From 169c130d4e517371c64d2c2832d323592d38ea7b Mon Sep 17 00:00:00 2001 From: David Zeuthen Date: Tue, 19 Jun 2007 15:41:55 -0400 Subject: [PATCH] rip out the notion of Resources It makes things a _lot more_ complicated having to deal with resources and there's a much nicer way to deal with it: Punt it to the apps: It's much more natural for the application to have a notion about about what resources are "trusted" (and e.g. requires lesser privileges) and what resources aren't. Consider dial-up networking; here the privileged application that performs the dial-up operation consults a list (maintained by the system administrator) of allowed numbers to dial. If the unprivileged networking UI applet that requests a number to be dialed is on the list it uses the PolicyKit action 'nm-dialup-trusted-location', if it isn't then it uses the PolicyKit action 'nm-dialup-untrusted-location'. --- doc/api/polkit/polkit-docs.xml | 1 - modules/Makefile.am | 3 +- modules/default/polkit-module-default.c | 38 +++--- modules/grant/Makefile.am | 6 +- modules/grant/polkit-module-grant.c | 71 ++++++---- polkit-dbus/polkit-dbus.c | 131 ++++++++++++++++++ polkit-dbus/polkit-dbus.h | 2 + polkit-grant/Makefile.am | 1 + polkit-grant/polkit-grant-helper.c | 70 +++++----- polkit-grant/polkit-grant.c | 47 +++---- polkit-grant/polkit-grant.h | 4 +- polkit/Makefile.am | 2 - polkit/polkit-caller.c | 2 - polkit/polkit-context.c | 111 +++------------ polkit/polkit-context.h | 37 +---- polkit/polkit-module.c | 117 ++++------------ polkit/polkit-module.h | 94 ++++--------- polkit/polkit-policy-default.c | 28 ++-- polkit/polkit-policy-default.h | 16 +-- polkit/polkit-policy-file-entry.c | 2 +- polkit/polkit-policy-file-entry.h | 3 - polkit/polkit-resource.c | 232 -------------------------------- polkit/polkit-resource.h | 52 ------- polkit/polkit.h | 1 - tools/polkit-check-caller.c | 27 +--- tools/polkit-check-session.c | 26 +--- tools/polkit-grant.c | 23 +--- 27 files changed, 372 insertions(+), 775 deletions(-) delete mode 100644 polkit/polkit-resource.c delete mode 100644 polkit/polkit-resource.h diff --git a/doc/api/polkit/polkit-docs.xml b/doc/api/polkit/polkit-docs.xml index 6ed6222..8358039 100644 --- a/doc/api/polkit/polkit-docs.xml +++ b/doc/api/polkit/polkit-docs.xml @@ -73,7 +73,6 @@ - diff --git a/modules/Makefile.am b/modules/Makefile.am index 010ed66..700fa84 100644 --- a/modules/Makefile.am +++ b/modules/Makefile.am @@ -1,5 +1,6 @@ -SUBDIRS = default allow-all deny-all run-program grant +#SUBDIRS = default allow-all deny-all run-program grant +SUBDIRS = default grant polkitconfdir = $(sysconfdir)/PolicyKit dist_polkitconf_DATA = PolicyKit.conf diff --git a/modules/default/polkit-module-default.c b/modules/default/polkit-module-default.c index 7b73388..8ef02f8 100644 --- a/modules/default/polkit-module-default.c +++ b/modules/default/polkit-module-default.c @@ -47,11 +47,10 @@ _module_shutdown (PolKitModuleInterface *module_interface) } static PolKitResult -_module_can_session_access_resource (PolKitModuleInterface *module_interface, - PolKitContext *pk_context, - PolKitAction *action, - PolKitResource *resource, - PolKitSession *session) +_module_can_session_do_action (PolKitModuleInterface *module_interface, + PolKitContext *pk_context, + PolKitAction *action, + PolKitSession *session) { PolKitResult result; PolKitPolicyCache *cache; @@ -60,19 +59,16 @@ _module_can_session_access_resource (PolKitModuleInterface *module_interface, result = POLKIT_RESULT_NO; cache = polkit_context_get_policy_cache (pk_context); pfe = polkit_policy_cache_get_entry (cache, action); - return polkit_policy_default_can_session_access_resource ( - polkit_policy_file_entry_get_default (pfe), - action, - resource, - session); + return polkit_policy_default_can_session_do_action (polkit_policy_file_entry_get_default (pfe), + action, + session); } static PolKitResult -_module_can_caller_access_resource (PolKitModuleInterface *module_interface, - PolKitContext *pk_context, - PolKitAction *action, - PolKitResource *resource, - PolKitCaller *caller) +_module_can_caller_do_action (PolKitModuleInterface *module_interface, + PolKitContext *pk_context, + PolKitAction *action, + PolKitCaller *caller) { PolKitResult result; PolKitPolicyCache *cache; @@ -81,11 +77,9 @@ _module_can_caller_access_resource (PolKitModuleInterface *module_interface, result = POLKIT_RESULT_NO; cache = polkit_context_get_policy_cache (pk_context); pfe = polkit_policy_cache_get_entry (cache, action); - return polkit_policy_default_can_caller_access_resource ( - polkit_policy_file_entry_get_default (pfe), - action, - resource, - caller); + return polkit_policy_default_can_caller_do_action (polkit_policy_file_entry_get_default (pfe), + action, + caller); } polkit_bool_t @@ -99,8 +93,8 @@ polkit_module_set_functions (PolKitModuleInterface *module_interface) polkit_module_set_func_initialize (module_interface, _module_init); polkit_module_set_func_shutdown (module_interface, _module_shutdown); - polkit_module_set_func_can_session_access_resource (module_interface, _module_can_session_access_resource); - polkit_module_set_func_can_caller_access_resource (module_interface, _module_can_caller_access_resource); + polkit_module_set_func_can_session_do_action (module_interface, _module_can_session_do_action); + polkit_module_set_func_can_caller_do_action (module_interface, _module_can_caller_do_action); ret = TRUE; out: diff --git a/modules/grant/Makefile.am b/modules/grant/Makefile.am index 6306ac5..2cea430 100644 --- a/modules/grant/Makefile.am +++ b/modules/grant/Makefile.am @@ -17,7 +17,11 @@ polkitmodule_LTLIBRARIES = \ $(NULL) -polkit_module_grant_la_SOURCES = polkit-module-grant.c +polkit_module_grant_la_SOURCES = \ + $(top_srcdir)/polkit-grant/polkit-grant-database.h $(top_srcdir)/polkit-grant/polkit-grant-database.c \ + polkit-module-grant.c + + polkit_module_grant_la_LDFLAGS = -no-undefined -module -avoid-version polkit_module_grant_la_LIBADD = $(top_builddir)/polkit/libpolkit.la @GLIB_LIBS@ diff --git a/modules/grant/polkit-module-grant.c b/modules/grant/polkit-module-grant.c index d49c5a6..d1c3691 100644 --- a/modules/grant/polkit-module-grant.c +++ b/modules/grant/polkit-module-grant.c @@ -51,21 +51,19 @@ _module_shutdown (PolKitModuleInterface *module_interface) static PolKitResult -_module_can_session_access_resource (PolKitModuleInterface *module_interface, - PolKitContext *pk_context, - PolKitAction *action, - PolKitResource *resource, - PolKitSession *session) +_module_can_session_do_action (PolKitModuleInterface *module_interface, + PolKitContext *pk_context, + PolKitAction *action, + PolKitSession *session) { return POLKIT_RESULT_UNKNOWN_ACTION; } static PolKitResult -_module_can_caller_access_resource (PolKitModuleInterface *module_interface, - PolKitContext *pk_context, - PolKitAction *action, - PolKitResource *resource, - PolKitCaller *caller) +_module_can_caller_do_action (PolKitModuleInterface *module_interface, + PolKitContext *pk_context, + PolKitAction *action, + PolKitCaller *caller) { char *grant_file; PolKitSession *session; @@ -73,6 +71,7 @@ _module_can_caller_access_resource (PolKitModuleInterface *module_interface, result = POLKIT_RESULT_UNKNOWN_ACTION; +#if 0 /* file format: * * file: /var/[lib,run]/PolicyKit/grant/.grant @@ -106,22 +105,30 @@ _module_can_caller_access_resource (PolKitModuleInterface *module_interface, if (!polkit_caller_get_uid (caller, &invoking_user_id)) goto out; - if (resource == NULL) - goto out; - if (!polkit_resource_get_resource_type (resource, &resource_type)) - goto out; - if (!polkit_resource_get_resource_id (resource, &resource_id)) - goto out; + if (resource == NULL) { + resource_type = ""; + resource_id = ""; + } else { + if (!polkit_resource_get_resource_type (resource, &resource_type)) + goto out; + if (!polkit_resource_get_resource_id (resource, &resource_id)) + goto out; + } session_name = NULL; if (!polkit_caller_get_ck_session (caller, &session)) goto out; if (!polkit_caller_get_dbus_name (caller, &dbus_name)) goto out; - if (!polkit_session_get_ck_objref (session, &session_objpath)) - goto out; + if (session == NULL) { + session_objpath = NULL; + session_name = NULL; + } else { + if (!polkit_session_get_ck_objref (session, &session_objpath)) + goto out; + session_name = g_basename (session_objpath); + } - session_name = g_basename (session_objpath); resource_str_to_hash = g_strdup_printf ("%s:%s", resource_type, resource_id); resource_hash = g_str_hash (resource_str_to_hash); g_free (resource_str_to_hash); @@ -142,8 +149,14 @@ _module_can_caller_access_resource (PolKitModuleInterface *module_interface, * dbus____.grant */ + if (dbus_name == NULL) + dbus_name = ""; + grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit/dbus_%s_%d_%s_%u.grant", dbus_name, invoking_user_id, action_name, resource_hash); + + fprintf (stdout, "testing for file '%s'\n", grant_file); + if (g_file_test (grant_file, G_FILE_TEST_EXISTS)) { result = POLKIT_RESULT_YES; g_free (grant_file); @@ -151,14 +164,16 @@ _module_can_caller_access_resource (PolKitModuleInterface *module_interface, } g_free (grant_file); - grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit/session_%s_%d_%s_%u.grant", - session_name, invoking_user_id, action_name, resource_hash); - if (g_file_test (grant_file, G_FILE_TEST_EXISTS)) { - result = POLKIT_RESULT_YES; + if (session_name != NULL) { + grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit/session_%s_%d_%s_%u.grant", + session_name, invoking_user_id, action_name, resource_hash); + if (g_file_test (grant_file, G_FILE_TEST_EXISTS)) { + result = POLKIT_RESULT_YES; + g_free (grant_file); + goto out; + } g_free (grant_file); - goto out; } - g_free (grant_file); grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit/uid_%d_%s_%u.grant", invoking_user_id, action_name, resource_hash); @@ -168,7 +183,7 @@ _module_can_caller_access_resource (PolKitModuleInterface *module_interface, goto out; } g_free (grant_file); - +#endif out: return result; @@ -185,8 +200,8 @@ polkit_module_set_functions (PolKitModuleInterface *module_interface) polkit_module_set_func_initialize (module_interface, _module_init); polkit_module_set_func_shutdown (module_interface, _module_shutdown); - polkit_module_set_func_can_session_access_resource (module_interface, _module_can_session_access_resource); - polkit_module_set_func_can_caller_access_resource (module_interface, _module_can_caller_access_resource); + polkit_module_set_func_can_session_do_action (module_interface, _module_can_session_do_action); + polkit_module_set_func_can_caller_do_action (module_interface, _module_can_caller_do_action); ret = TRUE; out: diff --git a/polkit-dbus/polkit-dbus.c b/polkit-dbus/polkit-dbus.c index 8609aac..d0c00f4 100644 --- a/polkit-dbus/polkit-dbus.c +++ b/polkit-dbus/polkit-dbus.c @@ -538,3 +538,134 @@ out: g_free (ck_session_objpath); return caller; } + +PolKitCaller * +polkit_caller_new_from_pid (DBusConnection *con, pid_t pid, DBusError *error) +{ + PolKitCaller *caller; + uid_t uid; + char *selinux_context; + char *ck_session_objpath; + PolKitSession *session; + DBusMessage *message; + DBusMessage *reply; + DBusMessageIter iter; + char *str; + + g_return_val_if_fail (con != NULL, NULL); + g_return_val_if_fail (error != NULL, NULL); + g_return_val_if_fail (! dbus_error_is_set (error), NULL); + + selinux_context = NULL; + ck_session_objpath = NULL; + + caller = NULL; + session = NULL; + + /* TODO: Verify that PID exists */ + + /* TODO: FIXME */ + uid = 500; + + /* TODO: FIXME */ + selinux_context = g_strdup ("user_u:system_r:hald_t"); + + message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit", + "/org/freedesktop/ConsoleKit/Manager", + "org.freedesktop.ConsoleKit.Manager", + "GetSessionForUnixProcess"); + dbus_message_iter_init_append (message, &iter); + dbus_message_iter_append_basic (&iter, DBUS_TYPE_UINT32, &pid); + reply = dbus_connection_send_with_reply_and_block (con, message, -1, error); + if (reply == NULL || dbus_error_is_set (error)) { + g_warning ("Error doing GetSessionForUnixProcess on ConsoleKit: %s: %s", error->name, error->message); + dbus_message_unref (message); + if (reply != NULL) + dbus_message_unref (reply); + /* OK, this is not a catastrophe; just means the caller is not a + * member of any session or that ConsoleKit is not available.. + */ + goto not_in_session; + } + dbus_message_iter_init (reply, &iter); + dbus_message_iter_get_basic (&iter, &str); + ck_session_objpath = g_strdup (str); + dbus_message_unref (message); + dbus_message_unref (reply); + + session = polkit_session_new_from_objpath (con, ck_session_objpath, uid, error); + if (session == NULL) { + g_warning ("Got a session objpath but couldn't construct session object!"); + goto out; + } + if (!polkit_session_validate (session)) { + polkit_session_unref (session); + session = NULL; + goto out; + } + +not_in_session: + + caller = polkit_caller_new (); + if (caller == NULL) { + if (session != NULL) { + polkit_session_unref (session); + session = NULL; + } + goto out; + } + + if (!polkit_caller_set_uid (caller, uid)) { + if (session != NULL) { + polkit_session_unref (session); + session = NULL; + } + polkit_caller_unref (caller); + caller = NULL; + goto out; + } + if (!polkit_caller_set_pid (caller, pid)) { + if (session != NULL) { + polkit_session_unref (session); + session = NULL; + } + polkit_caller_unref (caller); + caller = NULL; + goto out; + } + if (selinux_context != NULL) { + if (!polkit_caller_set_selinux_context (caller, selinux_context)) { + if (session != NULL) { + polkit_session_unref (session); + session = NULL; + } + polkit_caller_unref (caller); + caller = NULL; + goto out; + } + } + if (session != NULL) { + if (!polkit_caller_set_ck_session (caller, session)) { + if (session != NULL) { + polkit_session_unref (session); + session = NULL; + } + polkit_caller_unref (caller); + caller = NULL; + goto out; + } + polkit_session_unref (session); /* caller object now own this object */ + session = NULL; + } + + if (!polkit_caller_validate (caller)) { + polkit_caller_unref (caller); + caller = NULL; + goto out; + } + +out: + g_free (selinux_context); + g_free (ck_session_objpath); + return caller; +} diff --git a/polkit-dbus/polkit-dbus.h b/polkit-dbus/polkit-dbus.h index 39c00cb..b39e091 100644 --- a/polkit-dbus/polkit-dbus.h +++ b/polkit-dbus/polkit-dbus.h @@ -35,6 +35,8 @@ PolKitSession *polkit_session_new_from_cookie (DBusConnection *con, const cha PolKitCaller *polkit_caller_new_from_dbus_name (DBusConnection *con, const char *dbus_name, DBusError *error); +PolKitCaller *polkit_caller_new_from_pid (DBusConnection *con, pid_t pid, DBusError *error); + #endif /* POLKIT_DBUS_H */ diff --git a/polkit-grant/Makefile.am b/polkit-grant/Makefile.am index 17f07e5..d8a39d7 100644 --- a/polkit-grant/Makefile.am +++ b/polkit-grant/Makefile.am @@ -20,6 +20,7 @@ libpolkit_grantinclude_HEADERS = \ polkit-grant.h libpolkit_grant_la_SOURCES = \ + polkit-grant-database.h polkit-grant-database.c \ polkit-grant.h polkit-grant.c libpolkit_grant_la_LIBADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/polkit/libpolkit.la diff --git a/polkit-grant/polkit-grant-helper.c b/polkit-grant/polkit-grant-helper.c index 8b90107..7cbe07f 100644 --- a/polkit-grant/polkit-grant-helper.c +++ b/polkit-grant/polkit-grant-helper.c @@ -41,6 +41,8 @@ #include +#include "polkit-grant-database.h" + static int conversation_function (int n, const struct pam_message **msg, @@ -146,12 +148,16 @@ do_auth (const char *user_to_auth) goto error; } +#if 0 + /* Hmm, this fails; TODO: investigate */ + /* permitted access? */ rc = pam_acct_mgmt (pam_h, 0); if (rc != PAM_SUCCESS) { fprintf (stderr, "pam_acct_mgmt failed: %s\n", pam_strerror (pam_h, rc)); goto error; } +#endif /* did we auth the right user? */ rc = pam_get_item (pam_h, PAM_USER, &authed_user); @@ -174,9 +180,8 @@ error: static polkit_bool_t verify_with_polkit (const char *dbus_name, + pid_t caller_pid, const char *action_name, - const char *resource_type, - const char *resource_name, PolKitResult *result, char **out_session_objpath) { @@ -187,7 +192,6 @@ verify_with_polkit (const char *dbus_name, DBusError error; PolKitContext *pol_ctx; PolKitAction *action; - PolKitResource *resource; dbus_error_init (&error); bus = dbus_bus_get (DBUS_BUS_SYSTEM, &error); @@ -200,18 +204,18 @@ verify_with_polkit (const char *dbus_name, action = polkit_action_new (); polkit_action_set_action_id (action, action_name); - if (resource_type != NULL && resource_name != NULL) { - resource = polkit_resource_new (); - polkit_resource_set_resource_type (resource, resource_type); - polkit_resource_set_resource_id (resource, resource_name); + if (dbus_name != NULL && strlen (dbus_name) > 0) { + caller = polkit_caller_new_from_dbus_name (bus, dbus_name, &error); + if (caller == NULL) { + fprintf (stderr, "cannot get caller from dbus name\n"); + goto out; + } } else { - resource = NULL; - } - - caller = polkit_caller_new_from_dbus_name (bus, dbus_name, &error); - if (caller == NULL) { - fprintf (stderr, "cannot get caller from dbus name\n"); - goto out; + caller = polkit_caller_new_from_pid (bus, caller_pid, &error); + if (caller == NULL) { + fprintf (stderr, "cannot get caller from pid\n"); + goto out; + } } if (!polkit_caller_get_ck_session (caller, &session)) { @@ -234,7 +238,7 @@ verify_with_polkit (const char *dbus_name, goto out; } - *result = polkit_context_can_caller_access_resource (pol_ctx, action, resource, caller); + *result = polkit_context_can_caller_do_action (pol_ctx, action, caller); if (*result != POLKIT_RESULT_ONLY_VIA_ROOT_AUTH && *result != POLKIT_RESULT_ONLY_VIA_ROOT_AUTH_KEEP_SESSION && @@ -242,7 +246,8 @@ verify_with_polkit (const char *dbus_name, *result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH && *result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION && *result != POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS) { - fprintf (stderr, "given auth type is bogus\n"); + fprintf (stderr, "given auth type (%d -> %s) is bogus\n", + *result, polkit_result_to_string_representation (*result)); goto out; } @@ -329,12 +334,11 @@ error: return FALSE; } -/* synopsis: /usr/libexec/polkit-grant-helper +/* synopsis: polkit-grant-helper * - * : unique name of caller on the system message bus to grant privilege to + * : unique name of caller on the system message bus to grant privilege to (may be blank) + * : process id of caller to grant privilege to * : the PolicyKit action - * : resource-type - * : resource-name * * PAM interaction happens via stdin/stdout. * @@ -349,11 +353,10 @@ main (int argc, char *argv[]) { int ret; uid_t invoking_user_id; + pid_t caller_pid; const char *invoking_user_name; const char *dbus_name; const char *action_name; - const char *resource_type; - const char *resource_name; PolKitResult result; const char *user_to_auth; char *session_objpath; @@ -363,7 +366,7 @@ main (int argc, char *argv[]) ret = 3; - if (argc != 5) { + if (argc != 4) { fprintf (stderr, "wrong use\n"); goto out; } @@ -408,14 +411,12 @@ main (int argc, char *argv[]) setenv ("PATH", "/bin:/usr/bin", 1); dbus_name = argv[1]; - action_name = argv[2]; - resource_type = argv[3]; - resource_name = argv[4]; + caller_pid = atoi(argv[2]); /* TODO: use safer function? */ + action_name = argv[3]; fprintf (stderr, "dbus_name = %s\n", dbus_name); + fprintf (stderr, "caller_pid = %d\n", caller_pid); fprintf (stderr, "action_name = %s\n", action_name); - fprintf (stderr, "resource_type = %s\n", resource_type); - fprintf (stderr, "resource_name = %s\n", resource_name); ret = 2; @@ -423,7 +424,7 @@ main (int argc, char *argv[]) * * verify that the given thing to auth for really supports grant by auth in the requested way */ - if (!verify_with_polkit (dbus_name, action_name, resource_type, resource_name, &result, &session_objpath)) + if (!verify_with_polkit (dbus_name, caller_pid, action_name, &result, &session_objpath)) goto out; /* tell user about the grant details; e.g. whether it's auth_self_keep_always or auth_self etc. */ @@ -439,6 +440,8 @@ main (int argc, char *argv[]) user_to_auth = invoking_user_name; } + ret = 1; + /* OK, start auth! */ if (!do_auth (user_to_auth)) goto out; @@ -452,9 +455,14 @@ main (int argc, char *argv[]) polkit_result_to_string_representation (result)); fflush (stdout); - if (!get_and_validate_override_details (&result)) + if (!get_and_validate_override_details (&result)) { + /* if this fails it means bogus input from user */ + ret = 2; goto out; + } + fprintf (stderr, "OK; TODO: write to database\n"); +#if 0 /* TODO: FIXME: XXX: this format of storing granted privileges needs be redone * * this concerns these two files @@ -507,8 +515,10 @@ main (int argc, char *argv[]) fprintf (stderr, "file is '%s'\n", grant_file); FILE *f = fopen (grant_file, "w"); fclose (f); +#endif ret = 0; out: + fprintf (stderr, "exiting with code %d\n", ret); return ret; } diff --git a/polkit-grant/polkit-grant.c b/polkit-grant/polkit-grant.c index d73a0aa..fcd2511 100644 --- a/polkit-grant/polkit-grant.c +++ b/polkit-grant/polkit-grant.c @@ -370,14 +370,12 @@ polkit_grant_cancel_auth (PolKitGrant *polkit_grant) * polkit_grant_initiate_auth: * @polkit_grant: the object * @action: Action requested by caller - * @resource: Resource in question * @caller: Caller in question * * Initiate authentication to obtain the privilege for the given - * @caller to perform the specified @action on the given - * @resource. The caller of this method must have setup callback - * functions using the method polkit_grant_set_functions() prior to - * calling this method. + * @caller to perform the specified @action. The caller of this method + * must have setup callback functions using the method + * polkit_grant_set_functions() prior to calling this method. * * Implementation-wise, this class uses a secure (e.g. as in that it * checks all information and fundamenally don't trust the caller; @@ -390,43 +388,40 @@ polkit_grant_cancel_auth (PolKitGrant *polkit_grant) * Returns: #TRUE only if authentication have been initiated. **/ polkit_bool_t -polkit_grant_initiate_auth (PolKitGrant *polkit_grant, - PolKitAction *action, - PolKitResource *resource, - PolKitCaller *caller) +polkit_grant_initiate_auth (PolKitGrant *polkit_grant, + PolKitAction *action, + PolKitCaller *caller) { + pid_t pid; char *dbus_name; char *action_id; - char *resource_type; - char *resource_id; GError *g_error; - const char *helper_argv[6]; + char *helper_argv[5]; g_return_val_if_fail (polkit_grant != NULL, FALSE); /* check that callback functions have been properly set up */ g_return_val_if_fail (polkit_grant->func_done != NULL, FALSE); - if (!polkit_caller_get_dbus_name (caller, &dbus_name)) - goto error; - - if (!polkit_action_get_action_id (action, &action_id)) + if (!polkit_caller_get_pid (caller, &pid)) goto error; - if (!polkit_resource_get_resource_type (resource, &resource_type)) + if (!polkit_caller_get_dbus_name (caller, &dbus_name)) goto error; - if (!polkit_resource_get_resource_id (resource, &resource_id)) + if (!polkit_action_get_action_id (action, &action_id)) goto error; /* TODO: verify incoming args */ - //helper_argv[0] = "/home/davidz/Hacking/PolicyKit/polkit-grant/.libs/polkit-grant-helper"; - helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-grant-helper"; - helper_argv[1] = dbus_name; - helper_argv[2] = action_id; - helper_argv[3] = resource_type; - helper_argv[4] = resource_id; - helper_argv[5] = NULL; + helper_argv[0] = "/home/davidz/Hacking/PolicyKit/polkit-grant/.libs/polkit-grant-helper"; + // TODO FIXME: helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-grant-helper"; + if (dbus_name == NULL) + helper_argv[1] = ""; + else + helper_argv[1] = dbus_name; + helper_argv[2] = g_strdup_printf ("%d", pid); + helper_argv[3] = action_id; + helper_argv[4] = NULL; polkit_grant->child_stdin = -1; polkit_grant->child_stdout = -1; @@ -446,8 +441,10 @@ polkit_grant_initiate_auth (PolKitGrant *polkit_grant, &g_error)) { fprintf (stderr, "Cannot spawn helper: %s.\n", g_error->message); g_error_free (g_error); + g_free (helper_argv[2]); goto error; } + g_free (helper_argv[2]); polkit_grant->child_watch_id = polkit_grant->func_add_child_watch (polkit_grant, polkit_grant->child_pid); if (polkit_grant->child_watch_id == 0) diff --git a/polkit-grant/polkit-grant.h b/polkit-grant/polkit-grant.h index cc04d42..63c6e79 100644 --- a/polkit-grant/polkit-grant.h +++ b/polkit-grant/polkit-grant.h @@ -330,9 +330,9 @@ void polkit_grant_set_functions (PolKitGrant *polkit_grant, PolKitGrantOverrideGrantType func_override_grant_type, PolKitGrantDone func_done, void *user_data); -polkit_bool_t polkit_grant_initiate_auth (PolKitGrant *polkit_grant, + +polkit_bool_t polkit_grant_initiate_auth (PolKitGrant *polkit_grant, PolKitAction *action, - PolKitResource *resource, PolKitCaller *caller); void polkit_grant_cancel_auth (PolKitGrant *polkit_grant); diff --git a/polkit/Makefile.am b/polkit/Makefile.am index 5313952..c3968b4 100644 --- a/polkit/Makefile.am +++ b/polkit/Makefile.am @@ -24,7 +24,6 @@ libpolkitinclude_HEADERS = \ polkit-result.h \ polkit-context.h \ polkit-action.h \ - polkit-resource.h \ polkit-seat.h \ polkit-session.h \ polkit-caller.h \ @@ -41,7 +40,6 @@ libpolkit_la_SOURCES = \ polkit-result.h polkit-result.c \ polkit-context.h polkit-context.c \ polkit-action.h polkit-action.c \ - polkit-resource.h polkit-resource.c \ polkit-seat.h polkit-seat.c \ polkit-session.h polkit-session.c \ polkit-caller.h polkit-caller.c \ diff --git a/polkit/polkit-caller.c b/polkit/polkit-caller.c index e096d0b..b690445 100644 --- a/polkit/polkit-caller.c +++ b/polkit/polkit-caller.c @@ -339,7 +339,5 @@ polkit_caller_validate (PolKitCaller *caller) { g_return_val_if_fail (caller != NULL, FALSE); g_return_val_if_fail (caller->pid > 0, FALSE); - g_return_val_if_fail (caller->dbus_name != NULL, FALSE); - /* NOTE TODO FIXME: remove need to have a dbus name set */ return TRUE; } diff --git a/polkit/polkit-context.c b/polkit/polkit-context.c index 0e17aa2..a63d9c9 100644 --- a/polkit/polkit-context.c +++ b/polkit/polkit-context.c @@ -464,78 +464,22 @@ polkit_context_get_policy_cache (PolKitContext *pk_context) return pk_context->priv_cache; } - -/** - * polkit_context_get_seat_resource_association: - * @pk_context: the PolicyKit context - * @visitor: visitor function - * @user_data: user data - * - * Retrieve information about what resources are associated to what - * seats. Note that a resource may be associated to more than one - * seat. This information stems from user configuration and consumers - * of this information that know better (e.g. HAL) may choose to - * override it. - * - * Typically, this information is used to e.g. bootstrap the system - * insofar that it can be used to start login greeters on the given - * video hardware (e.g. resources) on the given user-configured seats. - * - * If a resource is not associated with any seat, it is assumed to be - * available to any local seat. - * - * Returns: A #PolKitResult - can only be one of - * #POLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW or - * #POLKIT_RESULT_YES (if the callback was invoked) - */ -PolKitResult -polkit_context_get_seat_resource_association (PolKitContext *pk_context, - PolKitSeatVisitorCB visitor, - void *user_data) -{ - return POLKIT_RESULT_YES; -} - /** - * polkit_context_is_resource_associated_with_seat: - * @pk_context: the PolicyKit context - * @resource: the resource in question - * @seat: the seat - * - * Determine if a given resource is associated with a given seat. The - * same comments noted in polkit_get_seat_resource_association() about the - * source purely being user configuration applies here as well. - * - * Returns: A #PolKitResult - can only be one of - * #POLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW, - * #POLKIT_RESULT_YES, #POLKIT_RESULT_NO. - */ -PolKitResult -polkit_context_is_resource_associated_with_seat (PolKitContext *pk_context, - PolKitResource *resource, - PolKitSeat *seat) -{ - return POLKIT_RESULT_NO; -} - -/** - * polkit_context_can_session_access_resource: + * polkit_context_can_session_do_action: * @pk_context: the PolicyKit context * @action: the type of access to check for - * @resource: the resource in question or #NULL to test for all resources * @session: the session in question * - * Determine if a given session can access a given resource in a given way. + * Determine if a given session can do a given action. * * Returns: A #PolKitResult - can only be one of * #POLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW, * #POLKIT_RESULT_YES, #POLKIT_RESULT_NO. */ PolKitResult -polkit_context_can_session_access_resource (PolKitContext *pk_context, - PolKitAction *action, - PolKitResource *resource, - PolKitSession *session) +polkit_context_can_session_do_action (PolKitContext *pk_context, + PolKitAction *action, + PolKitSession *session) { PolKitPolicyCache *cache; PolKitPolicyFileEntry *pfe; @@ -546,17 +490,12 @@ polkit_context_can_session_access_resource (PolKitContext *pk_context, current_result = POLKIT_RESULT_NO; g_return_val_if_fail (pk_context != NULL, current_result); - /* resource may actually by NULL */ if (action == NULL || session == NULL) goto out; - /* now validate the incoming objects */ if (!polkit_action_validate (action)) goto out; - if (resource == NULL) - if (!polkit_resource_validate (resource)) - goto out; if (!polkit_session_validate (session)) goto out; @@ -564,10 +503,8 @@ polkit_context_can_session_access_resource (PolKitContext *pk_context, if (cache == NULL) goto out; - _pk_debug ("entering polkit_can_session_access_resource()"); + _pk_debug ("entering polkit_can_session_do_action()"); polkit_action_debug (action); - if (resource != NULL) - polkit_resource_debug (resource); polkit_session_debug (session); pfe = polkit_policy_cache_get_entry (cache, action); @@ -590,9 +527,9 @@ polkit_context_can_session_access_resource (PolKitContext *pk_context, /* visit modules */ for (i = pk_context->modules; i != NULL; i = g_slist_next (i)) { PolKitModuleInterface *module_interface = i->data; - PolKitModuleCanSessionAccessResource func; + PolKitModuleCanSessionDoAction func; - func = polkit_module_get_func_can_session_access_resource (module_interface); + func = polkit_module_get_func_can_session_do_action (module_interface); if (func != NULL) { PolKitModuleControl module_control; PolKitResult module_result; @@ -605,7 +542,6 @@ polkit_context_can_session_access_resource (PolKitContext *pk_context, module_interface, pk_context, action, - resource, session)) { /* module is confined by built-in options */ module_result = POLKIT_RESULT_UNKNOWN_ACTION; @@ -615,7 +551,6 @@ polkit_context_can_session_access_resource (PolKitContext *pk_context, module_result = func (module_interface, pk_context, action, - resource, session); } @@ -657,22 +592,20 @@ out: } /** - * polkit_context_can_caller_access_resource: + * polkit_context_can_caller_do_action: * @pk_context: the PolicyKit context * @action: the type of access to check for - * @resource: the resource in question or #NULL to test for all resources - * @caller: the resource in question + * @caller: the caller in question * - * Determine if a given caller can access a given resource in a given way. + * Determine if a given caller can do a given action. * * Returns: A #PolKitResult specifying if, and how, the caller can - * access the resource in the given way + * do a specific action */ PolKitResult -polkit_context_can_caller_access_resource (PolKitContext *pk_context, - PolKitAction *action, - PolKitResource *resource, - PolKitCaller *caller) +polkit_context_can_caller_do_action (PolKitContext *pk_context, + PolKitAction *action, + PolKitCaller *caller) { PolKitPolicyCache *cache; PolKitPolicyFileEntry *pfe; @@ -683,7 +616,6 @@ polkit_context_can_caller_access_resource (PolKitContext *pk_context, current_result = POLKIT_RESULT_NO; g_return_val_if_fail (pk_context != NULL, current_result); - /* resource may actually by NULL */ if (action == NULL || caller == NULL) goto out; @@ -694,16 +626,11 @@ polkit_context_can_caller_access_resource (PolKitContext *pk_context, /* now validate the incoming objects */ if (!polkit_action_validate (action)) goto out; - if (resource == NULL) - if (!polkit_resource_validate (resource)) - goto out; if (!polkit_caller_validate (caller)) goto out; - _pk_debug ("entering polkit_can_caller_access_resource()"); + _pk_debug ("entering polkit_can_caller_do_action()"); polkit_action_debug (action); - if (resource != NULL) - polkit_resource_debug (resource); polkit_caller_debug (caller); pfe = polkit_policy_cache_get_entry (cache, action); @@ -726,9 +653,9 @@ polkit_context_can_caller_access_resource (PolKitContext *pk_context, /* visit modules */ for (i = pk_context->modules; i != NULL; i = g_slist_next (i)) { PolKitModuleInterface *module_interface = i->data; - PolKitModuleCanCallerAccessResource func; + PolKitModuleCanCallerDoAction func; - func = polkit_module_get_func_can_caller_access_resource (module_interface); + func = polkit_module_get_func_can_caller_do_action (module_interface); if (func != NULL) { PolKitModuleControl module_control; PolKitResult module_result; @@ -741,7 +668,6 @@ polkit_context_can_caller_access_resource (PolKitContext *pk_context, module_interface, pk_context, action, - resource, caller)) { /* module is confined by built-in options */ module_result = POLKIT_RESULT_UNKNOWN_ACTION; @@ -751,7 +677,6 @@ polkit_context_can_caller_access_resource (PolKitContext *pk_context, module_result = func (module_interface, pk_context, action, - resource, caller); } diff --git a/polkit/polkit-context.h b/polkit/polkit-context.h index 13d53bf..0261338 100644 --- a/polkit/polkit-context.h +++ b/polkit/polkit-context.h @@ -35,7 +35,6 @@ #include #include #include -#include #include #include #include @@ -148,39 +147,15 @@ void polkit_context_unref (PolKitContext PolKitPolicyCache *polkit_context_get_policy_cache (PolKitContext *pk_context); -/** - * PolKitSeatVisitorCB: - * @seat: the seat - * @resources_associated_with_seat: A NULL terminated array of resources associated with the seat - * @user_data: user data - * - * Visitor function for polkit_get_seat_resource_association(). The caller should _not_ unref the passed objects. - */ -typedef void (*PolKitSeatVisitorCB) (PolKitSeat *seat, - PolKitResource **resources_associated_with_seat, - void *user_data); - -PolKitResult -polkit_context_get_seat_resource_association (PolKitContext *pk_context, - PolKitSeatVisitorCB visitor, - void *user_data); - -PolKitResult -polkit_context_is_resource_associated_with_seat (PolKitContext *pk_context, - PolKitResource *resource, - PolKitSeat *seat); - PolKitResult -polkit_context_can_session_access_resource (PolKitContext *pk_context, - PolKitAction *action, - PolKitResource *resource, - PolKitSession *session); +polkit_context_can_session_do_action (PolKitContext *pk_context, + PolKitAction *action, + PolKitSession *session); PolKitResult -polkit_context_can_caller_access_resource (PolKitContext *pk_context, - PolKitAction *action, - PolKitResource *resource, - PolKitCaller *caller); +polkit_context_can_caller_do_action (PolKitContext *pk_context, + PolKitAction *action, + PolKitCaller *caller); #endif /* POLKIT_CONTEXT_H */ diff --git a/polkit/polkit-module.c b/polkit/polkit-module.c index aab1fc4..833cc22 100644 --- a/polkit/polkit-module.c +++ b/polkit/polkit-module.c @@ -59,10 +59,8 @@ struct PolKitModuleInterface PolKitModuleInitialize func_initialize; PolKitModuleShutdown func_shutdown; - PolKitModuleGetSeatResourceAssociation func_get_seat_resource_association; - PolKitModuleIsResourceAssociatedWithSeat func_is_resource_associated_with_seat; - PolKitModuleCanSessionAccessResource func_can_session_access_resource; - PolKitModuleCanCallerAccessResource func_can_caller_access_resource; + PolKitModuleCanSessionDoAction func_can_session_do_action; + PolKitModuleCanCallerDoAction func_can_caller_do_action; polkit_bool_t builtin_have_action_regex; regex_t builtin_action_regex_compiled; @@ -348,67 +346,38 @@ polkit_module_set_func_initialize (PolKitModuleInterface *module_interface, **/ void polkit_module_set_func_shutdown (PolKitModuleInterface *module_interface, - PolKitModuleShutdown func) + PolKitModuleShutdown func) { g_return_if_fail (module_interface != NULL); module_interface->func_shutdown = func; } /** - * polkit_module_set_func_get_seat_resource_association: + * polkit_module_set_func_can_session_do_action: * @module_interface: the module interface * @func: the function pointer * * Set the function pointer. **/ -void -polkit_module_set_func_get_seat_resource_association (PolKitModuleInterface *module_interface, - PolKitModuleGetSeatResourceAssociation func) -{ - g_return_if_fail (module_interface != NULL); - module_interface->func_get_seat_resource_association = func; -} - -/** - * polkit_module_set_func_is_resource_associated_with_seat: - * @module_interface: the module interface - * @func: the function pointer - * - * Set the function pointer. - **/ -void polkit_module_set_func_is_resource_associated_with_seat (PolKitModuleInterface *module_interface, - PolKitModuleIsResourceAssociatedWithSeat func) +void polkit_module_set_func_can_session_do_action (PolKitModuleInterface *module_interface, + PolKitModuleCanSessionDoAction func) { g_return_if_fail (module_interface != NULL); - module_interface->func_is_resource_associated_with_seat = func; + module_interface->func_can_session_do_action = func; } /** - * polkit_module_set_func_can_session_access_resource: + * polkit_module_set_func_can_caller_do_action: * @module_interface: the module interface * @func: the function pointer * * Set the function pointer. **/ -void polkit_module_set_func_can_session_access_resource (PolKitModuleInterface *module_interface, - PolKitModuleCanSessionAccessResource func) +void polkit_module_set_func_can_caller_do_action (PolKitModuleInterface *module_interface, + PolKitModuleCanCallerDoAction func) { g_return_if_fail (module_interface != NULL); - module_interface->func_can_session_access_resource = func; -} - -/** - * polkit_module_set_func_can_caller_access_resource: - * @module_interface: the module interface - * @func: the function pointer - * - * Set the function pointer. - **/ -void polkit_module_set_func_can_caller_access_resource (PolKitModuleInterface *module_interface, - PolKitModuleCanCallerAccessResource func) -{ - g_return_if_fail (module_interface != NULL); - module_interface->func_can_caller_access_resource = func; + module_interface->func_can_caller_do_action = func; } /** @@ -442,63 +411,33 @@ polkit_module_get_func_shutdown (PolKitModuleInterface *module_interface) } /** - * polkit_module_get_func_get_seat_resource_association: - * @module_interface: the module interface - * - * Get the function pointer. - * - * Returns: Function pointer or #NULL if it's unavailable or an error occured - **/ -PolKitModuleGetSeatResourceAssociation -polkit_module_get_func_get_seat_resource_association (PolKitModuleInterface *module_interface) -{ - g_return_val_if_fail (module_interface != NULL, NULL); - return module_interface->func_get_seat_resource_association; -} - -/** - * polkit_module_get_func_is_resource_associated_with_seat: - * @module_interface: the module interface - * - * Get the function pointer. - * - * Returns: Function pointer or #NULL if it's unavailable or an error occured - **/ -PolKitModuleIsResourceAssociatedWithSeat -polkit_module_get_func_is_resource_associated_with_seat (PolKitModuleInterface *module_interface) -{ - g_return_val_if_fail (module_interface != NULL, NULL); - return module_interface->func_is_resource_associated_with_seat; -} - -/** - * polkit_module_get_func_can_session_access_resource: + * polkit_module_get_func_can_session_do_action: * @module_interface: the module interface * * Get the function pointer. * * Returns: Function pointer or #NULL if it's unavailable or an error occured **/ -PolKitModuleCanSessionAccessResource -polkit_module_get_func_can_session_access_resource (PolKitModuleInterface *module_interface) +PolKitModuleCanSessionDoAction +polkit_module_get_func_can_session_do_action (PolKitModuleInterface *module_interface) { g_return_val_if_fail (module_interface != NULL, NULL); - return module_interface->func_can_session_access_resource; + return module_interface->func_can_session_do_action; } /** - * polkit_module_get_func_can_caller_access_resource: + * polkit_module_get_func_can_caller_do_action: * @module_interface: the module interface * * Get the function pointer. * * Returns: Function pointer or #NULL if it's unavailable or an error occured **/ -PolKitModuleCanCallerAccessResource -polkit_module_get_func_can_caller_access_resource (PolKitModuleInterface *module_interface) +PolKitModuleCanCallerDoAction +polkit_module_get_func_can_caller_do_action (PolKitModuleInterface *module_interface) { g_return_val_if_fail (module_interface != NULL, NULL); - return module_interface->func_can_caller_access_resource; + return module_interface->func_can_caller_do_action; } @@ -680,7 +619,6 @@ _check_users_for_caller (PolKitModuleInterface *module_interface, PolKitCaller * * @module_interface: the given module * @pk_context: the PolicyKit context * @action: the type of access to check for - * @resource: the resource in question * @session: the session in question * * Check whether some of the built-in module options (e.g. action="hal-storage-*", @@ -690,10 +628,9 @@ _check_users_for_caller (PolKitModuleInterface *module_interface, PolKitCaller * **/ polkit_bool_t polkit_module_interface_check_builtin_confinement_for_session (PolKitModuleInterface *module_interface, - PolKitContext *pk_context, - PolKitAction *action, - PolKitResource *resource, - PolKitSession *session) + PolKitContext *pk_context, + PolKitAction *action, + PolKitSession *session) { polkit_bool_t ret; ret = TRUE; @@ -716,8 +653,7 @@ out: * @module_interface: the given module * @pk_context: the PolicyKit context * @action: the type of access to check for - * @resource: the resource in question - * @caller: the resource in question + * @caller: the caller in question * * Check whether some of the built-in module options (e.g. action="hal-storage-*", * user=davidz) confines the given module, e.g. whether it should be skipped. @@ -726,10 +662,9 @@ out: **/ polkit_bool_t polkit_module_interface_check_builtin_confinement_for_caller (PolKitModuleInterface *module_interface, - PolKitContext *pk_context, - PolKitAction *action, - PolKitResource *resource, - PolKitCaller *caller) + PolKitContext *pk_context, + PolKitAction *action, + PolKitCaller *caller) { polkit_bool_t ret; ret = TRUE; diff --git a/polkit/polkit-module.h b/polkit/polkit-module.h index 3e6fed7..02dd9ca 100644 --- a/polkit/polkit-module.h +++ b/polkit/polkit-module.h @@ -59,72 +59,36 @@ typedef polkit_bool_t (*PolKitModuleInitialize) (PolKitModuleInterface *modu typedef void (*PolKitModuleShutdown) (PolKitModuleInterface *module_interface); /** - * PolKitModuleGetSeatResourceAssociation: - * @module_interface: the module interface - * @pk_context: the PolicyKit context - * @visitor: visitor function - * @user_data: user data - * - * Type of PolicyKit module function to implement polkit_get_seat_resource_association(). - * - * Returns: the #PolKitResult - **/ -typedef PolKitResult (*PolKitModuleGetSeatResourceAssociation) (PolKitModuleInterface *module_interface, - PolKitContext *pk_context, - PolKitSeatVisitorCB visitor, - void *user_data); - -/** - * PolKitModuleIsResourceAssociatedWithSeat: - * @module_interface: the module interface - * @pk_context: the PolicyKit context - * @resource: the resource in question - * @seat: the seat - * - * Type of PolicyKit module function to implement polkit_is_resource_associated_with_seat(). - * - * Returns: the #PolKitResult - **/ -typedef PolKitResult (*PolKitModuleIsResourceAssociatedWithSeat) (PolKitModuleInterface *module_interface, - PolKitContext *pk_context, - PolKitResource *resource, - PolKitSeat *seat); - -/** - * PolKitModuleCanSessionAccessResource: + * PolKitModuleCanSessionAccessDoAction: * @module_interface: the module interface * @pk_context: the PolicyKit context * @action: the type of access to check for - * @resource: the resource in question * @session: the session in question * - * Type of PolicyKit module function to implement polkit_can_session_access_resource(). + * Type of PolicyKit module function to implement polkit_can_session_access_do_action(). * * Returns: the #PolKitResult **/ -typedef PolKitResult (*PolKitModuleCanSessionAccessResource) (PolKitModuleInterface *module_interface, - PolKitContext *pk_context, - PolKitAction *action, - PolKitResource *resource, - PolKitSession *session); +typedef PolKitResult (*PolKitModuleCanSessionDoAction) (PolKitModuleInterface *module_interface, + PolKitContext *pk_context, + PolKitAction *action, + PolKitSession *session); /** - * PolKitModuleCanCallerAccessResource: + * PolKitModuleCanCallerAccessDoAction: * @module_interface: the module interface * @pk_context: the PolicyKit context * @action: the type of access to check for - * @resource: the resource in question - * @caller: the resource in question + * @caller: the caller in question * - * Type of PolicyKit module function to implement polkit_can_caller_access_resource(). + * Type of PolicyKit module function to implement polkit_can_caller_do_action(). * * Returns: the #PolKitResult **/ -typedef PolKitResult (*PolKitModuleCanCallerAccessResource) (PolKitModuleInterface *module_interface, - PolKitContext *pk_context, - PolKitAction *action, - PolKitResource *resource, - PolKitCaller *caller); +typedef PolKitResult (*PolKitModuleCanCallerDoAction) (PolKitModuleInterface *module_interface, + PolKitContext *pk_context, + PolKitAction *action, + PolKitCaller *caller); PolKitModuleInterface *polkit_module_interface_new (void); PolKitModuleInterface *polkit_module_interface_ref (PolKitModuleInterface *module_interface); @@ -134,25 +98,19 @@ const char *polkit_module_get_name (PolKitModuleInterface *mod void polkit_module_set_user_data (PolKitModuleInterface *module_interface, void *user_data); void *polkit_module_get_user_data (PolKitModuleInterface *module_interface); -void polkit_module_set_func_initialize (PolKitModuleInterface *module_interface, - PolKitModuleInitialize func); -void polkit_module_set_func_shutdown (PolKitModuleInterface *module_interface, - PolKitModuleShutdown func); -void polkit_module_set_func_get_seat_resource_association (PolKitModuleInterface *module_interface, - PolKitModuleGetSeatResourceAssociation func); -void polkit_module_set_func_is_resource_associated_with_seat (PolKitModuleInterface *module_interface, - PolKitModuleIsResourceAssociatedWithSeat func); -void polkit_module_set_func_can_session_access_resource (PolKitModuleInterface *module_interface, - PolKitModuleCanSessionAccessResource func); -void polkit_module_set_func_can_caller_access_resource (PolKitModuleInterface *module_interface, - PolKitModuleCanCallerAccessResource func); +void polkit_module_set_func_initialize (PolKitModuleInterface *module_interface, + PolKitModuleInitialize func); +void polkit_module_set_func_shutdown (PolKitModuleInterface *module_interface, + PolKitModuleShutdown func); +void polkit_module_set_func_can_session_do_action (PolKitModuleInterface *module_interface, + PolKitModuleCanSessionDoAction func); +void polkit_module_set_func_can_caller_do_action (PolKitModuleInterface *module_interface, + PolKitModuleCanCallerDoAction func); PolKitModuleInitialize polkit_module_get_func_initialize (PolKitModuleInterface *module_interface); PolKitModuleShutdown polkit_module_get_func_shutdown (PolKitModuleInterface *module_interface); -PolKitModuleGetSeatResourceAssociation polkit_module_get_func_get_seat_resource_association (PolKitModuleInterface *module_interface); -PolKitModuleIsResourceAssociatedWithSeat polkit_module_get_func_is_resource_associated_with_seat (PolKitModuleInterface *module_interface); -PolKitModuleCanSessionAccessResource polkit_module_get_func_can_session_access_resource (PolKitModuleInterface *module_interface); -PolKitModuleCanCallerAccessResource polkit_module_get_func_can_caller_access_resource (PolKitModuleInterface *module_interface); +PolKitModuleCanSessionDoAction polkit_module_get_func_can_session_do_action (PolKitModuleInterface *module_interface); +PolKitModuleCanCallerDoAction polkit_module_get_func_can_caller_do_action (PolKitModuleInterface *module_interface); /** * PolKitModuleControl: @@ -193,15 +151,13 @@ PolKitModuleControl polkit_module_interface_get_control (PolKitModuleInterface * polkit_bool_t polkit_module_interface_check_builtin_confinement_for_session (PolKitModuleInterface *module_interface, PolKitContext *pk_context, - PolKitAction *action, - PolKitResource *resource, + PolKitAction *action, PolKitSession *session); polkit_bool_t polkit_module_interface_check_builtin_confinement_for_caller (PolKitModuleInterface *module_interface, PolKitContext *pk_context, - PolKitAction *action, - PolKitResource *resource, + PolKitAction *action, PolKitCaller *caller); #endif /* POLKIT_MODULE_H */ diff --git a/polkit/polkit-policy-default.c b/polkit/polkit-policy-default.c index 074fb93..d9949cb 100644 --- a/polkit/polkit-policy-default.c +++ b/polkit/polkit-policy-default.c @@ -143,24 +143,22 @@ polkit_policy_default_debug (PolKitPolicyDefault *policy_default) /** - * polkit_policy_default_can_session_access_resource: + * polkit_policy_default_can_session_do_action: * @policy_default: the object * @action: the type of access to check for - * @resource: the resource in question * @session: the session in question * * Using the default policy for an action, determine if a given - * session can access a given resource in a given way. + * session can do a given action. * * Returns: A #PolKitResult - can only be one of * #POLKIT_RESULT_NOT_AUTHORIZED_TO_KNOW, * #POLKIT_RESULT_YES, #POLKIT_RESULT_NO. **/ PolKitResult -polkit_policy_default_can_session_access_resource (PolKitPolicyDefault *policy_default, - PolKitAction *action, - PolKitResource *resource, - PolKitSession *session) +polkit_policy_default_can_session_do_action (PolKitPolicyDefault *policy_default, + PolKitAction *action, + PolKitSession *session) { polkit_bool_t is_local; polkit_bool_t is_active; @@ -195,23 +193,21 @@ out: } /** - * polkit_policy_default_can_caller_access_resource: + * polkit_policy_default_can_caller_do_action: * @policy_default: the object * @action: the type of access to check for - * @resource: the resource in question - * @caller: the resource in question + * @caller: the caller in question * * Using the default policy for an action, determine if a given - * caller can access a given resource in a given way. + * caller can do a given action. * * Returns: A #PolKitResult specifying if, and how, the caller can - * access the resource in the given way + * do the given action. **/ PolKitResult -polkit_policy_default_can_caller_access_resource (PolKitPolicyDefault *policy_default, - PolKitAction *action, - PolKitResource *resource, - PolKitCaller *caller) +polkit_policy_default_can_caller_do_action (PolKitPolicyDefault *policy_default, + PolKitAction *action, + PolKitCaller *caller) { polkit_bool_t is_local; polkit_bool_t is_active; diff --git a/polkit/polkit-policy-default.h b/polkit/polkit-policy-default.h index 9dad92c..68b6946 100644 --- a/polkit/polkit-policy-default.h +++ b/polkit/polkit-policy-default.h @@ -32,7 +32,6 @@ #include #include -#include #include #include #include @@ -44,14 +43,13 @@ PolKitPolicyDefault *polkit_policy_default_ref (PolKitPolicyDefault *policy void polkit_policy_default_unref (PolKitPolicyDefault *policy_default); void polkit_policy_default_debug (PolKitPolicyDefault *policy_default); -PolKitResult polkit_policy_default_can_session_access_resource (PolKitPolicyDefault *policy_default, - PolKitAction *action, - PolKitResource *resource, - PolKitSession *session); -PolKitResult polkit_policy_default_can_caller_access_resource (PolKitPolicyDefault *policy_default, - PolKitAction *action, - PolKitResource *resource, - PolKitCaller *caller); +PolKitResult polkit_policy_default_can_session_do_action (PolKitPolicyDefault *policy_default, + PolKitAction *action, + PolKitSession *session); + +PolKitResult polkit_policy_default_can_caller_do_action (PolKitPolicyDefault *policy_default, + PolKitAction *action, + PolKitCaller *caller); PolKitResult polkit_policy_default_get_allow_remote_inactive (PolKitPolicyDefault *policy_default); PolKitResult polkit_policy_default_get_allow_remote_active (PolKitPolicyDefault *policy_default); diff --git a/polkit/polkit-policy-file-entry.c b/polkit/polkit-policy-file-entry.c index f72c87c..c0c7941 100644 --- a/polkit/polkit-policy-file-entry.c +++ b/polkit/polkit-policy-file-entry.c @@ -197,7 +197,7 @@ polkit_policy_file_get_action_description (PolKitPolicyFileEntry *policy_file_en * * Get a phrase, for the policy entry in question, that can be shown * in the user interface explaining that the caller doesn't possess - * the privilege to perform the given action on the given resource. + * the privilege to perform the given action. * * The returned string may contain a single %s entry - the caller * should use a printf-style function to replace this with a human diff --git a/polkit/polkit-policy-file-entry.h b/polkit/polkit-policy-file-entry.h index 5e0b310..70be923 100644 --- a/polkit/polkit-policy-file-entry.h +++ b/polkit/polkit-policy-file-entry.h @@ -45,10 +45,7 @@ const char *polkit_policy_file_entry_get_group_id (PolKitPolicyFileEn PolKitPolicyDefault *polkit_policy_file_entry_get_default (PolKitPolicyFileEntry *policy_file_entry); const char *polkit_policy_file_get_group_description (PolKitPolicyFileEntry *policy_file_entry); -const char *polkit_policy_file_get_group_description_short (PolKitPolicyFileEntry *policy_file_entry); const char *polkit_policy_file_get_action_description (PolKitPolicyFileEntry *policy_file_entry); -const char *polkit_policy_file_get_action_missing (PolKitPolicyFileEntry *policy_file_entry); -const char *polkit_policy_file_get_action_apply_to_all_mnemonic (PolKitPolicyFileEntry *policy_file_entry); #endif /* POLKIT_POLICY_FILE_ENTRY_H */ diff --git a/polkit/polkit-resource.c b/polkit/polkit-resource.c deleted file mode 100644 index 70d7d53..0000000 --- a/polkit/polkit-resource.c +++ /dev/null @@ -1,232 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */ -/*************************************************************************** - * - * polkit-resource.c : resources - * - * Copyright (C) 2007 David Zeuthen, - * - * Licensed under the Academic Free License version 2.1 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - **************************************************************************/ - -#ifdef HAVE_CONFIG_H -# include -#endif - -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include "polkit-debug.h" -#include "polkit-resource.h" -#include "polkit-utils.h" - -/** - * SECTION:polkit-resource - * @short_description: Resources. - * - * This class is used to represent a resource. TODO: describe what a resource really is. - **/ - -/** - * PolKitResource: - * - * Objects of this class are used to record information about a - * resource. TODO: describe what a resource really is. - **/ -struct PolKitResource -{ - int refcount; - char *type; - char *id; -}; - -/** - * polkit_resource_new: - * - * Create a new #PolKitResource object. - * - * Returns: the new object - **/ -PolKitResource * -polkit_resource_new (void) -{ - PolKitResource *resource; - resource = g_new0 (PolKitResource, 1); - resource->refcount = 1; - return resource; -} - -/** - * polkit_resource_ref: - * @resource: the resource object - * - * Increase reference count - * - * Returns: the object - **/ -PolKitResource * -polkit_resource_ref (PolKitResource *resource) -{ - g_return_val_if_fail (resource != NULL, resource); - resource->refcount++; - return resource; -} - - -/** - * polkit_resource_unref: - * @resource: the resource object - * - * Decreases the reference count of the object. If it becomes zero, - * the object is freed. Before freeing, reference counts on embedded - * objects are decresed by one. - **/ -void -polkit_resource_unref (PolKitResource *resource) -{ - g_return_if_fail (resource != NULL); - - resource->refcount--; - if (resource->refcount > 0) - return; - - g_free (resource->type); - g_free (resource->id); - g_free (resource); -} - - -/** - * polkit_resource_set_resource_type: - * @resource: the resource object - * @resource_type: type of resource - * - * Set the type of the resource. TODO: link to wtf this is. - * - * Returns: #TRUE only if the value validated and was set - **/ -polkit_bool_t -polkit_resource_set_resource_type (PolKitResource *resource, const char *resource_type) -{ - g_return_val_if_fail (resource != NULL, FALSE); - g_return_val_if_fail (_pk_validate_identifier (resource_type), FALSE); - if (resource->type != NULL) - g_free (resource->type); - resource->type = g_strdup (resource_type); - return TRUE; -} - -/** - * polkit_resource_set_resource_id: - * @resource: the resource object - * @resource_id: identifier of resource - * - * set the identifier of the resource. TODO: link to wtf this is. - * - * Returns: #TRUE only if the value validated and was set - **/ -polkit_bool_t -polkit_resource_set_resource_id (PolKitResource *resource, const char *resource_id) -{ - g_return_val_if_fail (resource != NULL, FALSE); - g_return_val_if_fail (_pk_validate_identifier (resource_id), FALSE); - if (resource->id != NULL) - g_free (resource->id); - resource->id = g_strdup (resource_id); - return TRUE; -} - -/** - * polkit_resource_get_resource_type: - * @resource: the resource object - * @out_resource_type: Returns the resource type. The caller shall not free this string. - * - * Get the type of the resource. - * - * Returns: TRUE iff the value was returned. - **/ -polkit_bool_t -polkit_resource_get_resource_type (PolKitResource *resource, char **out_resource_type) -{ - g_return_val_if_fail (resource != NULL, FALSE); - g_return_val_if_fail (out_resource_type != NULL, FALSE); - - if (resource->type == NULL) - return FALSE; - - *out_resource_type = resource->type; - return TRUE; -} - -/** - * polkit_resource_get_resource_id: - * @resource: the resource object - * @out_resource_id: Returns the resource identifier. The caller shall not free this string. - * - * Get the identifier of the resource - * - * Returns: TRUE iff the value was returned. - **/ -polkit_bool_t -polkit_resource_get_resource_id (PolKitResource *resource, char **out_resource_id) -{ - g_return_val_if_fail (resource != NULL, FALSE); - g_return_val_if_fail (out_resource_id != NULL, FALSE); - - if (resource->id == NULL) - return FALSE; - - *out_resource_id = resource->id; - return TRUE; -} - -/** - * polkit_resource_debug: - * @resource: the object - * - * Print debug details - **/ -void -polkit_resource_debug (PolKitResource *resource) -{ - g_return_if_fail (resource != NULL); - _pk_debug ("PolKitResource: refcount=%d type=%s id=%s", resource->refcount, resource->type, resource->id); -} - -/** - * polkit_resource_validate: - * @resource: the object - * - * Validate the object - * - * Returns: #TRUE iff the object is valid. - **/ -polkit_bool_t -polkit_resource_validate (PolKitResource *resource) -{ - g_return_val_if_fail (resource != NULL, FALSE); - g_return_val_if_fail (resource->type != NULL, FALSE); - g_return_val_if_fail (resource->id != NULL, FALSE); - return TRUE; -} diff --git a/polkit/polkit-resource.h b/polkit/polkit-resource.h deleted file mode 100644 index 636e730..0000000 --- a/polkit/polkit-resource.h +++ /dev/null @@ -1,52 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */ -/*************************************************************************** - * - * polkit-resource.h : resources - * - * Copyright (C) 2007 David Zeuthen, - * - * Licensed under the Academic Free License version 2.1 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA - * - **************************************************************************/ - -#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) -#error "Only can be included directly, this file may disappear or change contents." -#endif - -#ifndef POLKIT_RESOURCE_H -#define POLKIT_RESOURCE_H - -#include - -struct PolKitResource; -typedef struct PolKitResource PolKitResource; - -PolKitResource *polkit_resource_new (void); -PolKitResource *polkit_resource_ref (PolKitResource *resource); -void polkit_resource_unref (PolKitResource *resource); -polkit_bool_t polkit_resource_set_resource_type (PolKitResource *resource, const char *resource_type); -polkit_bool_t polkit_resource_set_resource_id (PolKitResource *resource, const char *resource_id); -polkit_bool_t polkit_resource_get_resource_type (PolKitResource *resource, char **out_resource_type); -polkit_bool_t polkit_resource_get_resource_id (PolKitResource *resource, char **out_resource_id); - -void polkit_resource_debug (PolKitResource *resource); - -polkit_bool_t polkit_resource_validate (PolKitResource *resource); - -#endif /* POLKIT_RESOURCE_H */ - - diff --git a/polkit/polkit.h b/polkit/polkit.h index 3ce6947..148ee25 100644 --- a/polkit/polkit.h +++ b/polkit/polkit.h @@ -32,7 +32,6 @@ #include #include #include -#include #include #include #include diff --git a/tools/polkit-check-caller.c b/tools/polkit-check-caller.c index bfb3ffa..0c960b3 100644 --- a/tools/polkit-check-caller.c +++ b/tools/polkit-check-caller.c @@ -46,28 +46,22 @@ usage (int argc, char *argv[]) "\n" "usage : polkit-check-caller\n" " --caller --action \n" - " --resource-type --resource-id \n" " [--version] [--help]\n"); fprintf (stderr, "\n" " --caller Unique name of caller on the system bus\n" " --action Requested action\n" - " --resource-type Type of resource\n" - " --resource-id Identifier of resource\n" " --version Show version and exit\n" " --help Show this information and exit\n" "\n" - "Determine if a given caller can access a given resource in a given\n" - "way. If access is allowed, this program exits with exit code 0. If\n" - "no access is allowed or an error occurs, the program exits with\n" - "a non-zero exit code.\n"); + "Determine if a given caller can do a given action. If access is \n" + "allowed, this program exits with exit code 0. If no access is allowed\n" + "or an error occurs, the program exits with a non-zero exit code.\n"); } int main (int argc, char *argv[]) { - char *resource_type = NULL; - char *resource_id = NULL; char *action_id = NULL; char *dbus_name = NULL; gboolean is_version = FALSE; @@ -75,7 +69,6 @@ main (int argc, char *argv[]) DBusError error; PolKitContext *pol_ctx; PolKitCaller *caller; - PolKitResource *resource; PolKitAction *action; gboolean allowed; PolKitError *p_error; @@ -90,8 +83,6 @@ main (int argc, char *argv[]) int option_index = 0; const char *opt; static struct option long_options[] = { - {"resource-type", 1, NULL, 0}, - {"resource-id", 1, NULL, 0}, {"action", 1, NULL, 0}, {"caller", 1, NULL, 0}, {"version", 0, NULL, 0}, @@ -113,10 +104,6 @@ main (int argc, char *argv[]) return 0; } else if (strcmp (opt, "version") == 0) { is_version = TRUE; - } else if (strcmp (opt, "resource-type") == 0) { - resource_type = strdup (optarg); - } else if (strcmp (opt, "resource-id") == 0) { - resource_id = strdup (optarg); } else if (strcmp (opt, "action") == 0) { action_id = strdup (optarg); } else if (strcmp (opt, "caller") == 0) { @@ -136,7 +123,7 @@ main (int argc, char *argv[]) return 0; } - if (resource_type == NULL || resource_id == NULL || action_id == NULL || dbus_name == NULL) { + if (action_id == NULL || dbus_name == NULL) { usage (argc, argv); return 1; } @@ -159,10 +146,6 @@ main (int argc, char *argv[]) action = polkit_action_new (); polkit_action_set_action_id (action, action_id); - resource = polkit_resource_new (); - polkit_resource_set_resource_type (resource, resource_type); - polkit_resource_set_resource_id (resource, resource_id); - caller = polkit_caller_new_from_dbus_name (bus, dbus_name, &error); if (caller == NULL) { if (dbus_error_is_set (&error)) { @@ -172,7 +155,7 @@ main (int argc, char *argv[]) } } - allowed = polkit_context_can_caller_access_resource (pol_ctx, action, resource, caller); + allowed = polkit_context_can_caller_do_action (pol_ctx, action, caller); if (allowed) return 0; diff --git a/tools/polkit-check-session.c b/tools/polkit-check-session.c index b232737..fd9f467 100644 --- a/tools/polkit-check-session.c +++ b/tools/polkit-check-session.c @@ -46,28 +46,23 @@ usage (int argc, char *argv[]) "\n" "usage : polkit-check-session\n" " [--session ] --action \n" - " --resource-type --resource-id \n" " [--version] [--help]\n"); fprintf (stderr, "\n" " --session ConsoleKit object path of session\n" " --action Requested action\n" - " --resource-type Type of resource\n" - " --resource-id Identifier of resource\n" " --version Show version and exit\n" " --help Show this information and exit\n" "\n" - "Determine if a given session can access a given resource in a given\n" - "way. If no session is given, the current session is used. If access\n" - "is allowed, this program exits with exit code 0. If no access is allowed\n" + "Determine if a given callers in a given session can do a given action.\n" + "If no session is given, the current session is used. If access is\n" + "allowed, this program exits with exit code 0. If no access is allowed\n" "or an error occurs, the program exits with a non-zero exit code.\n"); } int main (int argc, char *argv[]) { - char *resource_type = NULL; - char *resource_id = NULL; char *action_id = NULL; char *session_id = NULL; char *cookie = NULL; @@ -76,7 +71,6 @@ main (int argc, char *argv[]) DBusError error; PolKitContext *pol_ctx; PolKitSession *session; - PolKitResource *resource; PolKitAction *action; gboolean allowed; PolKitError *p_error; @@ -93,8 +87,6 @@ main (int argc, char *argv[]) int option_index = 0; const char *opt; static struct option long_options[] = { - {"resource-type", 1, NULL, 0}, - {"resource-id", 1, NULL, 0}, {"action", 1, NULL, 0}, {"session", 1, NULL, 0}, {"version", 0, NULL, 0}, @@ -116,10 +108,6 @@ main (int argc, char *argv[]) return 0; } else if (strcmp (opt, "version") == 0) { is_version = TRUE; - } else if (strcmp (opt, "resource-type") == 0) { - resource_type = strdup (optarg); - } else if (strcmp (opt, "resource-id") == 0) { - resource_id = strdup (optarg); } else if (strcmp (opt, "action") == 0) { action_id = strdup (optarg); } else if (strcmp (opt, "session") == 0) { @@ -139,7 +127,7 @@ main (int argc, char *argv[]) return 0; } - if (resource_type == NULL || resource_id == NULL || action_id == NULL) { + if (action_id == NULL) { usage (argc, argv); return 1; } @@ -176,11 +164,7 @@ main (int argc, char *argv[]) action = polkit_action_new (); polkit_action_set_action_id (action, action_id); - resource = polkit_resource_new (); - polkit_resource_set_resource_type (resource, resource_type); - polkit_resource_set_resource_id (resource, resource_id); - - allowed = polkit_context_can_session_access_resource (pol_ctx, action, resource, session); + allowed = polkit_context_can_session_do_action (pol_ctx, action, session); if (allowed) return 0; diff --git a/tools/polkit-grant.c b/tools/polkit-grant.c index 0c5181d..0bf2665 100644 --- a/tools/polkit-grant.c +++ b/tools/polkit-grant.c @@ -49,13 +49,10 @@ usage (int argc, char *argv[]) "\n" "usage : polkit-grant\n" " --action \n" - " --resource-type --resource-id \n" " [--version] [--help]\n"); fprintf (stderr, "\n" " --action Requested action\n" - " --resource-type Type of resource\n" - " --resource-id Identifier of resource\n" " --version Show version and exit\n" " --help Show this information and exit\n" "\n" @@ -285,15 +282,12 @@ int main (int argc, char *argv[]) { char *action_id = NULL; - char *resource_type = NULL; - char *resource_id = NULL; gboolean is_version = FALSE; DBusConnection *bus; DBusError error; PolKitContext *pol_ctx; PolKitCaller *caller; PolKitAction *action; - PolKitResource *resource; PolKitError *p_error; PolKitGrant *polkit_grant; int ret; @@ -312,8 +306,6 @@ main (int argc, char *argv[]) const char *opt; static struct option long_options[] = { {"action", 1, NULL, 0}, - {"resource-type", 1, NULL, 0}, - {"resource-id", 1, NULL, 0}, {"version", 0, NULL, 0}, {"help", 0, NULL, 0}, {NULL, 0, NULL, 0} @@ -335,10 +327,6 @@ main (int argc, char *argv[]) is_version = TRUE; } else if (strcmp (opt, "action") == 0) { action_id = strdup (optarg); - } else if (strcmp (opt, "resource-type") == 0) { - resource_type = strdup (optarg); - } else if (strcmp (opt, "resource-id") == 0) { - resource_id = strdup (optarg); } break; @@ -353,7 +341,7 @@ main (int argc, char *argv[]) return 0; } - if (action_id == NULL || resource_type == NULL || resource_id == NULL) { + if (action_id == NULL) { usage (argc, argv); goto error; } @@ -378,10 +366,6 @@ main (int argc, char *argv[]) action = polkit_action_new (); polkit_action_set_action_id (action, action_id); - resource = polkit_resource_new (); - polkit_resource_set_resource_type (resource, resource_type); - polkit_resource_set_resource_id (resource, resource_id); - caller = polkit_caller_new_from_dbus_name (bus, dbus_bus_get_unique_name (bus), &error); if (caller == NULL) { if (dbus_error_is_set (&error)) { @@ -406,9 +390,8 @@ main (int argc, char *argv[]) &ud); if (!polkit_grant_initiate_auth (polkit_grant, - action, - resource, - caller)) { + action, + caller)) { printf ("Failed to initiate privilege grant.\n"); ret = 1; goto error; -- 2.7.4