIPTION
-.PP
-This PolicyKit module will deny any action regardless of the entity
-requesting it, what the requested action is and what resource is
-involved.
-
-For more information about the big picture refer to the \fIPolicyKit
-spec\fP which can be found in
-.I "@docdir@/spec/polkit-spec.html"
-depending on the distribution.
-
-.SH OPTIONS
-This module does not require nor recognize any options.
-
-.SH NOTES
-.PP
-Unless confined using built-in options, this module is only useful
-in situations where it's desirable to lock down the system so it's
-unusable by normal unprivileged users.
-
-.SH BUGS
-.PP
-Please send bug reports to either the distribution or the HAL
-mailing list, see
-.I "http://lists.freedesktop.org/mailman/listinfo/hal"
-on how to subscribe.
-
-.SH SEE ALSO
-.PP
-\&\fIPolicyKit\fR\|(8),
-\&\fIpolkit-module-builtins\fR\|(8),
-\&\fIpolkit-module-default\fR\|(8),
-\&\fIpolkit-module-allow-all\fR\|(8),
-\&\fIpolkit-module-run-program\fR\|(8),
-\&\fI@sysconfdir@/PolicyKit/policy\fR\|,
-\&\fI@sysconfdir@/PolicyKit/PolicyKit.conf\fR\|
-
-.SH AUTHOR
-Written by David Zeuthen <david@fubar.dk> with a lot of help from many
-others.
+++ /dev/null
-.\"
-.\" polkit-module-run-program manual page.
-.\" Copyright (C) 2007 David Zeuthen <david@fubar.dk>
-.\"
-.TH POLKIT-MODULE-RUN-PROGRAM 8
-.SH NAME
-polkit-module-run-program \- determine policy by running a program
-.SH SYNOPSIS
-.PP
-.HP 31
-\fBpolkit-module-run-program.so\fR program=\fI<program>\fR
-.SH DESCRIPTION
-.PP
-This PolicyKit module will run a program every time an action is
-requested. For more information about the big picture refer to the
-\fIPolicyKit spec\fP which can be found in
-.I "@docdir@/spec/polkit-spec.html"
-depending on the distribution.
-
-.SH OPTIONS
-
-.TP 3n
-.B program=<program>
-Absolute path to program to run; this is a mandatory option. Examples:
-.B program=/usr/bin/my-program
-or
-.B program="/path/to/program --foo --bar"
-
-.SH DESCRIPTION
-This module will invoke the given program and will export a minimal
-environment with values identifying the request. The program
-.B SHOULD NOT
-have any side effects; it is only invoked to make a decision - not to
-alter state on the system. Further, the program is not guaranteed to
-run as
-.B uid 0
-(e.g. root); it is effectively invoked by a mechanism (such as
-\fBhald\fR(7)) that may run as an unprivileged system user.
-
-.PP
-If the program fails to run or exits with a non-zero exit code, it
-means that the request is denied (same as returning
-.B no
-- see below). If the program exits with exit code 0,
-.I stdout
-of the program is examined to determine the result of the decision
-(these values map directly to the possible values in the
-.I PolKitResult
-enumeration):
-
-.I
-.TP
-.B unknown
-The passed action is unknown.
-.TP
-.B not_authorized
-The mechanism / caller (e.g. the program using
-.I libpolkit
-that loads this module) is not sufficiently privileged to know the
-answer.
-.TP
-.B no
-Access denied.
-.TP
-.B auth_root
-Access denied, but authentication of the caller as root will grant
-access to only that caller.
-.TP
-.B auth_root_keep_session
-Access denied, but authentication of the caller as root will grant
-access for the remainder of the session the caller stems from.
-.TP
-.B auth_root_keep_always
-Access denied, but authentication of the caller as root will grant
-access to the user of the caller in the future.
-.TP
-.B auth_self
-Access denied, but authentication of the caller as himself will grant
-access to only that caller.
-.TP
-.B auth_self_keep_session
-Access denied, but authentication of the caller as himself will grant
-access for the remainder of the session the caller stems from.
-.TP
-.B auth_self_keep_always
-Access denied, but authentication of the caller as himself will grant
-access to the user of the caller in the future.
-.TP
-.B yes
-Access granted.
-
-.PP
-For a request concerning decisions for calls via the system message
-bus daemon, the environment will contain:
-
-.TP
-.B POLKIT_REQUEST_CALLER=1
-To identify the request to be concerning a decision about a caller on
-the system message bus.
-.TP
-.B POLKIT_ACTION_ID
-An identifier for the action
-.TP
-.B POLKIT_RESOURCE_ID
-Resource identifier
-.TP
-.B POLKIT_RESOURCE_TYPE
-Resource type
-.TP
-.B POLKIT_CALLER_UID
-UNIX user id of the caller
-.TP
-.B POLKIT_CALLER_DBUS_NAME
-Unique name of the caller on the system message bus
-.TP
-.B POLKIT_CALLER_PID
-UNIX process id of the caller
-.TP
-.B POLKIT_CALLER_SELINUX_CONTEXT
-SELinux security context of the caller (only set if SELinux is enabled)
-.TP
-.B POLKIT_SESSION_CK_IS_ACTIVE
-Whether ConsoleKit regards the session as active (only set if the caller belong to a session)
-.TP
-.B POLKIT_SESSION_CK_IS_LOCAL
-Whether ConsoleKit regards the session as local (only set if the caller belong to a session)
-.TP
-.B POLKIT_SESSION_CK_OBJREF
-ConsoleKit session D-Bus object reference (only set if the caller belong to a session)
-.TP
-.B POLKIT_SESSION_UID
-UNIX user ID of the user owning the session (only set if the caller belong to a session)
-.TP
-.B POLKIT_SEAT_CK_OBJREF
-ConsoleKit seat D-Bus object reference of the seat that the session belongs to (only set if the caller belong to a session)
-
-.PP
-For a request concerning session-wide decisions the environment will
-contain:
-
-.TP
-.B POLKIT_REQUEST_SESSION=1
-To identify the request to be session-wide.
-.TP
-.B POLKIT_ACTION_ID
-An identifier for the action
-.TP
-.B POLKIT_RESOURCE_ID
-Resource identifier
-.TP
-.B POLKIT_RESOURCE_TYPE
-Resource type
-.TP
-.B POLKIT_SESSION_CK_IS_ACTIVE
-Whether ConsoleKit regards the session as active
-.TP
-.B POLKIT_SESSION_CK_IS_LOCAL
-Whether ConsoleKit regards the session as local
-.TP
-.B POLKIT_SESSION_CK_OBJREF
-ConsoleKit session D-Bus object reference
-.TP
-.B POLKIT_SESSION_UID
-UNIX user ID of the user owning the session
-.TP
-.B POLKIT_SEAT_CK_OBJREF
-ConsoleKit seat D-Bus object reference of the seat that the session belongs to
-
-.SH NOTES
-.PP
-As PolicyKit modules are heavily used to enforce policy, running a
-program on every request may put unneccessary load on the system
-unless judicious use of built-in options to confine the module are
-employed.
-
-.SH BUGS
-.PP
-Please send bug reports to either the distribution or the HAL
-mailing list, see
-.I "http://lists.freedesktop.org/mailman/listinfo/hal"
-on how to subscribe.
-
-.SH SEE ALSO
-.PP
-\&\fIPolicyKit\fR\|(8),
-\&\fIhald\fR\|(8),
-\&\fIdbus-daemon\fR\|(1),
-\&\fIpolkit-module-builtins\fR\|(8),
-\&\fIpolkit-module-default\fR\|(8),
-\&\fIpolkit-module-allow-all\fR\|(8),
-\&\fIpolkit-module-deny-all\fR\|(8),
-\&\fI@sysconfdir@/PolicyKit/policy\fR\|,
-\&\fI@sysconfdir@/PolicyKit/PolicyKit.conf\fR\|
-
-.SH AUTHOR
-Written by David Zeuthen <david@fubar.dk> with a lot of help from many
-others.
\fIpolkit-policy-file-validate\fP is used to validate PolicyKit
policy definition files. These are normally stored in the
-.I "@sysconfdir@/PolicyKit/policy"
+.I "@datadir@/PolicyKit/policy"
directory. For more information about the big picture
refer to the \fIPolicyKit spec\fP which can be found in
.I "@docdir@/spec/polkit-spec.html"
+++ /dev/null
-
-SUBDIRS = default allow-all deny-all run-program grant
-
-polkitconfdir = $(sysconfdir)/PolicyKit
-dist_polkitconf_DATA = PolicyKit.conf
+++ /dev/null
-# PolicyKit modules - see PolicyKit(8)
-#
-# NOTE: Changes made to this file may be applied instantly
-
-advise polkit-module-default.so
-advise polkit-module-grant.so
+++ /dev/null
-## Process this file with automake to produce Makefile.in
-
-INCLUDES = \
- -I$(top_builddir) -I$(top_srcdir) \
- -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
- -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
- -DPACKAGE_DATA_DIR=\""$(datadir)"\" \
- -DPACKAGE_BIN_DIR=\""$(bindir)"\" \
- -DPACKAGE_LOCALSTATEDIR=\""$(localstatedir)"\" \
- -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \
- -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \
- @DBUS_CFLAGS@
-
-polkitmoduledir = $(libdir)/PolicyKit/modules
-polkitmodule_LTLIBRARIES = \
- polkit-module-allow-all.la \
- $(NULL)
-
-
-polkit_module_allow_all_la_SOURCES = polkit-module-allow-all.c
-polkit_module_allow_all_la_LDFLAGS = -no-undefined -module -avoid-version
-polkit_module_allow_all_la_LIBADD = $(top_builddir)/polkit/libpolkit.la
-
-clean-local :
- rm -f *~
+++ /dev/null
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-module-allow-all.c : PolicyKit module that says YES to everything
- *
- * Copyright (C) 2007 David Zeuthen, <david@fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stddef.h>
-#include <polkit/polkit.h>
-
-/* The symbol that polkit looks up when loading this module */
-polkit_bool_t polkit_module_set_functions (PolKitModuleInterface *module_interface);
-
-static polkit_bool_t
-_module_init (PolKitModuleInterface *module_interface, int argc, char *argv[])
-{
- return TRUE;
-}
-
-static void
-_module_shutdown (PolKitModuleInterface *module_interface)
-{
-}
-
-static PolKitResult
-_module_can_session_do_action (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitSession *session)
-{
- return POLKIT_RESULT_YES;
-}
-
-static PolKitResult
-_module_can_caller_do_action (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitCaller *caller)
-{
- return POLKIT_RESULT_YES;
-}
-
-polkit_bool_t
-polkit_module_set_functions (PolKitModuleInterface *module_interface)
-{
- polkit_bool_t ret;
-
- ret = FALSE;
- if (module_interface == NULL)
- goto out;
-
- polkit_module_set_func_initialize (module_interface, _module_init);
- polkit_module_set_func_shutdown (module_interface, _module_shutdown);
- polkit_module_set_func_can_session_do_action (module_interface, _module_can_session_do_action);
- polkit_module_set_func_can_caller_do_action (module_interface, _module_can_caller_do_action);
-
- ret = TRUE;
-out:
- return ret;
-}
+++ /dev/null
-## Process this file with automake to produce Makefile.in
-
-INCLUDES = \
- -I$(top_builddir) -I$(top_srcdir) \
- -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
- -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
- -DPACKAGE_DATA_DIR=\""$(datadir)"\" \
- -DPACKAGE_BIN_DIR=\""$(bindir)"\" \
- -DPACKAGE_LOCALSTATEDIR=\""$(localstatedir)"\" \
- -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \
- -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \
- @DBUS_CFLAGS@
-
-polkitmoduledir = $(libdir)/PolicyKit/modules
-polkitmodule_LTLIBRARIES = \
- polkit-module-default.la \
- $(NULL)
-
-
-polkit_module_default_la_SOURCES = polkit-module-default.c
-polkit_module_default_la_LDFLAGS = -no-undefined -module -avoid-version
-polkit_module_default_la_LIBADD = $(top_builddir)/polkit/libpolkit.la
-
-clean-local :
- rm -f *~
+++ /dev/null
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-module-default.c : PolicyKit module for default policy
- *
- * Copyright (C) 2007 David Zeuthen, <david@fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stddef.h>
-#include <polkit/polkit.h>
-
-/* The symbol that polkit looks up when loading this module */
-polkit_bool_t polkit_module_set_functions (PolKitModuleInterface *module_interface);
-
-static polkit_bool_t
-_module_init (PolKitModuleInterface *module_interface,
- int argc,
- char *argv[])
-{
- return TRUE;
-}
-
-static void
-_module_shutdown (PolKitModuleInterface *module_interface)
-{
-}
-
-static PolKitResult
-_module_can_session_do_action (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitSession *session)
-{
- PolKitResult result;
- PolKitPolicyCache *cache;
- PolKitPolicyFileEntry *pfe;
-
- result = POLKIT_RESULT_NO;
- cache = polkit_context_get_policy_cache (pk_context);
- pfe = polkit_policy_cache_get_entry (cache, action);
- return polkit_policy_default_can_session_do_action (polkit_policy_file_entry_get_default (pfe),
- action,
- session);
-}
-
-static PolKitResult
-_module_can_caller_do_action (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitCaller *caller)
-{
- PolKitResult result;
- PolKitPolicyCache *cache;
- PolKitPolicyFileEntry *pfe;
-
- result = POLKIT_RESULT_NO;
- cache = polkit_context_get_policy_cache (pk_context);
- pfe = polkit_policy_cache_get_entry (cache, action);
- return polkit_policy_default_can_caller_do_action (polkit_policy_file_entry_get_default (pfe),
- action,
- caller);
-}
-
-polkit_bool_t
-polkit_module_set_functions (PolKitModuleInterface *module_interface)
-{
- polkit_bool_t ret;
-
- ret = FALSE;
- if (module_interface == NULL)
- goto out;
-
- polkit_module_set_func_initialize (module_interface, _module_init);
- polkit_module_set_func_shutdown (module_interface, _module_shutdown);
- polkit_module_set_func_can_session_do_action (module_interface, _module_can_session_do_action);
- polkit_module_set_func_can_caller_do_action (module_interface, _module_can_caller_do_action);
-
- ret = TRUE;
-out:
- return ret;
-}
+++ /dev/null
-## Process this file with automake to produce Makefile.in
-
-INCLUDES = \
- -I$(top_builddir) -I$(top_srcdir) \
- -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
- -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
- -DPACKAGE_DATA_DIR=\""$(datadir)"\" \
- -DPACKAGE_BIN_DIR=\""$(bindir)"\" \
- -DPACKAGE_LOCALSTATEDIR=\""$(localstatedir)"\" \
- -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \
- -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \
- @DBUS_CFLAGS@
-
-polkitmoduledir = $(libdir)/PolicyKit/modules
-polkitmodule_LTLIBRARIES = \
- polkit-module-deny-all.la \
- $(NULL)
-
-
-polkit_module_deny_all_la_SOURCES = polkit-module-deny-all.c
-polkit_module_deny_all_la_LDFLAGS = -no-undefined -module -avoid-version
-polkit_module_deny_all_la_LIBADD = $(top_builddir)/polkit/libpolkit.la
-
-clean-local :
- rm -f *~
+++ /dev/null
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-module-allow-all.c : PolicyKit module that says NO to everything
- *
- * Copyright (C) 2007 David Zeuthen, <david@fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <stddef.h>
-#include <polkit/polkit.h>
-
-/* The symbol that polkit looks up when loading this module */
-polkit_bool_t polkit_module_set_functions (PolKitModuleInterface *module_interface);
-
-static polkit_bool_t
-_module_init (PolKitModuleInterface *module_interface, int argc, char *argv[])
-{
- return TRUE;
-}
-
-static void
-_module_shutdown (PolKitModuleInterface *module_interface)
-{
-}
-
-static PolKitResult
-_module_can_session_do_action (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitSession *session)
-{
- return POLKIT_RESULT_NO;
-}
-
-static PolKitResult
-_module_can_caller_do_action (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitCaller *caller)
-{
- return POLKIT_RESULT_NO;
-}
-
-polkit_bool_t
-polkit_module_set_functions (PolKitModuleInterface *module_interface)
-{
- polkit_bool_t ret;
-
- ret = FALSE;
- if (module_interface == NULL)
- goto out;
-
- polkit_module_set_func_initialize (module_interface, _module_init);
- polkit_module_set_func_shutdown (module_interface, _module_shutdown);
- polkit_module_set_func_can_session_do_action (module_interface, _module_can_session_do_action);
- polkit_module_set_func_can_caller_do_action (module_interface, _module_can_caller_do_action);
-
- ret = TRUE;
-out:
- return ret;
-}
+++ /dev/null
-## Process this file with automake to produce Makefile.in
-
-INCLUDES = \
- -I$(top_builddir) -I$(top_srcdir) \
- -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
- -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
- -DPACKAGE_DATA_DIR=\""$(datadir)"\" \
- -DPACKAGE_BIN_DIR=\""$(bindir)"\" \
- -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \
- -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \
- -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \
- @GLIB_CFLAGS@ @DBUS_CFLAGS@
-
-polkitmoduledir = $(libdir)/PolicyKit/modules
-polkitmodule_LTLIBRARIES = \
- polkit-module-grant.la \
- $(NULL)
-
-
-polkit_module_grant_la_SOURCES = polkit-module-grant.c
-polkit_module_grant_la_LDFLAGS = -no-undefined -module -avoid-version
-polkit_module_grant_la_LIBADD = $(top_builddir)/polkit/libpolkit.la @GLIB_LIBS@ $(top_builddir)/polkit-grant/libpolkit-grant-private.la
-
-clean-local :
- rm -f *~
+++ /dev/null
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-module-grant.c : determine policy by looking at grants
- *
- * Copyright (C) 2007 David Zeuthen, <david@fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#define _GNU_SOURCE
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <polkit/polkit.h>
-#include <glib.h>
-
-/* The symbol that polkit looks up when loading this module */
-polkit_bool_t polkit_module_set_functions (PolKitModuleInterface *module_interface);
-
-static polkit_bool_t
-_module_init (PolKitModuleInterface *module_interface, int argc, char *argv[])
-{
- return TRUE;
-}
-
-static void
-_module_shutdown (PolKitModuleInterface *module_interface)
-{
-}
-
-
-
-static PolKitResult
-_module_can_session_do_action (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitSession *session)
-{
- return POLKIT_RESULT_UNKNOWN_ACTION;
-}
-
-static PolKitResult
-_module_can_caller_do_action (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitCaller *caller)
-{
- return _polkit_grantdb_check_can_caller_do_action (pk_context, action, caller);
-
-#if 0
- char *grant_file;
- PolKitSession *session;
- PolKitResult result;
-
- result = POLKIT_RESULT_UNKNOWN_ACTION;
-
- /* file format:
- *
- * file: /var/[lib,run]/PolicyKit/grant/<action-name>.grant
- *
- * contents:
- * <uid1>[ <session-objpath>]\n # only makes sense for run
- * <uid2>\n
- * ...
- *
- * - run is used for temporarily granted privileges
- * - lib is used for permanently granted privileges
- *
- * FHS guarantees that the files /var/run/PolicyKit are
- * deleted upon reboots so we just need to ensure that
- * ConsoleKit session id's are unique per system (TODO: Ask Jon
- * to make ConsoleKit guarantee this).
- */
-
- uid_t invoking_user_id;
- char *action_name;
- char *session_objpath;
- const char *session_name;
- char *resource_type;
- char *resource_id;
- char *resource_str_to_hash;
- char *dbus_name;
- guint resource_hash;
-
- if (!polkit_action_get_action_id (action, &action_name))
- goto out;
- if (!polkit_caller_get_uid (caller, &invoking_user_id))
- goto out;
-
- if (resource == NULL) {
- resource_type = "";
- resource_id = "";
- } else {
- if (!polkit_resource_get_resource_type (resource, &resource_type))
- goto out;
- if (!polkit_resource_get_resource_id (resource, &resource_id))
- goto out;
- }
-
- session_name = NULL;
- if (!polkit_caller_get_ck_session (caller, &session))
- goto out;
- if (!polkit_caller_get_dbus_name (caller, &dbus_name))
- goto out;
- if (session == NULL) {
- session_objpath = NULL;
- session_name = NULL;
- } else {
- if (!polkit_session_get_ck_objref (session, &session_objpath))
- goto out;
- session_name = g_basename (session_objpath);
- }
-
- resource_str_to_hash = g_strdup_printf ("%s:%s", resource_type, resource_id);
- resource_hash = g_str_hash (resource_str_to_hash);
- g_free (resource_str_to_hash);
-
- /* TODO: FIXME: XXX: this format of storing granted privileges needs be redone
- *
- * this concerns these two files
- * - polkit-grant/polkit-grant-helper.c
- * - modules/grant/polkit-module-grant.c
- */
-
- /*
- * /var/lib/PolicyKit/uid_<uid>_<action>_<resource-hash>.grant
- * uid_<uid>_<action>.grant
- *
- * /var/run/PolicyKit/session_<session>_<uid>_<action>_<resource-hash>.grant
- * session_<session>_<uid>_<action>.grant
- * dbus_<dbusname>_<uid>_<action>_<resource-hash>.grant
- */
-
- if (dbus_name == NULL)
- dbus_name = "";
-
- grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit/dbus_%s_%d_%s_%u.grant",
- dbus_name, invoking_user_id, action_name, resource_hash);
-
- fprintf (stdout, "testing for file '%s'\n", grant_file);
-
- if (g_file_test (grant_file, G_FILE_TEST_EXISTS)) {
- result = POLKIT_RESULT_YES;
- g_free (grant_file);
- goto out;
- }
- g_free (grant_file);
-
- if (session_name != NULL) {
- grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit/session_%s_%d_%s_%u.grant",
- session_name, invoking_user_id, action_name, resource_hash);
- if (g_file_test (grant_file, G_FILE_TEST_EXISTS)) {
- result = POLKIT_RESULT_YES;
- g_free (grant_file);
- goto out;
- }
- g_free (grant_file);
- }
-
- grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit/uid_%d_%s_%u.grant",
- invoking_user_id, action_name, resource_hash);
- if (g_file_test (grant_file, G_FILE_TEST_EXISTS)) {
- result = POLKIT_RESULT_YES;
- g_free (grant_file);
- goto out;
- }
- g_free (grant_file);
-#endif
-}
-
-polkit_bool_t
-polkit_module_set_functions (PolKitModuleInterface *module_interface)
-{
- polkit_bool_t ret;
-
- ret = FALSE;
- if (module_interface == NULL)
- goto out;
-
- polkit_module_set_func_initialize (module_interface, _module_init);
- polkit_module_set_func_shutdown (module_interface, _module_shutdown);
- polkit_module_set_func_can_session_do_action (module_interface, _module_can_session_do_action);
- polkit_module_set_func_can_caller_do_action (module_interface, _module_can_caller_do_action);
-
- ret = TRUE;
-out:
- return ret;
-}
+++ /dev/null
-## Process this file with automake to produce Makefile.in
-
-INCLUDES = \
- -I$(top_builddir) -I$(top_srcdir) \
- -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \
- -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \
- -DPACKAGE_DATA_DIR=\""$(datadir)"\" \
- -DPACKAGE_BIN_DIR=\""$(bindir)"\" \
- -DPACKAGE_LOCALSTATEDIR=\""$(localstatedir)"\" \
- -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \
- -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \
- @GLIB_CFLAGS@ @DBUS_CFLAGS@
-
-polkitmoduledir = $(libdir)/PolicyKit/modules
-polkitmodule_LTLIBRARIES = \
- polkit-module-run-program.la \
- $(NULL)
-
-
-polkit_module_run_program_la_SOURCES = polkit-module-run-program.c
-polkit_module_run_program_la_LDFLAGS = -no-undefined -module -avoid-version
-polkit_module_run_program_la_LIBADD = $(top_builddir)/polkit/libpolkit.la @GLIB_LIBS@
-
-clean-local :
- rm -f *~
+++ /dev/null
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-module-run-program.c : determine policy by running a program
- *
- * Copyright (C) 2007 David Zeuthen, <david@fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#include <polkit/polkit.h>
-#include <glib.h>
-
-/* The symbol that polkit looks up when loading this module */
-polkit_bool_t polkit_module_set_functions (PolKitModuleInterface *module_interface);
-
-typedef struct {
- int program_argc;
- char **program_argv;
-} UserData;
-
-static polkit_bool_t
-_module_init (PolKitModuleInterface *module_interface, int argc, char *argv[])
-{
- int n;
- UserData *user_data;
-
- user_data = g_new0 (UserData, 1);
- for (n = 1; n < argc; n++) {
- if (g_str_has_prefix (argv[n], "program=")) {
- const char *program;
- program = argv[n] + 8;
-
- if (!g_shell_parse_argv (program,
- &user_data->program_argc,
- &user_data->program_argv, NULL)) {
- g_warning ("Cannot parse '%s' - skipping", program);
- goto error;
- }
-
- if (!g_file_test (user_data->program_argv[0],
- G_FILE_TEST_IS_EXECUTABLE|G_FILE_TEST_IS_REGULAR)) {
- g_warning ("Program '%s' is not an executable file - skipping",
- user_data->program_argv[0]);
- goto error;
- }
-
- g_debug ("program = '%s'", user_data->program_argv[0]);
-
- /* TODO:
- * O_o o_O... we could monitor the executable file :-) and trigger config changes!
- */
- }
- }
-
- if (user_data->program_argv == NULL)
- goto error;
-
- polkit_module_set_user_data (module_interface, user_data);
-
- return TRUE;
-error:
- if (user_data->program_argv != NULL)
- g_strfreev (user_data->program_argv);
- g_free (user_data);
- return FALSE;
-}
-
-static void
-_module_shutdown (PolKitModuleInterface *module_interface)
-{
- UserData *user_data;
- user_data = polkit_module_get_user_data (module_interface);
- if (user_data != NULL) {
- if (user_data->program_argv != NULL)
- g_strfreev (user_data->program_argv);
- g_free (user_data);
- }
-}
-
-static polkit_bool_t
-_add_action_to_env (PolKitAction *action, GPtrArray *envp)
-{
- char *p_id;
- if (!polkit_action_get_action_id (action, &p_id))
- goto error;
- g_ptr_array_add (envp, g_strdup_printf ("POLKIT_ACTION_ID=%s", p_id));
- return TRUE;
-error:
- return FALSE;
-}
-
-static polkit_bool_t
-_add_seat_to_env (PolKitSeat *seat, GPtrArray *envp)
-{
- char *s_ck_objref;
- if (!polkit_seat_get_ck_objref (seat, &s_ck_objref))
- goto error;
- g_ptr_array_add (envp, g_strdup_printf ("POLKIT_SEAT_CK_OBJREF=%s", s_ck_objref));
- return TRUE;
-error:
- return FALSE;
-}
-
-static polkit_bool_t
-_add_session_to_env (PolKitSession *session, GPtrArray *envp)
-{
- uid_t s_uid;
- char *s_ck_objref;
- polkit_bool_t s_ck_is_active;
- polkit_bool_t s_ck_is_local;
- char *s_ck_remote_host;
- PolKitSeat *s_seat;
-
- if (!polkit_session_get_uid (session, &s_uid))
- goto error;
- if (!polkit_session_get_ck_objref (session, &s_ck_objref))
- goto error;
- if (!polkit_session_get_ck_is_active (session, &s_ck_is_active))
- goto error;
- if (!polkit_session_get_ck_is_local (session, &s_ck_is_local))
- goto error;
- if (!s_ck_is_local)
- if (!polkit_session_get_ck_remote_host (session, &s_ck_remote_host))
- goto error;
- if (!polkit_session_get_seat (session, &s_seat))
- goto error;
-
- if (!_add_seat_to_env (s_seat, envp))
- goto error;
- g_ptr_array_add (envp, g_strdup_printf ("POLKIT_SESSION_UID=%d", (int) s_uid));
- g_ptr_array_add (envp, g_strdup_printf ("POLKIT_SESSION_CK_OBJREF=%s", s_ck_objref));
- g_ptr_array_add (envp, g_strdup_printf ("POLKIT_SESSION_CK_IS_ACTIVE=%d", s_ck_is_active));
- g_ptr_array_add (envp, g_strdup_printf ("POLKIT_SESSION_CK_IS_LOCAL=%d", s_ck_is_local));
- if (!s_ck_is_local)
- g_ptr_array_add (envp, g_strdup_printf ("POLKIT_SESSION_CK_REMOTE_HOST=%s", s_ck_remote_host));
- return TRUE;
-error:
- return FALSE;
-}
-
-static polkit_bool_t
-_add_caller_to_env (PolKitCaller *caller, GPtrArray *envp)
-{
- uid_t c_uid;
- pid_t c_pid;
- char *c_selinux_context;
- char *c_dbus_name;
- PolKitSession *c_session;
-
- if (!polkit_caller_get_uid (caller, &c_uid))
- goto error;
- if (!polkit_caller_get_pid (caller, &c_pid))
- goto error;
- if (!polkit_caller_get_dbus_name (caller, &c_dbus_name))
- goto error;
- if (!polkit_caller_get_selinux_context (caller, &c_selinux_context)) /* SELinux may not be available */
- c_selinux_context = NULL;
- if (!polkit_caller_get_ck_session (caller, &c_session)) /* Caller may not originate from a session */
- c_session = NULL;
-
- if (c_session != NULL)
- if (!_add_session_to_env (c_session, envp))
- goto error;
- g_ptr_array_add (envp, g_strdup_printf ("POLKIT_CALLER_UID=%d", (int) c_uid));
- g_ptr_array_add (envp, g_strdup_printf ("POLKIT_CALLER_PID=%d", (int) c_pid));
- g_ptr_array_add (envp, g_strdup_printf ("POLKIT_CALLER_DBUS_NAME=%s", c_dbus_name));
- if (c_selinux_context != NULL)
- g_ptr_array_add (envp, g_strdup_printf ("POLKIT_CALLER_SELINUX_CONTEXT=%s", c_selinux_context));
- return TRUE;
-error:
- return FALSE;
-}
-
-static polkit_bool_t
-_run_program (UserData *user_data, char **envp, PolKitResult *result)
-{
- int n;
- int exit_status;
- GError *g_error;
- char *prog_stdout;
- polkit_bool_t ret;
-
- g_error = NULL;
- prog_stdout = NULL;
- ret = FALSE;
-
- if (!g_spawn_sync ("/",
- user_data->program_argv,
- envp,
- 0,
- NULL,
- NULL,
- &prog_stdout,
- NULL,
- &exit_status,
- &g_error)) {
- g_warning ("error spawning '%s': %s", user_data->program_argv[0], g_error->message);
- g_error_free (g_error);
- goto error;
- }
-
- /* only care if the program returned 0 */
- if (exit_status != 0)
- goto error;
-
- /* only care about the first line */
- for (n = 0; prog_stdout[n] != '\n' && prog_stdout[n] != '\0'; n++)
- ;
- prog_stdout[n] = '\0';
-
- if (!polkit_result_from_string_representation (prog_stdout, result)) {
- g_warning ("malformed result '%s' from program", prog_stdout);
- goto error;
- }
-
- ret = TRUE;
-error:
- g_free (prog_stdout);
- return ret;
-}
-
-
-static PolKitResult
-_module_can_session_do_action (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitSession *session)
-{
- PolKitResult result;
- UserData *user_data;
- GPtrArray *envp;
-
- envp = NULL;
- result = POLKIT_RESULT_UNKNOWN_ACTION;
-
- user_data = polkit_module_get_user_data (module_interface);
-
- envp = g_ptr_array_new ();
-
- if (!_add_action_to_env (action, envp))
- goto error;
- if (!_add_session_to_env (session, envp))
- goto error;
- g_ptr_array_add (envp, g_strdup ("PATH=/usr/bin:/bin"));
- g_ptr_array_add (envp, g_strdup ("POLKIT_REQUEST_SESSION=1"));
- g_ptr_array_add (envp, NULL);
-
- if (!_run_program (user_data, (char **) envp->pdata, &result))
- goto error;
-
-error:
- if (envp != NULL) {
- g_ptr_array_foreach (envp, (GFunc) g_free, NULL);
- g_ptr_array_free (envp, TRUE);
- }
- return result;
-}
-
-static PolKitResult
-_module_can_caller_do_action (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitCaller *caller)
-{
- PolKitResult result;
- UserData *user_data;
- GPtrArray *envp;
-
- envp = NULL;
- result = POLKIT_RESULT_NO;
- user_data = polkit_module_get_user_data (module_interface);
-
- envp = g_ptr_array_new ();
- if (!_add_action_to_env (action, envp))
- goto error;
- if (!_add_caller_to_env (caller, envp))
- goto error;
- g_ptr_array_add (envp, g_strdup ("PATH=/usr/bin:/bin"));
- g_ptr_array_add (envp, g_strdup ("POLKIT_REQUEST_CALLER=1"));
- g_ptr_array_add (envp, NULL);
- if(!_run_program (user_data, (char **) envp->pdata, &result))
- goto error;
-
-error:
- if (envp != NULL) {
- g_ptr_array_foreach (envp, (GFunc) g_free, NULL);
- g_ptr_array_free (envp, TRUE);
- }
- return result;
-}
-
-polkit_bool_t
-polkit_module_set_functions (PolKitModuleInterface *module_interface)
-{
- polkit_bool_t ret;
-
- ret = FALSE;
- if (module_interface == NULL)
- goto out;
-
- polkit_module_set_func_initialize (module_interface, _module_init);
- polkit_module_set_func_shutdown (module_interface, _module_shutdown);
- polkit_module_set_func_can_session_do_action (module_interface, _module_can_session_do_action);
- polkit_module_set_func_can_caller_do_action (module_interface, _module_can_caller_do_action);
-
- ret = TRUE;
-out:
- return ret;
-}
-polkit_privilegedir = $(sysconfdir)/PolicyKit/policy
+polkit_privilegedir = $(datadir)/PolicyKit/policy
dist_polkit_privilege_DATA =
polkit-policy-file-entry.h \
polkit-policy-file.h \
polkit-policy-cache.h \
- polkit-policy-default.h \
- polkit-module.h
+ polkit-policy-default.h
libpolkit_la_SOURCES = \
polkit.h \
polkit-policy-cache.h polkit-policy-cache.c \
polkit-policy-default.h polkit-policy-default.c \
polkit-debug.h polkit-debug.c \
- polkit-utils.h polkit-utils.c \
- polkit-module.h polkit-module.c
+ polkit-utils.h polkit-utils.c
libpolkit_la_LIBADD = @GLIB_LIBS@ @EXPAT_LIBS@ -ldl
#include "polkit-debug.h"
#include "polkit-context.h"
#include "polkit-policy-cache.h"
-#include "polkit-module.h"
/**
* SECTION:polkit
PolKitPolicyCache *priv_cache;
- GSList *modules;
-
polkit_bool_t load_descriptions;
};
return pk_context;
}
-static polkit_bool_t
-unload_modules (PolKitContext *pk_context)
-{
- GSList *i;
- for (i = pk_context->modules; i != NULL; i = g_slist_next (i)) {
- PolKitModuleInterface *module_interface = i->data;
- polkit_module_interface_unref (module_interface);
- }
- g_slist_free (pk_context->modules);
- pk_context->modules = NULL;
- _pk_debug ("Unloaded modules");
-
- return TRUE;
-}
-
-static polkit_bool_t
-load_modules (PolKitContext *pk_context, PolKitError **error)
-{
- const char *config_file;
- polkit_bool_t ret;
- char *buf;
- char *end;
- char line[256];
- char *p;
- char *q;
- gsize len;
- int line_number;
- int mod_number;
- GError *g_error;
-
- ret = FALSE;
- buf = NULL;
- mod_number = 0;
-
- config_file = PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf";
- g_error = NULL;
- if (!g_file_get_contents (config_file,
- &buf,
- &len,
- &g_error)) {
- _pk_debug ("Cannot load PolicyKit configuration file at '%s'", config_file);
- polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID,
- "Cannot load PolicyKit configuration file at '%s': %s",
- config_file,
- g_error->message);
- g_error_free (g_error);
- goto out;
- }
-
- end = buf + len;
-
- /* parse the config file; one line at a time (yes, this is super ugly code) */
- p = buf;
- line_number = -1;
- while (TRUE) {
- int argc;
- char **tokens;
- char *module_name;
- char *module_path;
- PolKitModuleControl module_control;
- PolKitModuleInterface *module_interface;
-
- line_number++;
-
- q = p;
- while (*q != '\n' && q != '\0' && q < end)
- q++;
- if (*q == '\0' || q >= end) {
- /* skip last line if it's not terminated by whitespace */
- break;
- }
- if ((unsigned int) (q - p) > sizeof(line) - 1) {
- _pk_debug ("Line is too long; skipping it");
- continue;
- }
- strncpy (line, p, q - p);
- line[q - p] = '\0';
- p = q + 1;
-
- /* remove leading and trailing white space */
- g_strstrip (line);
-
- /* comments, blank lines are fine; just skip them */
- if (line[0] == '#' || strlen (line) == 0) {
- continue;
- }
-
- /*_pk_debug ("Looking at line: '%s'", line);*/
-
- if (!g_shell_parse_argv (line, &argc, &tokens, NULL)) {
- _pk_debug ("Cannot parse line %d - skipping", line_number);
- continue;
- }
- if (argc < 2) {
- _pk_debug ("Line %d is malformed - skipping line", line_number);
- g_strfreev (tokens);
- continue;
- }
- if (!polkit_module_control_from_string_representation (tokens[0], &module_control)) {
- _pk_debug ("Unknown module_control '%s' at line %d - skipping line", tokens[0], line_number);
- g_strfreev (tokens);
- continue;
- }
- module_name = tokens[1];
-
- module_path = g_strdup_printf (PACKAGE_LIB_DIR "/PolicyKit/modules/%s", module_name);
- _pk_debug ("MODULE: number=%d control=%d name=%s argc=%d",
- mod_number, module_control, module_name, argc - 1);
- module_interface = polkit_module_interface_load_module (module_path,
- module_control,
- argc - 1,
- tokens + 1);
- g_free (module_path);
-
- if (module_interface != NULL) {
- pk_context->modules = g_slist_append (pk_context->modules, module_interface);
- mod_number++;
- }
- g_strfreev (tokens);
-
- }
-
- ret = TRUE;
-
-out:
- if (buf != NULL)
- g_free (buf);
-
- _pk_debug ("Loaded %d modules in total", mod_number);
- return ret;
-}
-
static void
_config_file_events (PolKitContext *pk_context,
PolKitContextFileMonitorEvent event_mask,
void *user_data)
{
_pk_debug ("Config file changed");
- unload_modules (pk_context);
- load_modules (pk_context, NULL);
/* signal that our configuration (may have) changed */
if (pk_context->config_changed_cb) {
* @error: return location for error
*
* Initializes a new context; loads PolicyKit files from
- * /etc/PolicyKit/policy unless the environment variable
- * $POLKIT_POLICY_DIR points to a location.
+ * /usr/share/PolicyKit/policy unless the environment variable
+ * $POLKIT_POLICY_DIR points to another location.
*
* Returns: #FALSE if @error was set, otherwise #TRUE
**/
}
_pk_debug ("Using policy files from directory %s", pk_context->policy_dir);
- /* Load modules */
- if (!load_modules (pk_context, error))
- goto error;
-
/* don't populate the cache until it's needed.. */
if (pk_context->file_monitor_add_watch_func == NULL) {
}
return TRUE;
+
+#if 0
error:
if (pk_context != NULL)
polkit_context_unref (pk_context);
return FALSE;
+#endif
}
/**
if (pk_context->refcount > 0)
return;
- unload_modules (pk_context);
-
g_free (pk_context);
}
PolKitPolicyCache *cache;
PolKitPolicyFileEntry *pfe;
PolKitResult current_result;
- PolKitModuleControl current_control;
- GSList *i;
current_result = POLKIT_RESULT_NO;
g_return_val_if_fail (pk_context != NULL, current_result);
polkit_policy_file_entry_debug (pfe);
current_result = POLKIT_RESULT_UNKNOWN_ACTION;
- current_control = POLKIT_MODULE_CONTROL_ADVISE; /* start with advise */
+#if 0
/* visit modules */
for (i = pk_context->modules; i != NULL; i = g_slist_next (i)) {
PolKitModuleInterface *module_interface = i->data;
}
}
}
+#endif
/* Never return UNKNOWN_ACTION to user */
if (current_result == POLKIT_RESULT_UNKNOWN_ACTION)
PolKitPolicyCache *cache;
PolKitPolicyFileEntry *pfe;
PolKitResult current_result;
- PolKitModuleControl current_control;
- GSList *i;
current_result = POLKIT_RESULT_NO;
g_return_val_if_fail (pk_context != NULL, current_result);
polkit_policy_file_entry_debug (pfe);
current_result = POLKIT_RESULT_UNKNOWN_ACTION;
- current_control = POLKIT_MODULE_CONTROL_ADVISE; /* start with advise */
+#if 0
/* visit modules */
for (i = pk_context->modules; i != NULL; i = g_slist_next (i)) {
PolKitModuleInterface *module_interface = i->data;
}
}
}
+#endif
/* Never return UNKNOWN_ACTION to user */
if (current_result == POLKIT_RESULT_UNKNOWN_ACTION)
+++ /dev/null
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-module.c : PolicyKit loadable module interface
- *
- * Copyright (C) 2007 David Zeuthen, <david@fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- **************************************************************************/
-
-/**
- * SECTION:polkit-module
- * @short_description: PolicyKit loadable module interface
- *
- * These functions are used by loadable PolicyKit modules.
- **/
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-#include <dlfcn.h>
-#include <regex.h>
-#include <pwd.h>
-#include <grp.h>
-#include <glib.h>
-#include <unistd.h>
-
-#include "polkit-debug.h"
-#include "polkit-module.h"
-
-/**
- * PolKitModuleInterface:
- *
- * Objects of this class are used to interface with PolicyKit modules
- **/
-struct PolKitModuleInterface
-{
- int refcount;
- void *dlopen_handle;
- char *name;
-
- void *module_user_data;
- PolKitModuleControl module_control;
-
- PolKitModuleInitialize func_initialize;
- PolKitModuleShutdown func_shutdown;
- PolKitModuleCanSessionDoAction func_can_session_do_action;
- PolKitModuleCanCallerDoAction func_can_caller_do_action;
-
- polkit_bool_t builtin_have_action_regex;
- regex_t builtin_action_regex_compiled;
-
- GSList *builtin_users;
-};
-
-static uid_t
-_util_name_to_uid (const char *username, gid_t *default_gid)
-{
- int rc;
- uid_t res;
- char *buf = NULL;
- unsigned int bufsize;
- struct passwd pwd;
- struct passwd *pwdp;
-
- res = (uid_t) -1;
-
- bufsize = sysconf (_SC_GETPW_R_SIZE_MAX);
- buf = g_new0 (char, bufsize);
-
- rc = getpwnam_r (username, &pwd, buf, bufsize, &pwdp);
- if (rc != 0 || pwdp == NULL) {
- /*g_warning ("getpwnam_r() returned %d", rc);*/
- goto out;
- }
-
- res = pwdp->pw_uid;
- if (default_gid != NULL)
- *default_gid = pwdp->pw_gid;
-
-out:
- g_free (buf);
- return res;
-}
-
-static void
-_parse_builtin_remove_option (int *argc, char *argv[], int position)
-{
- int n;
- for (n = position; n < *argc; n++)
- argv[n] = argv[n+1];
- (*argc)--;
-}
-
-static polkit_bool_t
-_parse_builtin (PolKitModuleInterface *mi, int *argc, char *argv[])
-{
- int n;
- polkit_bool_t ret;
-
- ret = FALSE;
-
- for (n = 1; n < *argc; ) {
- if (g_str_has_prefix (argv[n], "action=")) {
- const char *regex;
-
- if (mi->builtin_have_action_regex) {
- _pk_debug ("Already have option 'action='");
- goto error;
- }
-
- regex = argv[n] + 10;
- if (regcomp (&(mi->builtin_action_regex_compiled), regex, REG_EXTENDED) != 0) {
- _pk_debug ("Regex '%s' didn't compile", regex);
- goto error;
- }
- mi->builtin_have_action_regex = TRUE;
-
- _pk_debug ("Compiled regex '%s' for option 'action=' OK", regex);
-
- _parse_builtin_remove_option (argc, argv, n);
- } else if (g_str_has_prefix (argv[n], "user=")) {
- const char *user;
- uid_t uid;
- GSList *i;
-
- user = argv[n] + 5;
- uid = _util_name_to_uid (user, NULL);
- if ((int) uid == -1) {
- _pk_debug ("Unknown user name '%s'", user);
- goto error;
- }
-
- for (i = mi->builtin_users; i != NULL; i = g_slist_next (i)) {
- uid_t uid_in_list = GPOINTER_TO_INT (i->data);
- if (uid_in_list == uid) {
- _pk_debug ("Already have user '%s'", user);
- goto error;
- }
- }
-
- _pk_debug ("adding uid %d", uid);
- mi->builtin_users = g_slist_prepend (mi->builtin_users, GINT_TO_POINTER (uid));
-
- _parse_builtin_remove_option (argc, argv, n);
- } else {
- n++;
- }
- }
-
- ret = TRUE;
-
-error:
- return ret;
-}
-
-/**
- * polkit_module_interface_load_module:
- * @name: name of module, e.g. "polkit-module-default.so"
- * @module_control: the module control; from the configuration file
- * @argc: number arguments to pass
- * @argv: argument vector, the first argument must be the filename/path to the module
- *
- * Load and initialize a PolicyKit module
- *
- * Returns: A #PolKitModuleInterface object on success; #NULL on failure.
- **/
-PolKitModuleInterface *
-polkit_module_interface_load_module (const char *name, PolKitModuleControl module_control, int argc, char *argv[])
-{
- void *handle;
- PolKitModuleInterface *mi;
- polkit_bool_t (*func) (PolKitModuleInterface *);
-
- mi = NULL;
-
- _pk_debug ("loading %s", name);
-
- handle = dlopen (name, RTLD_NOW | RTLD_LOCAL);
- if (handle == NULL) {
- _pk_debug ("Cannot load module '%s'", name);
- goto error;
- }
-
- func = dlsym (handle, "polkit_module_set_functions");
- if (func == NULL) {
- _pk_debug ("Cannot get symbol 'polkit_module_set_functions' in module '%s'", name);
- goto error;
- }
-
- _pk_debug ("func = %p", func);
-
- mi = polkit_module_interface_new ();
- if (!func (mi)) {
- _pk_debug ("Module '%s' returned FALSE when asked to set functions", name);
- goto error;
- }
-
- if (mi->func_initialize == NULL) {
- _pk_debug ("Module '%s' didn't set initialize function", name);
- goto error;
- }
-
- if (mi->func_shutdown == NULL) {
- _pk_debug ("Module '%s' didn't set shutdown function", name);
- goto error;
- }
-
- if (!_parse_builtin (mi, &argc, argv)) {
- _pk_debug ("Error parsing built-in module options for '%s'", name);
- goto error;
- }
-
- if (!mi->func_initialize (mi, argc, argv)) {
- _pk_debug ("Module '%s' returned FALSE in initialization function", name);
- goto error;
- }
-
- mi->dlopen_handle = handle;
- mi->name = g_strdup (name);
- mi->module_control = module_control;
- return mi;
-error:
- if (mi != NULL)
- polkit_module_interface_unref (mi);
- if (handle != NULL)
- dlclose (handle);
- return NULL;
-}
-
-/**
- * polkit_module_get_name:
- * @module_interface: the module interface
- *
- * Get the name of the module
- *
- * Returns: name or #NULL if an error occured
- **/
-const char *
-polkit_module_get_name (PolKitModuleInterface *module_interface)
-{
- g_return_val_if_fail (module_interface != NULL, NULL);
- return module_interface->name;
-}
-
-
-/**
- * polkit_module_interface_new:
- *
- * Create a new #PolKitModuleInterface object.
- *
- * Returns: the new object
- **/
-PolKitModuleInterface *
-polkit_module_interface_new (void)
-{
- PolKitModuleInterface *module_interface;
- module_interface = g_new0 (PolKitModuleInterface, 1);
- module_interface->refcount = 1;
- return module_interface;
-}
-
-/**
- * polkit_module_interface_ref:
- * @module_interface: the module_interface object
- *
- * Increase reference count.
- *
- * Returns: the object
- **/
-PolKitModuleInterface *
-polkit_module_interface_ref (PolKitModuleInterface *module_interface)
-{
- g_return_val_if_fail (module_interface != NULL, module_interface);
- module_interface->refcount++;
- return module_interface;
-}
-
-/**
- * polkit_module_interface_unref:
- * @module_interface: the module_interface object
- *
- * Decreases the reference count of the object. If it becomes zero,
- * the object is freed. Before freeing, reference counts on embedded
- * objects are decresed by one.
- **/
-void
-polkit_module_interface_unref (PolKitModuleInterface *module_interface)
-{
- g_return_if_fail (module_interface != NULL);
- module_interface->refcount--;
- if (module_interface->refcount > 0)
- return;
-
- /* builtins */
- if (module_interface->builtin_have_action_regex)
- regfree (&module_interface->builtin_action_regex_compiled);
- g_slist_free (module_interface->builtin_users);
-
- /* shutdown the module and unload it */
- if (module_interface->func_shutdown != NULL)
- module_interface->func_shutdown (module_interface);
- if (module_interface->dlopen_handle != NULL)
- dlclose (module_interface->dlopen_handle);
-
- g_free (module_interface->name);
- g_free (module_interface);
-}
-
-/**
- * polkit_module_set_func_initialize:
- * @module_interface: the module interface
- * @func: the function pointer
- *
- * Set the function pointer.
- **/
-void
-polkit_module_set_func_initialize (PolKitModuleInterface *module_interface,
- PolKitModuleInitialize func)
-{
- g_return_if_fail (module_interface != NULL);
- module_interface->func_initialize = func;
-}
-
-/**
- * polkit_module_set_func_shutdown:
- * @module_interface: the module interface
- * @func: the function pointer
- *
- * Set the function pointer.
- **/
-void
-polkit_module_set_func_shutdown (PolKitModuleInterface *module_interface,
- PolKitModuleShutdown func)
-{
- g_return_if_fail (module_interface != NULL);
- module_interface->func_shutdown = func;
-}
-
-/**
- * polkit_module_set_func_can_session_do_action:
- * @module_interface: the module interface
- * @func: the function pointer
- *
- * Set the function pointer.
- **/
-void polkit_module_set_func_can_session_do_action (PolKitModuleInterface *module_interface,
- PolKitModuleCanSessionDoAction func)
-{
- g_return_if_fail (module_interface != NULL);
- module_interface->func_can_session_do_action = func;
-}
-
-/**
- * polkit_module_set_func_can_caller_do_action:
- * @module_interface: the module interface
- * @func: the function pointer
- *
- * Set the function pointer.
- **/
-void polkit_module_set_func_can_caller_do_action (PolKitModuleInterface *module_interface,
- PolKitModuleCanCallerDoAction func)
-{
- g_return_if_fail (module_interface != NULL);
- module_interface->func_can_caller_do_action = func;
-}
-
-/**
- * polkit_module_get_func_initialize:
- * @module_interface: the module interface
- *
- * Get the function pointer.
- *
- * Returns: Function pointer or #NULL if it's unavailable or an error occured
- **/
-PolKitModuleInitialize
-polkit_module_get_func_initialize (PolKitModuleInterface *module_interface)
-{
- g_return_val_if_fail (module_interface != NULL, NULL);
- return module_interface->func_initialize;
-}
-
-/**
- * polkit_module_get_func_shutdown:
- * @module_interface: the module interface
- *
- * Get the function pointer.
- *
- * Returns: Function pointer or #NULL if it's unavailable or an error occured
- **/
-PolKitModuleShutdown
-polkit_module_get_func_shutdown (PolKitModuleInterface *module_interface)
-{
- g_return_val_if_fail (module_interface != NULL, NULL);
- return module_interface->func_shutdown;
-}
-
-/**
- * polkit_module_get_func_can_session_do_action:
- * @module_interface: the module interface
- *
- * Get the function pointer.
- *
- * Returns: Function pointer or #NULL if it's unavailable or an error occured
- **/
-PolKitModuleCanSessionDoAction
-polkit_module_get_func_can_session_do_action (PolKitModuleInterface *module_interface)
-{
- g_return_val_if_fail (module_interface != NULL, NULL);
- return module_interface->func_can_session_do_action;
-}
-
-/**
- * polkit_module_get_func_can_caller_do_action:
- * @module_interface: the module interface
- *
- * Get the function pointer.
- *
- * Returns: Function pointer or #NULL if it's unavailable or an error occured
- **/
-PolKitModuleCanCallerDoAction
-polkit_module_get_func_can_caller_do_action (PolKitModuleInterface *module_interface)
-{
- g_return_val_if_fail (module_interface != NULL, NULL);
- return module_interface->func_can_caller_do_action;
-}
-
-
-/**
- * polkit_module_interface_get_control:
- * @module_interface: the module interface
- *
- * Get the control for this module.
- *
- * Returns: A #PolKitModuleControl value.
- **/
-PolKitModuleControl
-polkit_module_interface_get_control (PolKitModuleInterface *module_interface)
-{
- /* hmm, should we have UNKNOWN? */
- g_return_val_if_fail (module_interface != NULL, POLKIT_MODULE_CONTROL_MANDATORY);
- return module_interface->module_control;
-}
-
-static const struct {
- PolKitModuleControl module_control;
- const char *str;
-} mapping[] =
-{
- {POLKIT_MODULE_CONTROL_ADVISE, "advise"},
- {POLKIT_MODULE_CONTROL_MANDATORY, "mandatory"},
- {0, NULL}
-};
-
-/**
- * polkit_module_control_to_string_representation:
- * @module_control: the given value
- *
- * Gives a textual representation of a #PolKitModuleControl object.
- *
- * Returns: The textual representation or #NULL if the value passed is invalid
- **/
-const char *
-polkit_module_control_to_string_representation (PolKitModuleControl module_control)
-{
- if (module_control < 0 || module_control >= POLKIT_MODULE_CONTROL_N_CONTROLS) {
- g_warning ("The passed module control identifier, %d, is not valid", module_control);
- return NULL;
- }
-
- return mapping[module_control].str;
-}
-
-/**
- * polkit_module_control_from_string_representation:
- * @string: the textual representation
- * @out_module_control: return location for the value
- *
- * Given a textual representation of a #PolKitModuleControl object, find the #PolKitModuleControl value.
- *
- * Returns: TRUE if the textual representation was valid, otherwise FALSE
- **/
-polkit_bool_t
-polkit_module_control_from_string_representation (const char *string, PolKitModuleControl *out_module_control)
-{
- int n;
-
- g_return_val_if_fail (out_module_control != NULL, FALSE);
-
- for (n = 0; n < POLKIT_MODULE_CONTROL_N_CONTROLS; n++) {
- if (mapping[n].str == NULL)
- break;
- if (g_ascii_strcasecmp (mapping[n].str, string) == 0) {
- *out_module_control = mapping[n].module_control;
- goto found;
- }
- }
-
- return FALSE;
-found:
- return TRUE;
-}
-
-
-/**
- * polkit_module_set_user_data:
- * @module_interface: module interface
- * @user_data: user data to set
- *
- * Set user data. A PolicyKit module should use these instead of
- * global variables as multiple instances of the module may be
- * instantiated at the same time.
- **/
-void
-polkit_module_set_user_data (PolKitModuleInterface *module_interface, void *user_data)
-{
- g_return_if_fail (module_interface != NULL);
- module_interface->module_user_data = user_data;
-}
-
-/**
- * polkit_module_get_user_data:
- * @module_interface: module interface
- *
- * Get user data.
- *
- * Returns: The user data set with polkit_module_set_user_data()
- **/
-void *
-polkit_module_get_user_data (PolKitModuleInterface *module_interface)
-{
- g_return_val_if_fail (module_interface != NULL, NULL);
- return module_interface->module_user_data;
-}
-
-static polkit_bool_t
-_check_action (PolKitModuleInterface *module_interface, PolKitAction *action)
-{
- polkit_bool_t ret;
-
- ret = FALSE;
-
- if (module_interface->builtin_have_action_regex) {
- char *action_name;
- if (polkit_action_get_action_id (action, &action_name)) {
- if (regexec (&module_interface->builtin_action_regex_compiled,
- action_name, 0, NULL, 0) == 0) {
- ret = TRUE;
- }
- }
- } else {
- ret = TRUE;
- }
-
- return ret;
-}
-
-/*----*/
-
-static polkit_bool_t
-_check_uid_in_list (GSList *list, uid_t given_uid)
-{
- GSList *i;
-
- for (i = list; i != NULL; i = g_slist_next (i)) {
- uid_t uid = GPOINTER_TO_INT (i->data);
- if (given_uid == uid)
- return TRUE;
- }
- return FALSE;
-}
-
-static polkit_bool_t
-_check_users_for_session (PolKitModuleInterface *module_interface, PolKitSession *session)
-{
- uid_t uid;
- GSList *list;
- if ((list = module_interface->builtin_users) == NULL)
- return TRUE;
- if (session == NULL)
- return FALSE;
- if (!polkit_session_get_uid (session, &uid))
- return FALSE;
- return _check_uid_in_list (list, uid);
-}
-
-static polkit_bool_t
-_check_users_for_caller (PolKitModuleInterface *module_interface, PolKitCaller *caller)
-{
- uid_t uid;
- GSList *list;
- if ((list = module_interface->builtin_users) == NULL)
- return TRUE;
- if (caller == NULL)
- return FALSE;
- if (!polkit_caller_get_uid (caller, &uid))
- return FALSE;
- return _check_uid_in_list (list, uid);
-}
-
-
-/**
- * polkit_module_interface_check_builtin_confinement_for_session:
- * @module_interface: the given module
- * @pk_context: the PolicyKit context
- * @action: the type of access to check for
- * @session: the session in question
- *
- * Check whether some of the built-in module options (e.g. action="hal-storage-*",
- * user=davidz) confines the given module, e.g. whether it should be skipped.
- *
- * Returns: TRUE if, and only if, the module is confined from handling the request
- **/
-polkit_bool_t
-polkit_module_interface_check_builtin_confinement_for_session (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitSession *session)
-{
- polkit_bool_t ret;
- ret = TRUE;
-
- g_return_val_if_fail (module_interface != NULL, ret);
-
- if (!_check_action (module_interface, action))
- goto out;
- if (!_check_users_for_session (module_interface, session))
- goto out;
-
- /* not confined */
- ret = FALSE;
-out:
- return ret;
-}
-
-/**
- * polkit_module_interface_check_builtin_confinement_for_caller:
- * @module_interface: the given module
- * @pk_context: the PolicyKit context
- * @action: the type of access to check for
- * @caller: the caller in question
- *
- * Check whether some of the built-in module options (e.g. action="hal-storage-*",
- * user=davidz) confines the given module, e.g. whether it should be skipped.
- *
- * Returns: TRUE if, and only if, the module is confined from handling the request
- **/
-polkit_bool_t
-polkit_module_interface_check_builtin_confinement_for_caller (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitCaller *caller)
-{
- polkit_bool_t ret;
- ret = TRUE;
-
- g_return_val_if_fail (module_interface != NULL, ret);
-
- if (!_check_action (module_interface, action))
- goto out;
- if (!_check_users_for_caller (module_interface, caller))
- goto out;
-
- /* not confined */
- ret = FALSE;
-out:
- return ret;
-}
+++ /dev/null
-/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
-/***************************************************************************
- *
- * polkit-module.h : PolicyKit loadable module interface
- *
- * Copyright (C) 2007 David Zeuthen, <david@fubar.dk>
- *
- * Licensed under the Academic Free License version 2.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
- **************************************************************************/
-
-#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
-#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
-#endif
-
-#ifndef POLKIT_MODULE_H
-#define POLKIT_MODULE_H
-
-#include <polkit/polkit-types.h>
-#include <polkit/polkit.h>
-
-struct PolKitModuleInterface;
-typedef struct PolKitModuleInterface PolKitModuleInterface;
-
-/**
- * PolKitModuleInitialize:
- * @module_interface: the module interface
- * @argc: number of arguments to pass to module
- * @argv: arguments passed to module; the first argument is the filename/path to the module
- *
- * Type of PolicyKit module function to initialize the module.
- *
- * Returns: Whether the module was initialized.
- **/
-typedef polkit_bool_t (*PolKitModuleInitialize) (PolKitModuleInterface *module_interface,
- int argc,
- char *argv[]);
-
-/**
- * PolKitModuleShutdown:
- * @module_interface: the module interface
- *
- * Type of PolicyKit module function to shutdown the module.
- **/
-typedef void (*PolKitModuleShutdown) (PolKitModuleInterface *module_interface);
-
-/**
- * PolKitModuleCanSessionAccessDoAction:
- * @module_interface: the module interface
- * @pk_context: the PolicyKit context
- * @action: the type of access to check for
- * @session: the session in question
- *
- * Type of PolicyKit module function to implement polkit_can_session_access_do_action().
- *
- * Returns: the #PolKitResult
- **/
-typedef PolKitResult (*PolKitModuleCanSessionDoAction) (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitSession *session);
-
-/**
- * PolKitModuleCanCallerAccessDoAction:
- * @module_interface: the module interface
- * @pk_context: the PolicyKit context
- * @action: the type of access to check for
- * @caller: the caller in question
- *
- * Type of PolicyKit module function to implement polkit_can_caller_do_action().
- *
- * Returns: the #PolKitResult
- **/
-typedef PolKitResult (*PolKitModuleCanCallerDoAction) (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitCaller *caller);
-
-PolKitModuleInterface *polkit_module_interface_new (void);
-PolKitModuleInterface *polkit_module_interface_ref (PolKitModuleInterface *module_interface);
-void polkit_module_interface_unref (PolKitModuleInterface *module_interface);
-const char *polkit_module_get_name (PolKitModuleInterface *module_interface);
-
-void polkit_module_set_user_data (PolKitModuleInterface *module_interface, void *user_data);
-void *polkit_module_get_user_data (PolKitModuleInterface *module_interface);
-
-void polkit_module_set_func_initialize (PolKitModuleInterface *module_interface,
- PolKitModuleInitialize func);
-void polkit_module_set_func_shutdown (PolKitModuleInterface *module_interface,
- PolKitModuleShutdown func);
-void polkit_module_set_func_can_session_do_action (PolKitModuleInterface *module_interface,
- PolKitModuleCanSessionDoAction func);
-void polkit_module_set_func_can_caller_do_action (PolKitModuleInterface *module_interface,
- PolKitModuleCanCallerDoAction func);
-
-PolKitModuleInitialize polkit_module_get_func_initialize (PolKitModuleInterface *module_interface);
-PolKitModuleShutdown polkit_module_get_func_shutdown (PolKitModuleInterface *module_interface);
-PolKitModuleCanSessionDoAction polkit_module_get_func_can_session_do_action (PolKitModuleInterface *module_interface);
-PolKitModuleCanCallerDoAction polkit_module_get_func_can_caller_do_action (PolKitModuleInterface *module_interface);
-
-/**
- * PolKitModuleControl:
- * @POLKIT_MODULE_CONTROL_ADVISE: Allow modules, marked with #POLKIT_MODULE_CONTROL_MANDATORY, down the
- * stack to override results from this module. Modules down the stack that are also marked with
- * the #POLKIT_MODULE_CONTROL_ADVISE control will only take effect it they change the result to be "less strict".
- * @POLKIT_MODULE_CONTROL_MANDATORY: Always use results (unless it returns
- * #POLKIT_RESULT_UNKNOWN_ACTION for a given request) from this module, even if it changes whether the
- * result to be "more strict". . If a later module also uses this control, results from that module will override it.
- * @POLKIT_MODULE_CONTROL_N_CONTROLS: Number of control stanzas
- *
- * The control stanza for a PolicyKit module. This is read from the
- * PolicyKit configuration file (/etc/PolicyKit/PolicyKit.conf) that
- * defines the stacked order of the modules and is chosen by the
- * system administrator. See the definition of #PolKitResult for
- * the definition of "strict" with respect to result values.
- **/
-typedef enum
-{
- POLKIT_MODULE_CONTROL_ADVISE,
- POLKIT_MODULE_CONTROL_MANDATORY,
- POLKIT_MODULE_CONTROL_N_CONTROLS
-} PolKitModuleControl;
-
-const char *
-polkit_module_control_to_string_representation (PolKitModuleControl module_control);
-
-polkit_bool_t
-polkit_module_control_from_string_representation (const char *string, PolKitModuleControl *out_module_control);
-
-PolKitModuleInterface *polkit_module_interface_load_module (const char *name,
- PolKitModuleControl module_control,
- int argc, char *argv[]);
-
-PolKitModuleControl polkit_module_interface_get_control (PolKitModuleInterface *module_interface);
-
-
-polkit_bool_t
-polkit_module_interface_check_builtin_confinement_for_session (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitSession *session);
-
-polkit_bool_t
-polkit_module_interface_check_builtin_confinement_for_caller (PolKitModuleInterface *module_interface,
- PolKitContext *pk_context,
- PolKitAction *action,
- PolKitCaller *caller);
-
-#endif /* POLKIT_MODULE_H */
#include <polkit/polkit-policy-file.h>
#include <polkit/polkit-policy-cache.h>
#include <polkit/polkit-policy-default.h>
-#include <polkit/polkit-module.h>
#undef _POLKIT_INSIDE_POLKIT_H
#endif /* POLKIT_H */
projects / platform / upstream / polkit.git / commitdiff